Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Avira Funde: Somoto.hzis, ATRAPS.Gen, Synatix.isks, InstallCore.Gen7, DownlaodSponsor.Gen - System läuft ansonsten einwandfrei

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 20.04.2015, 18:53   #1
w1zz4rd
 
Avira Funde: Somoto.hzis, ATRAPS.Gen, Synatix.isks, InstallCore.Gen7, DownlaodSponsor.Gen - System läuft ansonsten einwandfrei - Standard

Avira Funde: Somoto.hzis, ATRAPS.Gen, Synatix.isks, InstallCore.Gen7, DownlaodSponsor.Gen - System läuft ansonsten einwandfrei



Hi,

mein Avira AntiVir hat heute Funde gemeldet daraufhin habe ich einen Systemscan mit AntiVir und Malwarebytes durchgeführt. Es wurden 9 Funde bei AntiVir gemeldet, wovon zurzeit 6 in der Quarantäne sitzen. Malwarebytes ohne Funde. Ich habe Dr. Google gefragt und bin so auf euch gestoßen und die Schritte für Hilfesuchende.

Ich habe keine Probleme mit meinem System, alles funktioniert, ich bitte dennoch um eine Einschätzung von euch Profis. Ich habe die 4 Schritte befolgt, GMER hat nicht funktioniert (Error Message ist dabei, ganz unten) und hier sind die Logfiles:

Avira AntiVir logfile:

Code:
ATTFilter
Free Antivirus
Erstellungsdatum der Reportdatei: Monday, April 20, 2015  15:39


Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer   : Avira Antivirus Free
Seriennummer   : 0000149996-AVHOE-0000001
Plattform      : Windows 7 Professional
Windowsversion : (Service Pack 1)  [6.1.7601]
Boot Modus     : Normal gebootet
Benutzername   : SYSTEM
Computername   : JUERGEN

Versionsinformationen:
BUILD.DAT      : 15.0.9.504     94784 Bytes   3/24/2015 14:59:00
AVSCAN.EXE     : 15.0.9.504   1027528 Bytes   3/31/2015 15:35:42
AVSCANRC.DLL   : 15.0.9.460     64760 Bytes   3/23/2015 13:59:03
LUKE.DLL       : 15.0.9.460     60664 Bytes   3/23/2015 13:59:09
AVSCPLR.DLL    : 15.0.9.460     95536 Bytes   3/23/2015 13:59:03
REPAIR.DLL     : 15.0.9.504    374064 Bytes   3/31/2015 15:35:41
REPAIR.RDF     : 1.0.7.30      847037 Bytes   4/20/2015 13:37:10
AVREG.DLL      : 15.0.9.460    273712 Bytes   3/23/2015 13:59:02
AVLODE.DLL     : 15.0.9.504    596272 Bytes   3/31/2015 15:35:41
AVLODE.RDF     : 14.0.4.64      79226 Bytes    4/9/2015 10:37:43
XBV00018.VDF   : 8.11.165.190     2048 Bytes    8/7/2014 09:23:34
XBV00019.VDF   : 8.11.165.190     2048 Bytes    8/7/2014 09:23:34
XBV00020.VDF   : 8.11.165.190     2048 Bytes    8/7/2014 09:23:34
XBV00021.VDF   : 8.11.165.190     2048 Bytes    8/7/2014 09:23:34
XBV00022.VDF   : 8.11.165.190     2048 Bytes    8/7/2014 09:23:34
XBV00023.VDF   : 8.11.165.190     2048 Bytes    8/7/2014 09:23:34
XBV00024.VDF   : 8.11.165.190     2048 Bytes    8/7/2014 09:23:34
XBV00025.VDF   : 8.11.165.190     2048 Bytes    8/7/2014 09:23:34
XBV00026.VDF   : 8.11.165.190     2048 Bytes    8/7/2014 09:23:34
XBV00027.VDF   : 8.11.165.190     2048 Bytes    8/7/2014 09:23:34
XBV00028.VDF   : 8.11.165.190     2048 Bytes    8/7/2014 09:23:34
XBV00029.VDF   : 8.11.165.190     2048 Bytes    8/7/2014 09:23:34
XBV00030.VDF   : 8.11.165.190     2048 Bytes    8/7/2014 09:23:34
XBV00031.VDF   : 8.11.165.190     2048 Bytes    8/7/2014 09:23:34
XBV00032.VDF   : 8.11.165.190     2048 Bytes    8/7/2014 09:23:34
XBV00033.VDF   : 8.11.165.190     2048 Bytes    8/7/2014 09:23:34
XBV00034.VDF   : 8.11.165.190     2048 Bytes    8/7/2014 09:23:34
XBV00035.VDF   : 8.11.165.190     2048 Bytes    8/7/2014 09:23:34
XBV00036.VDF   : 8.11.165.190     2048 Bytes    8/7/2014 09:23:34
XBV00037.VDF   : 8.11.165.190     2048 Bytes    8/7/2014 09:23:34
XBV00038.VDF   : 8.11.165.190     2048 Bytes    8/7/2014 09:23:34
XBV00039.VDF   : 8.11.165.190     2048 Bytes    8/7/2014 09:23:34
XBV00040.VDF   : 8.11.165.190     2048 Bytes    8/7/2014 09:23:34
XBV00041.VDF   : 8.11.165.190     2048 Bytes    8/7/2014 09:23:34
XBV00237.VDF   : 8.11.219.166     2048 Bytes   3/25/2015 19:03:46
XBV00238.VDF   : 8.11.219.166     2048 Bytes   3/25/2015 19:03:46
XBV00239.VDF   : 8.11.219.166     2048 Bytes   3/25/2015 19:03:46
XBV00240.VDF   : 8.11.219.166     2048 Bytes   3/25/2015 19:03:46
XBV00241.VDF   : 8.11.219.166     2048 Bytes   3/25/2015 19:03:46
XBV00242.VDF   : 8.11.219.166     2048 Bytes   3/25/2015 19:03:46
XBV00243.VDF   : 8.11.219.166     2048 Bytes   3/25/2015 19:03:46
XBV00244.VDF   : 8.11.219.166     2048 Bytes   3/25/2015 19:03:46
XBV00245.VDF   : 8.11.219.166     2048 Bytes   3/25/2015 19:03:46
XBV00246.VDF   : 8.11.219.166     2048 Bytes   3/25/2015 19:03:46
XBV00247.VDF   : 8.11.219.166     2048 Bytes   3/25/2015 19:03:47
XBV00248.VDF   : 8.11.219.166     2048 Bytes   3/25/2015 19:03:47
XBV00249.VDF   : 8.11.219.166     2048 Bytes   3/25/2015 19:03:47
XBV00250.VDF   : 8.11.219.166     2048 Bytes   3/25/2015 19:03:47
XBV00251.VDF   : 8.11.219.166     2048 Bytes   3/25/2015 19:03:47
XBV00252.VDF   : 8.11.219.166     2048 Bytes   3/25/2015 19:03:47
XBV00253.VDF   : 8.11.219.166     2048 Bytes   3/25/2015 19:03:47
XBV00254.VDF   : 8.11.219.166     2048 Bytes   3/25/2015 19:03:47
XBV00255.VDF   : 8.11.219.166     2048 Bytes   3/25/2015 19:03:47
XBV00000.VDF   : 7.11.70.0   66736640 Bytes    4/4/2013 09:23:34
XBV00001.VDF   : 7.11.74.226  2201600 Bytes   4/30/2013 09:23:34
XBV00002.VDF   : 7.11.80.60   2751488 Bytes   5/28/2013 09:23:34
XBV00003.VDF   : 7.11.85.214  2162688 Bytes   6/21/2013 09:23:34
XBV00004.VDF   : 7.11.91.176  3903488 Bytes   7/23/2013 09:23:34
XBV00005.VDF   : 7.11.98.186  6822912 Bytes   8/29/2013 09:23:34
XBV00006.VDF   : 7.11.139.38 15708672 Bytes   3/27/2014 09:23:34
XBV00007.VDF   : 7.11.152.100  4193792 Bytes    6/2/2014 09:23:34
XBV00008.VDF   : 8.11.165.192  4251136 Bytes    8/7/2014 09:23:34
XBV00009.VDF   : 8.11.172.30  2094080 Bytes   9/15/2014 09:23:34
XBV00010.VDF   : 8.11.178.32  1581056 Bytes  10/14/2014 09:23:34
XBV00011.VDF   : 8.11.184.50  2178560 Bytes  11/11/2014 09:23:34
XBV00012.VDF   : 8.11.190.32  1876992 Bytes   12/3/2014 17:48:29
XBV00013.VDF   : 8.11.201.28  2973696 Bytes   1/14/2015 11:37:48
XBV00014.VDF   : 8.11.206.252  2695680 Bytes    2/4/2015 16:55:03
XBV00015.VDF   : 8.11.213.84  3175936 Bytes    3/3/2015 08:58:48
XBV00016.VDF   : 8.11.213.176   212480 Bytes    3/5/2015 14:59:07
XBV00017.VDF   : 8.11.219.166  2033664 Bytes   3/25/2015 19:03:40
XBV00042.VDF   : 8.11.219.194    36864 Bytes   3/25/2015 21:03:39
XBV00043.VDF   : 8.11.219.218     7168 Bytes   3/25/2015 21:03:39
XBV00044.VDF   : 8.11.219.242     6144 Bytes   3/25/2015 11:14:22
XBV00045.VDF   : 8.11.219.244     7680 Bytes   3/25/2015 11:14:22
XBV00046.VDF   : 8.11.219.246     5632 Bytes   3/26/2015 11:14:22
XBV00047.VDF   : 8.11.219.250    38400 Bytes   3/26/2015 11:14:22
XBV00048.VDF   : 8.11.219.252    14336 Bytes   3/26/2015 11:14:22
XBV00049.VDF   : 8.11.219.254    18432 Bytes   3/26/2015 11:14:22
XBV00050.VDF   : 8.11.220.0      7680 Bytes   3/26/2015 13:14:22
XBV00051.VDF   : 8.11.220.2     10240 Bytes   3/26/2015 17:14:22
XBV00052.VDF   : 8.11.220.6      2048 Bytes   3/26/2015 17:14:22
XBV00053.VDF   : 8.11.220.8      2560 Bytes   3/26/2015 17:14:22
XBV00054.VDF   : 8.11.220.10    17408 Bytes   3/26/2015 21:14:22
XBV00055.VDF   : 8.11.220.12     2048 Bytes   3/26/2015 21:14:22
XBV00056.VDF   : 8.11.220.16    23040 Bytes   3/26/2015 08:57:00
XBV00057.VDF   : 8.11.220.18     8704 Bytes   3/26/2015 08:57:00
XBV00058.VDF   : 8.11.220.22    30720 Bytes   3/27/2015 08:57:00
XBV00059.VDF   : 8.11.220.24     6144 Bytes   3/27/2015 08:57:00
XBV00060.VDF   : 8.11.220.26     2048 Bytes   3/27/2015 08:57:00
XBV00061.VDF   : 8.11.220.48     9728 Bytes   3/27/2015 08:57:00
XBV00062.VDF   : 8.11.220.68    14848 Bytes   3/27/2015 10:56:59
XBV00063.VDF   : 8.11.220.88    23552 Bytes   3/27/2015 12:57:01
XBV00064.VDF   : 8.11.220.108     9216 Bytes   3/27/2015 14:57:00
XBV00065.VDF   : 8.11.220.110    15360 Bytes   3/27/2015 16:57:00
XBV00066.VDF   : 8.11.220.116    27648 Bytes   3/27/2015 22:57:00
XBV00067.VDF   : 8.11.220.118    10752 Bytes   3/27/2015 11:46:49
XBV00068.VDF   : 8.11.220.120     6144 Bytes   3/27/2015 11:46:49
XBV00069.VDF   : 8.11.220.122    62976 Bytes   3/28/2015 13:46:50
XBV00070.VDF   : 8.11.220.124     2048 Bytes   3/28/2015 13:46:50
XBV00071.VDF   : 8.11.220.126     9728 Bytes   3/28/2015 13:46:50
XBV00072.VDF   : 8.11.220.128    20992 Bytes   3/28/2015 15:46:50
XBV00073.VDF   : 8.11.220.148    54784 Bytes   3/29/2015 15:43:42
XBV00074.VDF   : 8.11.220.176     7680 Bytes   3/29/2015 15:43:42
XBV00075.VDF   : 8.11.220.196    32768 Bytes   3/30/2015 11:27:04
XBV00076.VDF   : 8.11.220.216     2048 Bytes   3/30/2015 11:27:04
XBV00077.VDF   : 8.11.220.236     9728 Bytes   3/30/2015 11:27:04
XBV00078.VDF   : 8.11.220.238    15360 Bytes   3/30/2015 11:27:04
XBV00079.VDF   : 8.11.220.240     9216 Bytes   3/30/2015 11:27:04
XBV00080.VDF   : 8.11.220.242     4608 Bytes   3/30/2015 11:27:04
XBV00081.VDF   : 8.11.220.248    58368 Bytes   3/30/2015 21:27:04
XBV00082.VDF   : 8.11.220.250     2048 Bytes   3/30/2015 21:27:04
XBV00083.VDF   : 8.11.220.252     2048 Bytes   3/30/2015 21:27:04
XBV00084.VDF   : 8.11.220.254    39424 Bytes   3/31/2015 07:35:40
XBV00085.VDF   : 8.11.221.0      2048 Bytes   3/31/2015 07:35:40
XBV00086.VDF   : 8.11.221.6     40960 Bytes   3/31/2015 09:35:38
XBV00087.VDF   : 8.11.221.8      2048 Bytes   3/31/2015 09:35:38
XBV00088.VDF   : 8.11.221.10    16896 Bytes   3/31/2015 09:35:38
XBV00089.VDF   : 8.11.221.30    10240 Bytes   3/31/2015 11:35:38
XBV00090.VDF   : 8.11.221.48    29184 Bytes   3/31/2015 15:35:44
XBV00091.VDF   : 8.11.221.50     2048 Bytes   3/31/2015 15:35:44
XBV00092.VDF   : 8.11.221.70    27648 Bytes   3/31/2015 21:35:39
XBV00093.VDF   : 8.11.221.88     3584 Bytes   3/31/2015 23:35:39
XBV00094.VDF   : 8.11.221.90    32256 Bytes   3/31/2015 23:35:39
XBV00095.VDF   : 8.11.221.94    34816 Bytes    4/1/2015 09:01:50
XBV00096.VDF   : 8.11.221.96     8704 Bytes    4/1/2015 09:01:50
XBV00097.VDF   : 8.11.221.100     8704 Bytes    4/1/2015 09:01:50
XBV00098.VDF   : 8.11.221.102     7680 Bytes    4/1/2015 13:01:49
XBV00099.VDF   : 8.11.221.106    39936 Bytes    4/1/2015 19:01:49
XBV00100.VDF   : 8.11.221.124     8704 Bytes    4/1/2015 19:01:49
XBV00101.VDF   : 8.11.221.142    12288 Bytes    4/1/2015 19:01:49
XBV00102.VDF   : 8.11.221.160     7168 Bytes    4/1/2015 23:01:50
XBV00103.VDF   : 8.11.221.178     7168 Bytes    4/1/2015 23:01:50
XBV00104.VDF   : 8.11.221.196     8192 Bytes    4/1/2015 23:01:50
XBV00105.VDF   : 8.11.221.200    33280 Bytes    4/2/2015 10:06:59
XBV00106.VDF   : 8.11.221.202     2048 Bytes    4/2/2015 10:06:59
XBV00107.VDF   : 8.11.221.204    28160 Bytes    4/2/2015 18:06:59
XBV00108.VDF   : 8.11.221.206     2048 Bytes    4/2/2015 18:06:59
XBV00109.VDF   : 8.11.221.208    33792 Bytes    4/2/2015 18:06:59
XBV00110.VDF   : 8.11.221.210    24576 Bytes    4/2/2015 18:06:59
XBV00111.VDF   : 8.11.221.214    18944 Bytes    4/2/2015 22:06:58
XBV00112.VDF   : 8.11.221.216    11264 Bytes    4/2/2015 11:13:45
XBV00113.VDF   : 8.11.221.220    29696 Bytes    4/3/2015 11:13:45
XBV00114.VDF   : 8.11.221.222     2048 Bytes    4/3/2015 11:13:45
XBV00115.VDF   : 8.11.221.224    31232 Bytes    4/3/2015 13:13:45
XBV00116.VDF   : 8.11.221.242     3584 Bytes    4/3/2015 13:13:45
XBV00117.VDF   : 8.11.222.2     11776 Bytes    4/3/2015 15:13:44
XBV00118.VDF   : 8.11.222.18     7168 Bytes    4/3/2015 17:13:44
XBV00119.VDF   : 8.11.222.34     6656 Bytes    4/3/2015 17:13:44
XBV00120.VDF   : 8.11.222.38    15360 Bytes    4/3/2015 21:13:45
XBV00121.VDF   : 8.11.222.40     5632 Bytes    4/3/2015 23:13:44
XBV00122.VDF   : 8.11.222.42     6144 Bytes    4/3/2015 23:13:44
XBV00123.VDF   : 8.11.222.44    46592 Bytes    4/4/2015 11:46:41
XBV00124.VDF   : 8.11.222.46     2048 Bytes    4/4/2015 11:46:41
XBV00125.VDF   : 8.11.222.48     2048 Bytes    4/4/2015 11:46:41
XBV00126.VDF   : 8.11.222.50    36864 Bytes    4/4/2015 15:46:41
XBV00127.VDF   : 8.11.222.52     2048 Bytes    4/4/2015 15:46:41
XBV00128.VDF   : 8.11.222.68    68096 Bytes    4/5/2015 10:38:42
XBV00129.VDF   : 8.11.222.84     2048 Bytes    4/5/2015 10:38:42
XBV00130.VDF   : 8.11.222.116    18432 Bytes    4/5/2015 18:18:46
XBV00131.VDF   : 8.11.222.132    62464 Bytes    4/6/2015 10:57:33
XBV00132.VDF   : 8.11.222.134    10752 Bytes    4/6/2015 10:57:33
XBV00133.VDF   : 8.11.222.138     2048 Bytes    4/6/2015 10:57:33
XBV00134.VDF   : 8.11.222.154    13312 Bytes    4/6/2015 10:57:33
XBV00135.VDF   : 8.11.222.156     8704 Bytes    4/6/2015 12:57:32
XBV00136.VDF   : 8.11.222.158     9216 Bytes    4/6/2015 14:57:33
XBV00137.VDF   : 8.11.222.160     2048 Bytes    4/6/2015 14:57:33
XBV00138.VDF   : 8.11.222.164    18432 Bytes    4/6/2015 18:57:33
XBV00139.VDF   : 8.11.222.166    10752 Bytes    4/6/2015 22:57:33
XBV00140.VDF   : 8.11.222.182     7168 Bytes    4/6/2015 22:57:33
XBV00141.VDF   : 8.11.222.196     8704 Bytes    4/7/2015 15:07:43
XBV00142.VDF   : 8.11.222.212    29696 Bytes    4/7/2015 15:07:43
XBV00143.VDF   : 8.11.222.226     6656 Bytes    4/7/2015 15:07:43
XBV00144.VDF   : 8.11.222.228    10752 Bytes    4/7/2015 15:07:44
XBV00145.VDF   : 8.11.222.230     4096 Bytes    4/7/2015 15:07:44
XBV00146.VDF   : 8.11.222.232     5120 Bytes    4/7/2015 15:07:44
XBV00147.VDF   : 8.11.222.234     5632 Bytes    4/7/2015 15:07:44
XBV00148.VDF   : 8.11.222.240    34816 Bytes    4/7/2015 21:42:34
XBV00149.VDF   : 8.11.222.242     2048 Bytes    4/7/2015 21:42:34
XBV00150.VDF   : 8.11.222.244     3584 Bytes    4/7/2015 23:42:35
XBV00151.VDF   : 8.11.222.246    24576 Bytes    4/7/2015 23:42:35
XBV00152.VDF   : 8.11.222.250    37888 Bytes    4/8/2015 10:43:21
XBV00153.VDF   : 8.11.223.8     12800 Bytes    4/8/2015 10:43:21
XBV00154.VDF   : 8.11.223.22     2048 Bytes    4/8/2015 10:43:21
XBV00155.VDF   : 8.11.223.36    10752 Bytes    4/8/2015 10:43:21
XBV00156.VDF   : 8.11.223.52    35328 Bytes    4/8/2015 18:43:22
XBV00157.VDF   : 8.11.223.66     7168 Bytes    4/8/2015 20:43:22
XBV00158.VDF   : 8.11.223.68     2048 Bytes    4/8/2015 20:43:22
XBV00159.VDF   : 8.11.223.72    15360 Bytes    4/8/2015 22:43:22
XBV00160.VDF   : 8.11.223.74     7168 Bytes    4/9/2015 00:43:21
XBV00161.VDF   : 8.11.223.78    38400 Bytes    4/9/2015 10:37:43
XBV00162.VDF   : 8.11.223.80     2048 Bytes    4/9/2015 10:37:43
XBV00163.VDF   : 8.11.223.82    35328 Bytes    4/9/2015 12:37:43
XBV00164.VDF   : 8.11.223.90    80896 Bytes    4/9/2015 22:37:43
XBV00165.VDF   : 8.11.223.92     2048 Bytes    4/9/2015 22:37:43
XBV00166.VDF   : 8.11.223.94    30208 Bytes    4/9/2015 14:05:27
XBV00167.VDF   : 8.11.223.108    30208 Bytes   4/10/2015 14:05:27
XBV00168.VDF   : 8.11.223.120    35840 Bytes   4/10/2015 14:05:27
XBV00169.VDF   : 8.11.223.124     3072 Bytes   4/10/2015 14:05:27
XBV00170.VDF   : 8.11.223.136    20480 Bytes   4/10/2015 16:05:26
XBV00171.VDF   : 8.11.223.148    14848 Bytes   4/10/2015 18:05:26
XBV00172.VDF   : 8.11.223.150     2048 Bytes   4/10/2015 18:05:26
XBV00173.VDF   : 8.11.223.154    23552 Bytes   4/10/2015 11:43:25
XBV00174.VDF   : 8.11.223.156     8192 Bytes   4/10/2015 11:43:25
XBV00175.VDF   : 8.11.223.158     7680 Bytes   4/11/2015 11:43:25
XBV00176.VDF   : 8.11.223.162    49152 Bytes   4/11/2015 11:43:25
XBV00177.VDF   : 8.11.223.164     2048 Bytes   4/11/2015 11:43:25
XBV00178.VDF   : 8.11.223.176    18944 Bytes   4/11/2015 15:43:25
XBV00179.VDF   : 8.11.223.192    68096 Bytes   4/12/2015 11:43:12
XBV00180.VDF   : 8.11.223.194     2048 Bytes   4/12/2015 11:43:12
XBV00181.VDF   : 8.11.223.196     2048 Bytes   4/12/2015 11:43:12
XBV00182.VDF   : 8.11.223.208    13312 Bytes   4/12/2015 16:52:45
XBV00183.VDF   : 8.11.223.210     6144 Bytes   4/12/2015 16:52:45
XBV00184.VDF   : 8.11.223.222    75776 Bytes   4/13/2015 12:48:57
XBV00185.VDF   : 8.11.223.224     2048 Bytes   4/13/2015 12:48:57
XBV00186.VDF   : 8.11.223.236    27648 Bytes   4/13/2015 14:48:57
XBV00187.VDF   : 8.11.223.246     2048 Bytes   4/13/2015 14:48:57
XBV00188.VDF   : 8.11.224.2      9728 Bytes   4/13/2015 10:13:43
XBV00189.VDF   : 8.11.224.12    33792 Bytes   4/13/2015 10:13:43
XBV00190.VDF   : 8.11.224.22    40448 Bytes   4/14/2015 10:13:43
XBV00191.VDF   : 8.11.224.28    26112 Bytes   4/14/2015 12:13:43
XBV00192.VDF   : 8.11.224.32    49152 Bytes   4/14/2015 18:13:43
XBV00193.VDF   : 8.11.224.34    12288 Bytes   4/14/2015 22:13:44
XBV00194.VDF   : 8.11.224.36     8704 Bytes   4/14/2015 22:13:44
XBV00195.VDF   : 8.11.224.46     6656 Bytes   4/14/2015 08:41:04
XBV00196.VDF   : 8.11.224.48     2048 Bytes   4/14/2015 08:41:04
XBV00197.VDF   : 8.11.224.58    12288 Bytes   4/15/2015 08:41:04
XBV00198.VDF   : 8.11.224.68     5632 Bytes   4/15/2015 08:41:05
XBV00199.VDF   : 8.11.224.72    29184 Bytes   4/15/2015 08:41:05
XBV00200.VDF   : 8.11.224.82    17920 Bytes   4/15/2015 10:41:04
XBV00201.VDF   : 8.11.224.84    29184 Bytes   4/15/2015 12:41:04
XBV00202.VDF   : 8.11.224.90    29184 Bytes   4/15/2015 16:42:08
XBV00203.VDF   : 8.11.224.92    18432 Bytes   4/15/2015 18:42:08
XBV00204.VDF   : 8.11.224.102    13824 Bytes   4/15/2015 20:42:08
XBV00205.VDF   : 8.11.224.112    18944 Bytes   4/15/2015 22:42:08
XBV00206.VDF   : 8.11.224.120     6144 Bytes   4/15/2015 22:42:08
XBV00207.VDF   : 8.11.224.130    38400 Bytes   4/16/2015 11:52:29
XBV00208.VDF   : 8.11.224.132    43520 Bytes   4/16/2015 11:52:29
XBV00209.VDF   : 8.11.224.136    37888 Bytes   4/16/2015 19:52:30
XBV00210.VDF   : 8.11.224.138     2048 Bytes   4/16/2015 19:52:30
XBV00211.VDF   : 8.11.224.140     2048 Bytes   4/16/2015 19:52:30
XBV00212.VDF   : 8.11.224.144    13824 Bytes   4/16/2015 23:52:30
XBV00213.VDF   : 8.11.224.148    41984 Bytes   4/17/2015 07:16:41
XBV00214.VDF   : 8.11.224.150    28160 Bytes   4/17/2015 17:18:51
XBV00215.VDF   : 8.11.224.152     2560 Bytes   4/17/2015 17:18:51
XBV00216.VDF   : 8.11.224.160    32768 Bytes   4/17/2015 17:18:51
XBV00217.VDF   : 8.11.224.178    17408 Bytes   4/17/2015 23:18:52
XBV00218.VDF   : 8.11.224.186     2048 Bytes   4/17/2015 23:18:52
XBV00219.VDF   : 8.11.224.194    13312 Bytes   4/17/2015 23:18:52
XBV00220.VDF   : 8.11.224.204    51712 Bytes   4/18/2015 11:00:52
XBV00221.VDF   : 8.11.224.206     2560 Bytes   4/18/2015 11:00:52
XBV00222.VDF   : 8.11.224.208    12800 Bytes   4/18/2015 11:00:52
XBV00223.VDF   : 8.11.224.210     2048 Bytes   4/18/2015 11:00:52
XBV00224.VDF   : 8.11.224.212    11264 Bytes   4/18/2015 15:00:52
XBV00225.VDF   : 8.11.224.214     2048 Bytes   4/18/2015 15:00:52
XBV00226.VDF   : 8.11.224.216    69120 Bytes   4/19/2015 07:36:24
XBV00227.VDF   : 8.11.224.218     8704 Bytes   4/19/2015 10:40:16
XBV00228.VDF   : 8.11.224.226     2048 Bytes   4/19/2015 10:40:16
XBV00229.VDF   : 8.11.224.234     2048 Bytes   4/19/2015 18:40:15
XBV00230.VDF   : 8.11.224.240    38400 Bytes   4/19/2015 20:40:17
XBV00231.VDF   : 8.11.224.246    39424 Bytes   4/20/2015 09:48:45
XBV00232.VDF   : 8.11.224.248     2048 Bytes   4/20/2015 09:48:45
XBV00233.VDF   : 8.11.224.250    10752 Bytes   4/20/2015 09:48:45
XBV00234.VDF   : 8.11.224.252     6144 Bytes   4/20/2015 09:48:45
XBV00235.VDF   : 8.11.224.254     5120 Bytes   4/20/2015 09:48:45
XBV00236.VDF   : 8.11.225.0     15872 Bytes   4/20/2015 11:48:45
LOCAL000.VDF   : 8.11.225.0  127981568 Bytes   4/20/2015 11:48:53
Engineversion  : 8.3.30.22 
AEVDF.DLL      : 8.3.1.6       133992 Bytes  11/24/2014 09:23:20
AESCRIPT.DLL   : 8.2.2.62      567208 Bytes   4/16/2015 13:52:30
AESCN.DLL      : 8.3.2.2       139456 Bytes  11/24/2014 09:23:20
AESBX.DLL      : 8.2.20.34    1615784 Bytes    3/4/2015 14:58:48
AERDL.DLL      : 8.2.1.20      731040 Bytes   2/11/2015 16:21:23
AEPACK.DLL     : 8.4.0.62      793456 Bytes   2/21/2015 11:07:30
AEOFFICE.DLL   : 8.3.1.20      358312 Bytes   4/20/2015 11:48:45
AEMOBILE.DLL   : 8.1.7.0       281456 Bytes   3/10/2015 15:01:55
AEHEUR.DLL     : 8.1.4.1642   8301688 Bytes   4/16/2015 13:52:30
AEHELP.DLL     : 8.3.2.0       281456 Bytes   3/19/2015 15:17:27
AEGEN.DLL      : 8.1.7.40      456608 Bytes  12/19/2014 17:48:26
AEEXP.DLL      : 8.4.2.82      260968 Bytes   4/10/2015 14:05:26
AEEMU.DLL      : 8.1.3.4       399264 Bytes  11/24/2014 09:23:20
AEDROID.DLL    : 8.4.3.116    1050536 Bytes   3/10/2015 15:01:55
AECORE.DLL     : 8.3.4.0       243624 Bytes  12/19/2014 17:48:26
AEBB.DLL       : 8.1.2.0        60448 Bytes  11/24/2014 09:23:20
AVWINLL.DLL    : 15.0.9.460     26872 Bytes   3/23/2015 13:59:01
AVPREF.DLL     : 15.0.9.460     52984 Bytes   3/23/2015 13:59:02
AVREP.DLL      : 15.0.9.460    220464 Bytes   3/23/2015 13:59:02
AVARKT.DLL     : 15.0.9.460    228088 Bytes   3/23/2015 13:59:01
AVEVTLOG.DLL   : 15.0.9.460    193328 Bytes   3/23/2015 13:59:01
SQLITE3.DLL    : 15.0.9.460    455472 Bytes   3/23/2015 13:59:10
AVSMTP.DLL     : 15.0.9.460     79096 Bytes   3/23/2015 13:59:03
NETNT.DLL      : 15.0.9.460     15152 Bytes   3/23/2015 13:59:09
CommonImageRc.dll: 15.0.9.460   4355376 Bytes   3/23/2015 13:59:01
CommonTextRc.DLL: 15.0.9.476     70960 Bytes   3/23/2015 13:59:01

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\Program Files (x86)\Avira\AntiVir Desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: Reparieren
Sekundäre Aktion......................: Ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:, S:, W:, 
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: ein
Prüfe alle Dateien....................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert

Beginn des Suchlaufs: Monday, April 20, 2015  15:39

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'HDD0(C:, D:)'
    [INFO]      Es wurde kein Virus gefunden!
Bootsektor 'HDD2(S:)'
    [INFO]      Es wurde kein Virus gefunden!
Bootsektor 'HDD1(W:)'
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf nach versteckten Objekten wird begonnen.
Fehler in der ARK Library

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'svchost.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'atiesrxx.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '104' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '110' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '88' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '159' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '75' Modul(e) wurden durchsucht
Durchsuche Prozess 'atieclxx.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '90' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '77' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '72' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '215' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '69' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'EzUpdt.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'AISuite3.exe' - '89' Modul(e) wurden durchsucht
Durchsuche Prozess 'DipAwayMode.exe' - '57' Modul(e) wurden durchsucht
Durchsuche Prozess 'PushNotifyServer.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'AddonsHelper.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'AdobeUpdateService.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '147' Modul(e) wurden durchsucht
Durchsuche Prozess 'atkexComSvc.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'RtkNGUI64.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'SetPoint.exe' - '89' Modul(e) wurden durchsucht
Durchsuche Prozess 'LCore.exe' - '82' Modul(e) wurden durchsucht
Durchsuche Prozess 'aaHMSvc.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'AsSysCtrlService.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'AsusFanControlService.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'iusb3mon.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '111' Modul(e) wurden durchsucht
Durchsuche Prozess 'mDNSResponder.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'MOM.exe' - '93' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'NvNetworkService.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvstreamsvc.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'KHALMNPR.EXE' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'RosettaStoneDaemon.exe' - '50' Modul(e) wurden durchsucht
Durchsuche Prozess 'CCC.exe' - '249' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'TeamViewer_Service.exe' - '74' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSVC.EXE' - '76' Modul(e) wurden durchsucht
Durchsuche Prozess 'Avira.OE.ServiceHost.exe' - '132' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSvcM.exe' - '17' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '78' Modul(e) wurden durchsucht
Durchsuche Prozess 'U3BoostSvr64.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'Avira.OE.Systray.exe' - '147' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvstreamsvc.exe' - '74' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '64' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvstreamsvc.exe' - '68' Modul(e) wurden durchsucht
Durchsuche Prozess 'conhost.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'conhost.exe' - '20' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'NvBackend.exe' - '72' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '72' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnetwk.exe' - '119' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'PushNoticeMonitor.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'PushNotify_PCCtrl.exe' - '50' Modul(e) wurden durchsucht
Durchsuche Prozess 'ICCProxy.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '154' Modul(e) wurden durchsucht
Durchsuche Prozess 'Samsung Magician.exe' - '94' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '73' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'ASUSMiniBar.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'DllHost.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'OUTLOOK.EXE' - '197' Modul(e) wurden durchsucht
Durchsuche Prozess 'OSPPSVC.EXE' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'PresentationFontCache.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '50' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'TrustedInstaller.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '136' Modul(e) wurden durchsucht
Durchsuche Prozess 'vssvc.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchProtocolHost.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchFilterHost.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '118' Modul(e) wurden durchsucht
Durchsuche Prozess 'DllHost.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '70' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '32' Modul(e) wurden durchsucht

Untersuchung der Systemdateien wird begonnen:
Signiert -> 'C:\Windows\system32\svchost.exe'
Signiert -> 'C:\Windows\system32\winlogon.exe'
Signiert -> 'C:\Windows\explorer.exe'
Signiert -> 'C:\Windows\system32\smss.exe'
Signiert -> 'C:\Windows\system32\wininet.DLL'
Signiert -> 'C:\Windows\system32\wsock32.DLL'
Signiert -> 'C:\Windows\system32\ws2_32.DLL'
Signiert -> 'C:\Windows\system32\services.exe'
Signiert -> 'C:\Windows\system32\lsass.exe'
Signiert -> 'C:\Windows\system32\csrss.exe'
Signiert -> 'C:\Windows\system32\drivers\kbdclass.sys'
Signiert -> 'C:\Windows\system32\spoolsv.exe'
Signiert -> 'C:\Windows\system32\alg.exe'
Signiert -> 'C:\Windows\system32\wuauclt.exe'
Signiert -> 'C:\Windows\system32\advapi32.DLL'
Signiert -> 'C:\Windows\system32\user32.DLL'
Signiert -> 'C:\Windows\system32\gdi32.DLL'
Signiert -> 'C:\Windows\system32\kernel32.DLL'
Signiert -> 'C:\Windows\system32\ntdll.DLL'
Signiert -> 'C:\Windows\system32\ntoskrnl.exe'
Signiert -> 'C:\Windows\system32\drivers\beep.sys'
Signiert -> 'C:\Windows\system32\ctfmon.exe'
Signiert -> 'C:\Windows\system32\imm32.dll'
Signiert -> 'C:\Windows\system32\dsound.dll'
Signiert -> 'C:\Windows\system32\aclui.dll'
Signiert -> 'C:\Windows\system32\msvcrt.dll'
Signiert -> 'C:\Windows\system32\d3d9.dll'
Signiert -> 'C:\Windows\system32\dnsapi.dll'
Signiert -> 'C:\Windows\system32\mshtml.dll'
Signiert -> 'C:\Windows\system32\regsvr32.exe'
Signiert -> 'C:\Windows\system32\rundll32.exe'
Signiert -> 'C:\Windows\system32\userinit.exe'
Signiert -> 'C:\Windows\system32\reg.exe'
Signiert -> 'C:\Windows\regedit.exe'
Die Systemdateien wurden durchsucht ('34' Dateien)

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '3199' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\'
C:\AdwCleaner\Quarantine\C\Users\JRGEN~1\AppData\Local\Temp\Security Systems\Setup.exe.vir
  [FUND]      Enthält Erkennungsmuster der Adware ADWARE/Synatix.isks
  [HINWEIS]   Eine Sicherungskopie wurde unter dem Namen 53ab8ace.qua erstellt ( QUARANTÄNE )
  [WARNUNG]   Die Datei wurde ignoriert.
    [0] Archivtyp: RSRC
    --> C:\AdwCleaner\Quarantine\C\Users\Jürgen\AppData\Roaming\Security Systems\uninstall.exe.vir
        [1] Archivtyp: ZIP SFX (self extracting)
      --> Setup.exe
          [FUND]      Enthält Erkennungsmuster der Adware ADWARE/Synatix.isks
          [WARNUNG]   Infizierte Dateien in Archiven können nicht repariert werden
C:\AdwCleaner\Quarantine\C\Users\Jürgen\AppData\Roaming\Security Systems\uninstall.exe.vir
  [FUND]      Enthält Erkennungsmuster der Adware ADWARE/Synatix.isks
  [HINWEIS]   Eine Sicherungskopie wurde unter dem Namen 4b0ba65d.qua erstellt ( QUARANTÄNE )
  [WARNUNG]   Die Datei wurde ignoriert.
C:\AdwCleaner\Quarantine\C\Users\Jürgen\AppData\Roaming\Security Systems\data\ucheck.exe.vir
  [FUND]      Ist das Trojanische Pferd TR/ATRAPS.Gen
  [HINWEIS]   Eine Sicherungskopie wurde unter dem Namen 1957ff82.qua erstellt ( QUARANTÄNE )
  [WARNUNG]   Die Datei wurde ignoriert.
    --> C:\Program Files (x86)\GoPro\Tools\Drivers\WiFiBacPac\amd64\winusbcoinstaller2.dll
        [1] Archivtyp: RSRC
      --> C:\Program Files (x86)\GoPro\Tools\Drivers\WiFiBacPac\x86\winusbcoinstaller2.dll
          [2] Archivtyp: RSRC
        --> C:\Users\Jürgen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\222YA7JR\JDownloader2Setup[1].exe
            [3] Archivtyp: Inno Setup
          --> Object
              [FUND]      Enthält Muster der Software PUA/InstallCore.Gen7
              [WARNUNG]   Infizierte Dateien in Archiven können nicht repariert werden
C:\Users\Jürgen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\222YA7JR\JDownloader2Setup[1].exe
  [FUND]      Enthält Muster der Software PUA/InstallCore.Gen7
  [HINWEIS]   Eine Sicherungskopie wurde unter dem Namen 7f59b7cb.qua erstellt ( QUARANTÄNE )
  [WARNUNG]   Die Datei wurde ignoriert.
C:\Users\Jürgen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G593FD0G\setup[1].exe
  [FUND]      Enthält Muster der Software PUA/Somoto.hzis
  [HINWEIS]   Eine Sicherungskopie wurde unter dem Namen 3ad09ad3.qua erstellt ( QUARANTÄNE )
  [WARNUNG]   Die Datei wurde ignoriert.
Beginne mit der Suche in 'D:\' <Spiele>
Beginne mit der Suche in 'S:\' <Seagate>
Beginne mit der Suche in 'W:\' <Western>
W:\Downloads\Programme\TeamViewer - CHIP-Installer.exe
  [FUND]      Enthält Muster der Software PUA/DownloadSponsor.Gen
  [HINWEIS]   Eine Sicherungskopie wurde unter dem Namen 45f4b39f.qua erstellt ( QUARANTÄNE )
  [WARNUNG]   Die Datei wurde ignoriert.
W:\Images\Crysis 3\Crysis.3.Update.v1.3.INTERNAL-RELOADED\Crack\AEyrC.dll
  [FUND]      Ist das Trojanische Pferd TR/Obfuscate.XZ.6630
  [HINWEIS]   Eine Sicherungskopie wurde unter dem Namen 09748223.qua erstellt ( QUARANTÄNE )
  [WARNUNG]   Die Datei wurde ignoriert.


Ende des Suchlaufs: Monday, April 20, 2015  16:34
Benötigte Zeit: 55:25 Minute(n)

Der Suchlauf wurde vollständig durchgeführt.

  66749 Verzeichnisse wurden überprüft
 1619900 Dateien wurden geprüft
      9 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      0 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      7 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      0 Dateien konnten nicht durchsucht werden
 1619891 Dateien ohne Befall
  13848 Archive wurden durchsucht
      9 Warnungen
      7 Hinweise
   1666 Objekte wurden beim Rootkitscan durchsucht
      0 Versteckte Objekte wurden gefunden
         
Avira AntiVir Funde:

Code:
ATTFilter

Typ:	Datei
Quelle:	W:\Downloads\Programme\TeamViewer - CHIP-Installer.exe
Status:	Infiziert
Quarantäne-Objekt:	45f4b39f.qua
Wiederhergestellt:	NEIN
Zu Avira hochgeladen:	NEIN
Betriebssystem:	Windows XP/VISTA Workstation/Windows 7
Suchengine:	8.03.30.22
Virendefinitionsdatei:	8.11.225.00
Gefunden:	PUA/DownloadSponsor.Gen
Datum/Uhrzeit:	20.04.2015, 16:14


Typ:	Datei
Quelle:	C:\Users\Jürgen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G593FD0G\setup[1].exe
Status:	Infiziert
Quarantäne-Objekt:	3ad09ad3.qua
Wiederhergestellt:	NEIN
Zu Avira hochgeladen:	NEIN
Betriebssystem:	Windows XP/VISTA Workstation/Windows 7
Suchengine:	8.03.30.22
Virendefinitionsdatei:	8.11.225.00
Gefunden:	PUA/Somoto.hzis
Datum/Uhrzeit:	20.04.2015, 15:55


Typ:	Datei
Quelle:	C:\Users\Jürgen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\222YA7JR\JDownloader2Setup[1].exe
Status:	Infiziert
Quarantäne-Objekt:	7f59b7cb.qua
Wiederhergestellt:	NEIN
Zu Avira hochgeladen:	NEIN
Betriebssystem:	Windows XP/VISTA Workstation/Windows 7
Suchengine:	8.03.30.22
Virendefinitionsdatei:	8.11.225.00
Gefunden:	PUA/InstallCore.Gen7
Datum/Uhrzeit:	20.04.2015, 15:55


Typ:	Datei
Quelle:	C:\AdwCleaner\Quarantine\C\Users\Jürgen\AppData\Roaming\Security Systems\data\ucheck.exe.vir
Status:	Infiziert
Quarantäne-Objekt:	1957ff82.qua
Wiederhergestellt:	NEIN
Zu Avira hochgeladen:	NEIN
Betriebssystem:	Windows XP/VISTA Workstation/Windows 7
Suchengine:	8.03.30.22
Virendefinitionsdatei:	8.11.225.00
Gefunden:	TR/ATRAPS.Gen
Datum/Uhrzeit:	20.04.2015, 15:39


Typ:	Datei
Quelle:	C:\AdwCleaner\Quarantine\C\Users\Jürgen\AppData\Roaming\Security Systems\uninstall.exe.vir
Status:	Infiziert
Quarantäne-Objekt:	4b0ba65d.qua
Wiederhergestellt:	NEIN
Zu Avira hochgeladen:	NEIN
Betriebssystem:	Windows XP/VISTA Workstation/Windows 7
Suchengine:	8.03.30.22
Virendefinitionsdatei:	8.11.225.00
Gefunden:	ADWARE/Synatix.isks
Datum/Uhrzeit:	20.04.2015, 15:39


Typ:	Datei
Quelle:	C:\AdwCleaner\Quarantine\C\Users\JRGEN~1\AppData\Local\Temp\Security Systems\Setup.exe.vir
Status:	Infiziert
Quarantäne-Objekt:	53ab8ace.qua
Wiederhergestellt:	NEIN
Zu Avira hochgeladen:	NEIN
Betriebssystem:	Windows XP/VISTA Workstation/Windows 7
Suchengine:	8.03.30.22
Virendefinitionsdatei:	8.11.225.00
Gefunden:	ADWARE/Synatix.isks
Datum/Uhrzeit:	20.04.2015, 15:39
         
Malwarebytes Anti-Malware Logfile:

Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Scan Date: 20.04.2015
Scan Time: 18:17:48
Logfile: Malwarebytes_log.txt
Administrator: Yes

Version: 2.01.6.1022
Malware Database: v2015.04.20.03
Rootkit Database: v2015.03.31.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Jürgen

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 394401
Time Elapsed: 5 min, 53 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)
         

FRST.txt:

Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-04-2015 01
Ran by Jürgen (administrator) on JUERGEN on 20-04-2015 18:01:41
Running from W:\Trojaner
Loaded Profiles: Jürgen (Available profiles: Jürgen)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
() C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzUpdt.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe
() C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNotifyServer.exe
() C:\Users\Jürgen\AppData\Local\Temp\OCS\Downloads\fc14996dfa99adfc7baae624196888c5\3356edf7a88e475d88eac25e50bcafe7\AddonsHelper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ElevationManager\AdobeUpdateService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
() C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe
() C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.06.13\AsusFanControlService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Rosetta Stone Ltd.) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\USB 3.0 Boost\U3BoostSvr64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
() C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNoticeMonitor.exe
() C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNotify_PCCtrl.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Samsung Electronics.) C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\ASUS\AI Suite III\AsusMiniBar.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
(The Eraser Project) C:\Program Files\Eraser\Eraser.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() W:\Trojaner\Defogger.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7640944 2014-09-29] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2014-09-19] (Adobe Systems Incorporated)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [13318424 2015-02-26] (Logitech Inc.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-02-21] (Intel Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [726320 2015-03-31] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-590260112-762417108-2990454751-1000\...\MountPoints2: E - E:\setup.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GoPro Importer.lnk [2015-03-26]
ShortcutTarget: GoPro Importer.lnk -> C:\Program Files (x86)\GoPro\Tools\Importer\GoPro Importer.exe (GoPro)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-12-19] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-12-19] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-12-19] ()
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jürgen\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jürgen\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jürgen\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jürgen\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jürgen\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jürgen\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jürgen\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jürgen\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jürgen\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jürgen\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jürgen\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jürgen\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jürgen\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jürgen\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jürgen\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jürgen\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-590260112-762417108-2990454751-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.firetab.org/?type=ds3nt
HKU\S-1-5-21-590260112-762417108-2990454751-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
SearchScopes: HKLM-x32 -> DefaultScope {721061fb-eb79-4568-a03c-3ce26d68dae9} URL = hxxp://www.firetab.org/?type=ds3se&p={searchTerms}
SearchScopes: HKLM-x32 -> {721061fb-eb79-4568-a03c-3ce26d68dae9} URL = hxxp://www.firetab.org/?type=ds3se&p={searchTerms}
SearchScopes: HKU\S-1-5-21-590260112-762417108-2990454751-1000 -> DefaultScope {721061fb-eb79-4568-a03c-3ce26d68dae9} URL = hxxp://www.firetab.org/?type=ds3se&p={searchTerms}
SearchScopes: HKU\S-1-5-21-590260112-762417108-2990454751-1000 -> {721061fb-eb79-4568-a03c-3ce26d68dae9} URL = hxxp://www.firetab.org/?type=ds3se&p={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll [2014-10-15] (DVDVideoSoft Ltd.)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22] (Hewlett-Packard Co.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: DNS Error Helper -> {9B6B03F1-16CF-4491-BBBB-E872802DD717} -> C:\ProgramData\DNSErrorHelper\bho.dll [2014-10-31] ()
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll [2014-10-16] (DVDVideoSoft Ltd.)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22] (Hewlett-Packard Co.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\vzpxdbe4.default
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-01-07] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-01-07] (Adobe Systems)
FF SearchPlugin: C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\vzpxdbe4.default\searchplugins\4c626cda-b015-4ea7-8185-fbdcf38c7362.xml [2014-10-31]
FF Extension: Segurança do navegador Avira - C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\vzpxdbe4.default\Extensions\abs@avira.com [2015-04-05]
FF Extension: No Name - C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\vzpxdbe4.default\Extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900} [2014-10-25]
FF Extension: Adblock Plus - C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\vzpxdbe4.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-10-17]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2015-03-15]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-10-21]
FF HKLM-x32\...\Firefox\Extensions: [dnshelp@dnshelp.com] - C:\Users\Jürgen\AppData\Roaming\Helper
FF Extension: Helper - C:\Users\Jürgen\AppData\Roaming\Helper [2014-10-31]
FF HKU\S-1-5-21-590260112-762417108-2990454751-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKU\S-1-5-21-590260112-762417108-2990454751-1000\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: No Name - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-10-25]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]

Chrome: 
=======
CHR Profile: C:\Users\Jürgen\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (ProxFlow) - C:\Users\Jürgen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek [2015-04-13]
CHR Extension: (Google Slides) - C:\Users\Jürgen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-22]
CHR Extension: (Google Docs) - C:\Users\Jürgen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-22]
CHR Extension: (Google Drive) - C:\Users\Jürgen\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-22]
CHR Extension: (YouTube) - C:\Users\Jürgen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-22]
CHR Extension: (Adblock Plus) - C:\Users\Jürgen\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-02-16]
CHR Extension: (Google Search) - C:\Users\Jürgen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-22]
CHR Extension: (Google Sheets) - C:\Users\Jürgen\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-22]
CHR Extension: (Avira Browser Safety) - C:\Users\Jürgen\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-01-22]
CHR Extension: (Bookmark Manager) - C:\Users\Jürgen\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-16]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Jürgen\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Google Wallet) - C:\Users\Jürgen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-22]
CHR Extension: (Amazon) - C:\Users\Jürgen\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocbnpbkmjpgbdcgiflkgkpnkinifpgpj [2015-01-26]
CHR Extension: (Gmail) - C:\Users\Jürgen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-22]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ocbnpbkmjpgbdcgiflkgkpnkinifpgpj] - C:\Users\Jürgen\ChromeExtensions\ocbnpbkmjpgbdcgiflkgkpnkinifpgpj\amazon-icon-2.crx [2014-10-18]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AddonsHelper; C:\Users\Jürgen\AppData\Local\Temp\OCS\Downloads\fc14996dfa99adfc7baae624196888c5\3356edf7a88e475d88eac25e50bcafe7\AddonsHelper.exe [896512 2014-10-31] () [File not signed]
R2 AdobeUpdateService; C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ElevationManager\AdobeUpdateService.exe [710320 2015-01-07] (Adobe Systems Incorporated)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [815920 2015-03-23] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-03-23] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-03-23] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1004280 2015-03-31] (Avira Operations GmbH & Co. KG)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [936728 2014-01-28] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe [954648 2014-01-28] (ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe [1360016 2014-04-24] ()
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.06.13\AsusFanControlService.exe [384000 2014-08-04] (ASUSTeK Computer Inc.) [File not signed]
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5426448 2014-12-15] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2014-01-28] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2014-02-24] ()
R3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-20] (MCCI Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-02-12] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-02-12] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-02-12] (Avira Operations GmbH & Co. KG)
S3 CM_VENDER_CMD; C:\Program Files\Common Files\Logitech\G430Install\CMVC64.sys [17104 2014-07-31] (Windows (R) Win 7 DDK provider)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-10-18] (Disc Soft Ltd)
R4 IOMap; C:\Windows\system32\drivers\IOMap64.sys [24824 2014-08-04] (ASUSTeK Computer Inc.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52592 2014-10-16] (Cisco Systems, Inc.)
S3 cpuz134; \??\C:\Users\JRGEN~1\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-20 18:01 - 2015-04-20 18:01 - 00000000 ____D () C:\FRST
2015-04-20 17:59 - 2015-04-20 17:59 - 02098176 _____ (Farbar) C:\Users\Jürgen\Downloads\FRST64.exe
2015-04-20 17:58 - 2015-04-20 17:58 - 00000168 _____ () C:\Users\Jürgen\defogger_reenable
2015-04-20 15:59 - 2015-04-20 15:59 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-04-20 15:59 - 2015-04-20 15:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-04-20 15:59 - 2015-04-20 15:59 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-04-20 15:59 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-20 15:59 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-20 15:59 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-20 15:58 - 2015-04-20 15:58 - 01203488 _____ () C:\Users\Jürgen\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe
2015-04-20 15:33 - 2015-04-20 15:33 - 00001169 _____ () C:\Users\Jürgen\Desktop\Auslogics DiskDefrag.lnk
2015-04-20 15:33 - 2015-04-20 15:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
2015-04-20 15:33 - 2015-04-20 15:33 - 00000000 ____D () C:\Program Files (x86)\Auslogics
2015-04-20 15:32 - 2015-04-20 15:32 - 07213472 _____ (Auslogics Labs Pty Ltd ) C:\Users\Jürgen\Downloads\disk-defrag-setup.exe
2015-04-20 02:36 - 2015-04-20 02:36 - 00026231 _____ () C:\Users\Jürgen\AppData\Local\recently-used.xbel
2015-04-20 02:21 - 2015-04-20 02:21 - 00326669 _____ () C:\Users\Jürgen\Downloads\Channel Art Templates.zip
2015-04-20 01:44 - 2014-08-04 11:25 - 00024824 _____ (ASUSTeK Computer Inc.) C:\Windows\system32\Drivers\IOMap64.sys
2015-04-19 23:16 - 2015-04-19 23:16 - 64677920 _____ (DVDVideoSoft Ltd. ) C:\Users\Jürgen\Downloads\FreeStudio (1).exe
2015-04-19 23:15 - 2015-04-19 23:16 - 64677920 _____ (DVDVideoSoft Ltd. ) C:\Users\Jürgen\Downloads\FreeStudio.exe
2015-04-16 22:27 - 2015-04-16 22:27 - 00000000 ____D () C:\Users\Jürgen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-04-16 22:27 - 2015-04-16 22:27 - 00000000 ____D () C:\ProgramData\Age of Empires 3
2015-04-16 22:26 - 2015-04-16 22:26 - 00000779 _____ () C:\Users\Public\Desktop\Age of Empires 3 - The WarChiefs.lnk
2015-04-16 22:26 - 2015-04-16 22:26 - 00000779 _____ () C:\Users\Public\Desktop\Age of Empires 3 - The Asian Dynasties.lnk
2015-04-16 22:26 - 2015-04-16 22:26 - 00000776 _____ () C:\Users\Public\Desktop\Age of Empires 3.lnk
2015-04-16 22:26 - 2015-04-16 22:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Studios
2015-04-15 17:52 - 2015-04-15 17:52 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-15 17:52 - 2015-04-15 17:52 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-15 10:58 - 2015-03-25 05:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-15 10:58 - 2015-03-25 05:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-15 10:58 - 2015-03-25 05:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-15 10:58 - 2015-03-25 05:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-15 10:58 - 2015-03-25 05:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-15 10:58 - 2015-03-25 05:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-15 10:58 - 2015-03-25 05:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-15 10:58 - 2015-03-25 05:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-15 10:58 - 2015-03-25 05:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-15 10:58 - 2015-03-25 05:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-15 10:58 - 2015-03-25 05:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-15 10:58 - 2015-03-25 05:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-15 10:58 - 2015-03-25 05:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-04-15 10:58 - 2015-03-25 05:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-04-15 10:58 - 2015-03-25 05:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-04-15 10:58 - 2015-03-25 05:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-15 10:58 - 2015-03-23 05:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-15 10:58 - 2015-03-23 05:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-15 10:58 - 2015-01-28 01:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-04-15 10:57 - 2015-04-02 02:17 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-15 10:57 - 2015-04-02 01:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-04-15 10:57 - 2015-03-23 05:25 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-15 10:57 - 2015-03-23 05:24 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-15 10:57 - 2015-03-23 05:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-15 10:57 - 2015-03-23 05:24 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-15 10:57 - 2015-03-23 05:24 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-15 10:57 - 2015-03-23 05:17 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-15 10:57 - 2015-03-17 07:22 - 05557696 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-15 10:57 - 2015-03-17 07:22 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-15 10:57 - 2015-03-17 07:22 - 00095672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-15 10:57 - 2015-03-17 07:19 - 01727904 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-15 10:57 - 2015-03-17 07:17 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-04-15 10:57 - 2015-03-17 07:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-15 10:57 - 2015-03-17 07:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-15 10:57 - 2015-03-17 07:16 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-15 10:57 - 2015-03-17 07:16 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-04-15 10:57 - 2015-03-17 07:16 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-15 10:57 - 2015-03-17 07:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-15 10:57 - 2015-03-17 07:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-04-15 10:57 - 2015-03-17 07:16 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-15 10:57 - 2015-03-17 07:16 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-15 10:57 - 2015-03-17 07:16 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-15 10:57 - 2015-03-17 07:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-15 10:57 - 2015-03-17 07:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-04-15 10:57 - 2015-03-17 07:16 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-15 10:57 - 2015-03-17 07:16 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-15 10:57 - 2015-03-17 07:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-15 10:57 - 2015-03-17 07:16 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-15 10:57 - 2015-03-17 07:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-15 10:57 - 2015-03-17 07:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-15 10:57 - 2015-03-17 07:16 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-15 10:57 - 2015-03-17 07:16 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-15 10:57 - 2015-03-17 07:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-15 10:57 - 2015-03-17 07:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-04-15 10:57 - 2015-03-17 07:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-04-15 10:57 - 2015-03-17 07:15 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-15 10:57 - 2015-03-17 07:15 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-15 10:57 - 2015-03-17 07:13 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-15 10:57 - 2015-03-17 07:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-15 10:57 - 2015-03-17 07:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-15 10:57 - 2015-03-17 07:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-15 10:57 - 2015-03-17 07:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 07:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 07:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-04-15 10:57 - 2015-03-17 07:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-04-15 10:57 - 2015-03-17 06:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-15 10:57 - 2015-03-17 06:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-04-15 10:57 - 2015-03-17 06:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-04-15 10:57 - 2015-03-17 06:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-04-15 10:57 - 2015-03-17 06:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-04-15 10:57 - 2015-03-17 06:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-04-15 10:57 - 2015-03-17 06:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-04-15 10:57 - 2015-03-17 06:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-04-15 10:57 - 2015-03-17 06:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-04-15 10:57 - 2015-03-17 06:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-04-15 10:57 - 2015-03-17 06:56 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-04-15 10:57 - 2015-03-17 06:56 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-04-15 10:57 - 2015-03-17 06:56 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-04-15 10:57 - 2015-03-17 06:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-04-15 10:57 - 2015-03-17 06:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-04-15 10:57 - 2015-03-17 06:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-04-15 10:57 - 2015-03-17 06:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-04-15 10:57 - 2015-03-17 06:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-04-15 10:57 - 2015-03-17 06:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-04-15 10:57 - 2015-03-17 06:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-04-15 10:57 - 2015-03-17 06:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-04-15 10:57 - 2015-03-17 06:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 06:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 05:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-04-15 10:57 - 2015-03-17 05:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-04-15 10:57 - 2015-03-17 05:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 05:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 05:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 05:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-04-15 10:57 - 2015-03-13 06:32 - 24980480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-15 10:57 - 2015-03-13 06:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-15 10:57 - 2015-03-13 06:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-04-15 10:57 - 2015-03-13 06:09 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-04-15 10:57 - 2015-03-13 06:08 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-15 10:57 - 2015-03-13 06:08 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-15 10:57 - 2015-03-13 06:08 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-04-15 10:57 - 2015-03-13 06:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-15 10:57 - 2015-03-13 06:06 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-04-15 10:57 - 2015-03-13 06:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-15 10:57 - 2015-03-13 05:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-04-15 10:57 - 2015-03-13 05:55 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-15 10:57 - 2015-03-13 05:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-15 10:57 - 2015-03-13 05:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-04-15 10:57 - 2015-03-13 05:53 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-04-15 10:57 - 2015-03-13 05:50 - 06025216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-15 10:57 - 2015-03-13 05:44 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-04-15 10:57 - 2015-03-13 05:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-15 10:57 - 2015-03-13 05:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-04-15 10:57 - 2015-03-13 05:40 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-15 10:57 - 2015-03-13 05:32 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-04-15 10:57 - 2015-03-13 05:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-15 10:57 - 2015-03-13 05:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-04-15 10:57 - 2015-03-13 05:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-04-15 10:57 - 2015-03-13 05:27 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-04-15 10:57 - 2015-03-13 05:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-04-15 10:57 - 2015-03-13 05:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-15 10:57 - 2015-03-13 05:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-04-15 10:57 - 2015-03-13 05:23 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-15 10:57 - 2015-03-13 05:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-15 10:57 - 2015-03-13 05:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-04-15 10:57 - 2015-03-13 05:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-04-15 10:57 - 2015-03-13 05:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-04-15 10:57 - 2015-03-13 05:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-04-15 10:57 - 2015-03-13 05:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-04-15 10:57 - 2015-03-13 05:08 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-15 10:57 - 2015-03-13 05:07 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-15 10:57 - 2015-03-13 05:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-04-15 10:57 - 2015-03-13 05:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-15 10:57 - 2015-03-13 05:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-04-15 10:57 - 2015-03-13 05:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-04-15 10:57 - 2015-03-13 05:00 - 14397440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-15 10:57 - 2015-03-13 04:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-04-15 10:57 - 2015-03-13 04:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-04-15 10:57 - 2015-03-13 04:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-04-15 10:57 - 2015-03-13 04:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-15 10:57 - 2015-03-13 04:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-15 10:57 - 2015-03-13 04:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-15 10:57 - 2015-03-13 04:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-04-15 10:57 - 2015-03-13 04:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-04-15 10:57 - 2015-03-13 04:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-15 10:57 - 2015-03-13 04:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-15 10:57 - 2015-03-13 04:22 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-15 10:57 - 2015-03-13 04:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-15 10:57 - 2015-03-13 04:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-15 10:57 - 2015-03-13 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-04-15 10:57 - 2015-03-10 05:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-15 10:57 - 2015-03-10 05:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-15 10:57 - 2015-03-10 05:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-04-15 10:57 - 2015-03-10 05:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-04-15 10:57 - 2015-03-05 07:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-15 10:57 - 2015-03-05 06:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-04-15 10:57 - 2015-03-04 06:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-15 10:57 - 2015-03-04 06:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-15 10:57 - 2015-03-04 06:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-15 10:57 - 2015-02-25 05:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-12 23:28 - 2015-04-12 23:28 - 00001222 _____ () C:\Users\Jürgen\Desktop\Adobe After Effects CC 2014.lnk
2015-04-12 23:24 - 2015-04-12 23:24 - 00001222 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe After Effects CC 2014.lnk
2015-04-10 14:20 - 2015-04-10 14:20 - 00003184 _____ () C:\Windows\System32\Tasks\{8C9030C3-2F75-4CD1-953E-269020D7CAC5}
2015-04-06 16:05 - 2015-04-20 11:59 - 00001456 _____ () C:\Users\Jürgen\AppData\Local\Adobe Für Web speichern 13.0 Prefs
2015-04-05 18:26 - 2015-04-05 18:26 - 00001255 _____ () C:\Users\Jürgen\Desktop\GoPro Importer.lnk
2015-04-05 00:01 - 2015-04-05 00:01 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-05 00:01 - 2015-04-05 00:01 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-03 13:39 - 2015-04-20 01:43 - 00000000 ____D () C:\Users\Jürgen\AppData\Roaming\OBS
2015-04-03 13:39 - 2015-04-03 13:39 - 00000935 _____ () C:\Users\Jürgen\Desktop\Open Broadcaster Software.lnk
2015-04-03 13:39 - 2015-04-03 13:39 - 00000000 ____D () C:\Users\Jürgen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software
2015-04-03 13:39 - 2015-04-03 13:39 - 00000000 ____D () C:\Program Files\OBS
2015-04-03 13:39 - 2015-04-03 13:39 - 00000000 ____D () C:\Program Files (x86)\OBS
2015-03-31 18:35 - 2015-03-31 19:01 - 00000000 ____D () C:\Users\Jürgen\Documents\Outlook-Dateien
2015-03-28 16:41 - 2015-03-28 16:41 - 00000000 ____D () C:\Users\Jürgen\AppData\Roaming\Milestone
2015-03-28 16:17 - 2015-03-28 16:17 - 00000345 _____ () C:\Users\Public\Desktop\RIDE.lnk
2015-03-28 16:17 - 2015-03-28 16:17 - 00000345 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RIDE.lnk
2015-03-26 16:18 - 2015-03-26 16:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GoPro

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-20 17:58 - 2014-10-17 08:19 - 00000000 ____D () C:\Users\Jürgen
2015-04-20 17:55 - 2014-10-17 08:30 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-20 17:03 - 2015-01-22 11:52 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-20 15:32 - 2014-10-17 08:19 - 01369963 _____ () C:\Windows\WindowsUpdate.log
2015-04-20 15:29 - 2014-10-17 00:15 - 00000000 ____D () C:\Users\Jürgen\AppData\Roaming\vlc
2015-04-20 15:19 - 2015-01-22 11:52 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-20 12:15 - 2015-01-26 18:14 - 00009728 _____ () C:\My3DGraph.grf
2015-04-20 12:15 - 2015-01-26 18:14 - 00000000 ____D () C:\ProgramData\TEMP
2015-04-20 11:57 - 2009-07-14 06:45 - 00021808 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-20 11:57 - 2009-07-14 06:45 - 00021808 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-20 11:55 - 2009-07-14 07:13 - 00786622 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-20 11:48 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-20 02:37 - 2014-11-13 18:12 - 00000000 ____D () C:\Users\Jürgen\.gimp-2.8
2015-04-20 02:36 - 2014-11-13 18:14 - 00000000 ____D () C:\Users\Jürgen\AppData\Local\gtk-2.0
2015-04-20 02:00 - 2014-10-17 08:30 - 00000000 ____D () C:\Users\Jürgen\AppData\Local\Adobe
2015-04-20 01:43 - 2014-10-17 00:16 - 00000000 ____D () C:\Users\Jürgen\AppData\Roaming\MediaMonkey
2015-04-19 23:15 - 1601-01-01 02:00 - 34439568 _____ (DVDVideoSoft Ltd. ) C:\Users\Jürgen\Downloads\FreeYouTubeDownload.exe
2015-04-19 22:33 - 2014-10-17 18:22 - 00000869 _____ () C:\Users\Public\Desktop\CPUID CPU-Z.lnk
2015-04-19 22:00 - 2014-10-31 02:01 - 00000792 _____ () C:\Windows\Tasks\At1.job
2015-04-19 21:44 - 2015-03-09 03:27 - 00000000 ____D () C:\ProgramData\boost_interprocess
2015-04-19 20:29 - 2014-10-17 17:32 - 00000000 ____D () C:\Users\Jürgen\AppData\Local\JDownloader v2.0
2015-04-18 02:34 - 2014-10-18 15:34 - 00000000 ____D () C:\Users\Jürgen\Documents\My Games
2015-04-18 00:21 - 2014-10-17 00:00 - 00000000 ____D () C:\Program Files (x86)\Trillian
2015-04-16 22:26 - 2014-10-24 23:44 - 00321452 _____ () C:\Windows\msxml4-KB973688-enu.LOG
2015-04-16 22:26 - 2014-10-22 21:11 - 00323832 _____ () C:\Windows\msxml4-KB954430-enu.LOG
2015-04-16 14:58 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-04-16 14:54 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\AppCompat
2015-04-15 15:55 - 2014-10-17 08:30 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-15 15:55 - 2014-10-17 08:30 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-15 15:55 - 2014-10-17 08:30 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-15 11:30 - 2014-10-17 18:18 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-15 11:30 - 2014-10-17 08:34 - 00778744 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-04-15 11:29 - 2014-10-17 17:15 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-15 11:26 - 2014-10-17 17:15 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-15 11:26 - 2009-07-14 04:34 - 00000513 _____ () C:\Windows\win.ini
2015-04-13 10:12 - 2015-02-10 17:26 - 00071168 ___SH () C:\Users\Public\Thumbs.db
2015-04-13 08:44 - 2014-11-27 18:58 - 00001019 _____ () C:\Users\Jürgen\Desktop\Dropbox.lnk
2015-04-13 08:44 - 2014-11-27 18:56 - 00000000 ____D () C:\Users\Jürgen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-04-13 08:44 - 2014-11-27 18:56 - 00000000 ____D () C:\Users\Jürgen\AppData\Roaming\Dropbox
2015-04-13 06:48 - 2010-11-21 05:47 - 00582402 _____ () C:\Windows\PFRO.log
2015-04-13 06:48 - 2009-07-14 06:45 - 05008576 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-04-12 23:28 - 2014-10-16 23:43 - 00086136 _____ () C:\Users\Jürgen\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-12 23:25 - 2014-10-16 23:41 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-04-12 23:24 - 2014-10-17 08:30 - 00000000 ____D () C:\Users\Jürgen\AppData\Roaming\Adobe
2015-04-12 23:20 - 2015-02-03 13:19 - 00000000 ____D () C:\Program Files\Adobe
2015-04-12 23:20 - 2015-02-03 11:52 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2015-04-10 14:20 - 2014-12-08 11:41 - 00000000 ____D () C:\Program Files (x86)\Cisco
2015-04-09 12:38 - 2014-12-19 19:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-04-09 12:38 - 2014-12-19 19:47 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-04-09 12:38 - 2014-10-16 23:35 - 00000000 ____D () C:\ProgramData\Package Cache
2015-04-08 04:25 - 2015-02-03 14:20 - 00000000 ____D () C:\Users\Jürgen\Documents\Adobe
2015-04-03 19:53 - 2009-07-14 06:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-04-01 23:59 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-03-31 14:14 - 2015-01-21 15:03 - 00000405 _____ () C:\Windows\SysWOW64\debug.log
2015-03-26 16:18 - 2015-01-20 15:44 - 00001108 _____ () C:\Users\Jürgen\Desktop\GoPro Studio.lnk
2015-03-26 16:18 - 2015-01-20 15:44 - 00000000 ____D () C:\Program Files (x86)\GoPro
2015-03-26 16:18 - 2014-11-08 01:01 - 00026056 _____ () C:\Windows\DPINST.LOG
2015-03-25 19:03 - 2014-10-17 00:06 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2015-03-25 19:03 - 2014-10-17 00:06 - 00003127 _____ () C:\Windows\LkmdfCoInst.log
2015-03-23 15:59 - 2014-12-19 19:49 - 00000000 ____D () C:\Users\Jürgen\AppData\Roaming\Avira
2015-03-23 15:59 - 2014-12-19 19:47 - 00000000 ____D () C:\ProgramData\Avira

==================== Files in the root of some directories =======

2014-10-18 15:05 - 2014-10-18 15:05 - 0000287 _____ () C:\Users\Jürgen\AppData\Roaming\removeAllComponents.bat
2014-10-18 15:04 - 2014-10-18 15:04 - 0000135 _____ () C:\Users\Jürgen\AppData\Roaming\tmp_unregister.bat
2015-04-06 16:05 - 2015-04-20 11:59 - 0001456 _____ () C:\Users\Jürgen\AppData\Local\Adobe Für Web speichern 13.0 Prefs
2014-10-18 17:27 - 2014-10-30 01:30 - 1065984 _____ () C:\Users\Jürgen\AppData\Local\file__0.localstorage
2015-04-20 02:36 - 2015-04-20 02:36 - 0026231 _____ () C:\Users\Jürgen\AppData\Local\recently-used.xbel
2014-10-16 23:48 - 2014-10-16 23:48 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-10-21 21:20 - 2014-10-21 21:26 - 0001300 _____ () C:\ProgramData\hpzinstall.log

Files to move or delete:
====================
C:\Windows\Tasks\At1.job


Some content of TEMP:
====================
C:\Users\Jürgen\AppData\Local\Temp\avgnt.exe
C:\Users\Jürgen\AppData\Local\Temp\proxy_vole7046132560386358656.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-14 13:25

==================== End Of Log ============================
         

Alt 20.04.2015, 18:54   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Avira Funde: Somoto.hzis, ATRAPS.Gen, Synatix.isks, InstallCore.Gen7, DownlaodSponsor.Gen - System läuft ansonsten einwandfrei - Standard

Avira Funde: Somoto.hzis, ATRAPS.Gen, Synatix.isks, InstallCore.Gen7, DownlaodSponsor.Gen - System läuft ansonsten einwandfrei



hi,

Addition.txt fehlt noch
__________________

__________________

Alt 20.04.2015, 18:54   #3
w1zz4rd
 
Avira Funde: Somoto.hzis, ATRAPS.Gen, Synatix.isks, InstallCore.Gen7, DownlaodSponsor.Gen - System läuft ansonsten einwandfrei - Standard

Avira Funde: Somoto.hzis, ATRAPS.Gen, Synatix.isks, InstallCore.Gen7, DownlaodSponsor.Gen - System läuft ansonsten einwandfrei



Zweiter Teil:


Addition.txt:

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-04-2015 01
Ran by Jürgen at 2015-04-20 18:02:00
Running from W:\Trojaner
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 6.2.2 - Hewlett-Packard) Hidden
Adobe After Effects CC 2014 (HKLM-x32\...\{2B22C750-5C3B-4738-B621-BA786AC7A494}) (Version: 13.2.0 - Adobe Systems Incorporated)
Adobe Bridge CC (HKLM-x32\...\{B42E718A-AAE9-4C7D-8990-2AE4C4FE87DF}) (Version: 6.0 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.9.0.465 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.0 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5.7.1 64-bit (HKLM\...\{BC86B82C-8C0E-4408-9AC1-6B0F2D636963}) (Version: 5.7.1 - Adobe Systems Incorporated)
Adobe Premiere Pro CC 2014 (HKLM-x32\...\{07BE616F-9E42-4C90-AF4F-0F32A5B088E7}) (Version: 8.2.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Age of Empires III - Complete Collection (HKLM-x32\...\Age of Empires III - Complete Collection_is1) (Version:  - )
AI Suite 3 (HKLM-x32\...\{CD36E28B-6023-469A-91E7-049A2874EC13}) (Version: 1.00.92 - ASUSTeK Computer Inc.)
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Auslogics DiskDefrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 5.4.0.0 - Auslogics Labs Pty Ltd)
Avira (HKLM-x32\...\{b5675cc4-ab8b-4945-8c1d-4c5479556d6a}) (Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.9.504 - Avira Operations GmbH & Co. KG)
B110 (x32 Version: 140.0.142.000 - Hewlett-Packard) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5143 - CDBurnerXP)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.0) (Version: 5.0.0.0 - Coupons.com Incorporated)
CPUID CPU-Z 1.72 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Desktop Icon für Amazon (HKLM\...\DesktopIconAmazon) (Version: 1.0.1 (de) - )
Destinations (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Dropbox (HKU\S-1-5-21-590260112-762417108-2990454751-1000\...\Dropbox) (Version: 3.4.3 - Dropbox, Inc.)
EndNote X7 (HKLM-x32\...\{86B3F2D6-AC2B-0017-8AE1-F2F77F781B0C}) (Version: 17.0.0.7072 - Thomson Reuters)
Eraser 6.2.0.2962 (HKLM\...\{C6E287F1-2E47-45F0-BB51-94F815CFFB48}) (Version: 6.2.2962 - The Eraser Project)
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Fraps (HKLM-x32\...\Fraps) (Version:  - )
Free Studio version 6.5.0.301 (HKLM-x32\...\Free Studio_is1) (Version: 6.5.0.301 - DVDVideoSoft Ltd.)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.90 - Google Inc.)
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
GoPro Studio 2.5.4 (HKLM-x32\...\GoPro Studio) (Version: 2.5.4 - GoPro, Inc.)
GoProCineFormDecoders 1.2.0 (HKLM-x32\...\GoProCineFormDecoders) (Version: 1.2.0 - CineForm, Inc & GoPro, Inc.)
GPBaseService2 (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden
Heaven Benchmark version 4.0 (HKLM-x32\...\Unigine Heaven Benchmark (Basic Edition)_is1) (Version: 4.0 - Unigine Corp.)
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)
HP Photosmart Wireless B110 All-In-One Driver Software 14.0 Rel. 7 (HKLM\...\{014E482A-0C27-47E3-BA82-307E9DCA2F47}) (Version: 14.0 - HP)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPAppStudio (x32 Version: 140.0.95.000 - Hewlett-Packard) Hidden
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden
HWiNFO64 Version 4.50 (HKLM\...\HWiNFO64_is1) (Version: 4.50 - Martin Malík - REALiX)
Intel(R) Chipset Device Software (x32 Version: 10.0.17 - Intel(R) Corporation) Hidden
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.1.41 - Intel Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
Logitech G430 Driver (HKLM-x32\...\G430_Driver) (Version: 8.53.0.2 - Logitech)
Logitech Gaming Software 8.58 (HKLM\...\Logitech Gaming Software) (Version: 8.58.177 - Logitech Inc.)
Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
MediaMonkey 4.1 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-0081-0407-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MPC-HC 1.7.8 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.8 - MPC-HC Team)
MSI Afterburner 4.0.0 (HKLM-x32\...\Afterburner) (Version: 4.0.0 - MSI Co., LTD)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Network64 (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.4.5 - Notepad++ Team)
NVIDIA GeForce Experience 2.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
Origin90 (HKLM-x32\...\{685A89CB-DF27-42D6-A623-34F40DBBFFB2}) (Version: 9.00.00 - OriginLab Corporation)
PS_AIO_07_B110_SW_Min (x32 Version: 140.0.142.000 - Hewlett-Packard) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
QuickTransfer (x32 Version: 140.0.98.000 - Hewlett-Packard) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.87.529.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7354 - Realtek Semiconductor Corp.)
ResearchSoft Direct Export Helper (HKLM-x32\...\ResearchSoft Direct Export Helper) (Version:  - Thomson Reuters)
RIDE (HKLM-x32\...\UklERQ==_is1) (Version: 1 - )
RivaTuner Statistics Server 6.2.0 (HKLM-x32\...\RTSS) (Version: 6.2.0 - Unwinder)
Rosetta Stone Ltd Services (HKLM-x32\...\{3165E4A6-D5DE-46B0-8597-D55E2B826B84}) (Version: 3.2.21 - Rosetta Stone Ltd.)
Rosetta Stone TOTALe (HKLM-x32\...\{6B6BC189-D606-4BC7-9758-E6C364F76A55}) (Version: 4.5.5.0 - Rosetta Stone, Ltd)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.5.1 - Samsung Electronics)
Samsung SSD 840 EVO Performance Restoration (HKLM-x32\...\{B4B18E77-4C37-46F2-BC38-9451E65C9AEC}_is1) (Version: 1.0 - Samsung Electronics)
Scan (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
SHIELD Streaming (Version: 3.1.100 - NVIDIA Corporation) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
SKTimeStamp (HKLM\...\{AAD52EF2-3EEB-489C-9F93-B0C1EC1D21A8}) (Version: 1.3.3 - Stefans Tools)
SmartWebPrinting (x32 Version: 140.0.186.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden
Status (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.36897 - TeamViewer)
Toolbox (x32 Version: 140.0.424.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Trillian (HKLM-x32\...\Trillian) (Version:  - Cerulean Studios, LLC)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WebReg (x32 Version: 140.0.212.017 - Hewlett-Packard) Hidden
Windows Driver Package - GoPro (WinUSB) Universal Serial Bus devices  (03/07/2012 ) (HKLM\...\0B624A43DD66DBF5CF3EDFA9741A364E688062A4) (Version: 03/07/2012  - GoPro)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.01 beta 1 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.1 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-590260112-762417108-2990454751-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Jürgen\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-590260112-762417108-2990454751-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Jürgen\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-590260112-762417108-2990454751-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jürgen\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-590260112-762417108-2990454751-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jürgen\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-590260112-762417108-2990454751-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jürgen\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-590260112-762417108-2990454751-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jürgen\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-590260112-762417108-2990454751-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jürgen\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-590260112-762417108-2990454751-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jürgen\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-590260112-762417108-2990454751-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jürgen\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-590260112-762417108-2990454751-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jürgen\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

==================== Restore Points  =========================

15-04-2015 18:05:32 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2015-02-03 13:27 - 00008023 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com
127.0.0.1 na1r.services.adobe.com
127.0.0.1 hlrcv.stage.adobe.com
127.0.0.1 practivate.adobe.com 
127.0.0.1 activate.adobe.com
127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com
127.0.0.1 na1r.services.adobe.com
127.0.0.1 na2m-pr.licenses.adobe.com
127.0.0.1 na4r.services.adobe.com
127.0.0.1 ims-na1-prprod.adobelogin.com
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 practivate.adobe.de
127.0.0.1 209-34-83-73.ood.opsource.net
127.0.0.1 3dns.adobe.com
127.0.0.1 3dns-1.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-4.adobe.com
127.0.0.1 3dns-5.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 activate-sea.adobe.de
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 activate-sjc0.adobe.de
127.0.0.1 activate.adobe.com
127.0.0.1 activate.adobe.de
127.0.0.1 activate.wip.adobe.com

There are 133 more lines.


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {16E9EBE1-E70D-4172-BBE0-4177F82F21BC} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {1C567221-1164-409F-90C3-7BAF0A4974FA} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe [2014-09-28] (Samsung Electronics.)
Task: {21EBC57C-CA88-4370-8077-3E7128259A5F} - System32\Tasks\ASUS\i-Setup213143 => C:\Windows\Intel_Chipset_Win7-8-8-1_V10016\AsusSetup.exe [2013-09-09] (ASUSTeK Computer Inc.)
Task: {2256BD5F-7B6B-4222-82BA-EA55507D5BD6} - System32\Tasks\ASUS\USB 3.0 Boost Service => C:\Program Files (x86)\ASUS\AI Suite III\USB 3.0 Boost\U3BoostSvr.exe [2013-07-24] (ASUSTeK Computer Inc.)
Task: {2B3C6B06-3F74-4E11-A9EC-1E39921472A9} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
Task: {2B7772F4-4746-480D-92A3-DEC351A8DEFE} - System32\Tasks\AdobeAAMUpdater-1.0-Juergen-Jürgen => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-09-19] (Adobe Systems Incorporated)
Task: {398B55C8-04CC-4E3B-B223-B630FDA16D67} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-22] (Google Inc.)
Task: {47008A7D-CFBD-401D-83CF-0B652C4509FC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-22] (Google Inc.)
Task: {65CF56DF-E590-4A12-ABBB-6D49EE960B7E} - System32\Tasks\ASUS\Ez Update => C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzUpdt.exe [2014-03-27] ()
Task: {73AFB716-D891-4133-8A45-A0FA71293DC7} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {74DB6AB8-0F05-4DA9-A14D-4605C7715737} - System32\Tasks\ASUS\i-Setup221351 => C:\Windows\hotfix\AsusSetup.exe [2013-09-09] (ASUSTeK Computer Inc.)
Task: {74F94B87-D88C-4A8D-85B2-055741781E12} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {7A9A998E-F7A8-41A1-9EB9-1A569E464A04} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {7EF32F49-D81A-46C1-AA58-86B92E5918B3} - System32\Tasks\At1 => net <==== ATTENTION
Task: {969B1E89-A2F0-4E36-93B5-A8D5A0DBF560} - System32\Tasks\ASUS\ASUS DIPAwayMode => C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe [2014-08-04] ()
Task: {9E173C3B-4FAC-4F91-9A27-E5C9D07EA700} - System32\Tasks\{8C9030C3-2F75-4CD1-953E-269020D7CAC5} => pcalua.exe -a "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\Uninstall.exe" -c -remove
Task: {9FA61605-04F4-4E25-BE2D-0FEB4C182358} - System32\Tasks\ASUS\ASUS AISuiteIII => C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe [2014-09-11] (ASUSTeK Computer Inc.)
Task: {B70804D3-67F3-4717-9950-772B1392AA0D} - System32\Tasks\ASUS\GpuFanHelper => C:\Program Files (x86)\ASUS\AI Suite III\DIP4\GpuFanHelper.exe [2014-08-04] (TODO: <Company name>)
Task: {BA2F8CA6-B21B-4EA1-AA48-C50CBF3BE92E} - System32\Tasks\ASUS\i-Setup221148 => C:\Windows\Intel_Chipset_Win7-8-8-1_V10016\AsusSetup.exe [2013-09-09] (ASUSTeK Computer Inc.)
Task: {BA43CE06-489D-4C28-AE68-6C435B7F119D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-15] (Adobe Systems Incorporated)
Task: {E970647F-791C-4FD6-96E8-44F3F1F95D71} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {FA89AB2E-85D5-4C4B-B384-464185B9EE5C} - System32\Tasks\ASUS\Push Notice Server Execute => C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNotifyServer.exe [2014-01-10] (ASUSTeK Computer Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\At1.job => joA net start AddonsHelper /ff /ie /ch /se /hp /nt /dns /seurl http /www firetab org/?type ds3se searchTerms /dnsurl http /www firetab org/?type ds3dns searchTerms /hpurl http /www firetab org/?type ds3hp /nturl http /www firetab org/?type ds3nt SYSTEM Created by NetScheduleJobAdd AxW 22
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2014-12-19 16:57 - 2014-12-19 16:57 - 01039008 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2012-06-18 17:24 - 2012-06-18 17:24 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_05.dll
2014-10-18 12:57 - 2014-03-27 19:33 - 01430328 _____ () C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzUpdt.exe
2014-10-18 12:58 - 2014-08-04 20:21 - 01271096 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe
2014-10-31 02:01 - 2014-10-31 02:01 - 00896512 ____N () C:\Users\Jürgen\AppData\Local\Temp\OCS\Downloads\fc14996dfa99adfc7baae624196888c5\3356edf7a88e475d88eac25e50bcafe7\AddonsHelper.exe
2014-01-28 05:16 - 2014-01-28 05:16 - 00936728 ____R () C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
2014-09-18 09:23 - 2014-09-18 09:23 - 00866584 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2015-02-26 20:39 - 2015-02-26 20:39 - 01050904 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2014-09-18 09:23 - 2014-09-18 09:23 - 00059160 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2015-02-26 20:39 - 2015-02-26 20:39 - 00242456 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2014-10-20 22:16 - 2014-04-24 08:29 - 01360016 _____ () C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe
2014-10-18 12:58 - 2014-04-11 09:53 - 01045304 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNoticeMonitor.exe
2014-10-18 12:58 - 2014-04-11 10:53 - 00037176 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNotify_PCCtrl.exe
2015-04-16 02:04 - 2015-04-13 23:48 - 01633608 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\libglesv2.dll
2015-04-16 02:04 - 2015-04-13 23:48 - 00093000 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\libegl.dll
2014-10-18 12:57 - 2014-09-09 11:14 - 00947512 _____ () C:\Program Files (x86)\ASUS\AI Suite III\ASUSMiniBar.exe
2015-04-20 17:57 - 2015-04-20 17:57 - 00050477 _____ () W:\Trojaner\Defogger.exe
2014-10-18 12:57 - 2014-03-27 19:32 - 05778096 _____ () C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzULIB.dll
2014-10-18 12:57 - 2014-02-24 17:49 - 00208896 _____ () C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\ImageHelper.dll
2014-10-18 12:57 - 2014-09-09 11:14 - 00091648 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Log4cxxWrapper.dll
2014-10-18 12:57 - 2014-09-09 11:14 - 00147456 _____ () C:\Program Files (x86)\ASUS\AI Suite III\AssistFunc.dll
2014-10-18 12:58 - 2014-08-04 18:31 - 04239360 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\dip4.dll
2014-10-18 12:58 - 2014-08-04 18:25 - 00091648 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\Log4cxxWrapper.dll
2014-10-18 12:57 - 2014-02-25 16:53 - 01138176 _____ () C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EasyUpdt.dll
2014-10-18 12:57 - 2014-09-09 11:14 - 00827392 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Version\Version.dll
2015-03-15 22:30 - 2014-08-04 11:25 - 00053248 _____ () C:\Program Files (x86)\ASUS\VGA COM\1.00.20\Exeio.dll
2015-03-15 22:30 - 2014-08-04 11:25 - 00278528 _____ () C:\Program Files (x86)\ASUS\VGA COM\1.00.20\Vender.dll
2014-10-18 12:57 - 2014-01-28 05:16 - 00662016 ____R () C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMLib.dll
2014-10-18 12:58 - 2014-08-04 18:25 - 00711680 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4DIGIPowerControlAction.dll
2014-10-18 12:58 - 2014-08-04 18:25 - 00856576 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4EpuAction.dll
2014-10-18 12:58 - 2014-08-04 18:25 - 00803840 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4FanAction.dll
2014-10-18 12:58 - 2014-08-04 18:25 - 00807936 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4TurboVEVOAction.dll
2014-10-18 12:58 - 2014-08-04 18:25 - 00010240 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\IccHelper.dll
2014-10-18 12:57 - 2015-04-20 11:48 - 00034960 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\PEbiosinterface32.dll
2014-10-18 12:57 - 2014-01-28 05:16 - 00104448 ____R () C:\Program Files (x86)\ASUS\AXSP\1.02.00\ATKEX.dll
2014-10-18 12:58 - 2013-11-20 10:10 - 00662016 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\aaHMLib.dll
2014-10-18 12:58 - 2013-07-02 10:40 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\pngio.dll
2014-10-16 23:43 - 2014-09-28 18:59 - 00019872 _____ () C:\Program Files (x86)\Samsung\Samsung Magician\SAMSUNG_SSD.dll
2014-10-18 12:58 - 2014-08-04 18:25 - 00743424 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\EPU.dll
2014-10-18 12:58 - 2014-08-04 18:25 - 00908288 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\FAN.dll
2014-10-18 12:58 - 2014-04-10 15:23 - 00643584 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNoticeMiniMsg.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2013-02-14 15:46 - 2013-02-14 15:46 - 01044048 _____ () C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:054203E4

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-590260112-762417108-2990454751-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Jürgen\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^CineForm Status.lnk => C:\Windows\pss\CineForm Status.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GoPro Importer.lnk => C:\Windows\pss\GoPro Importer.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: Cisco AnyConnect Secure Mobility Agent for Windows => "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: Eraser => "C:\Program Files\Eraser\Eraser.exe" /atRestart
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: ShadowPlay => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart

==================== Accounts: =============================

Administrator (S-1-5-21-590260112-762417108-2990454751-500 - Administrator - Disabled)
Guest (S-1-5-21-590260112-762417108-2990454751-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-590260112-762417108-2990454751-1006 - Limited - Enabled)
Jürgen (S-1-5-21-590260112-762417108-2990454751-1000 - Administrator - Enabled) => C:\Users\Jürgen

==================== Faulty Device Manager Devices =============

Name: Photosmart B110 series
Description: Photosmart B110 series
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: HP
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Photosmart B110 series
Description: Photosmart B110 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/20/2015 00:47:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Adobe Premiere Pro.exe, version: 8.2.0.65, time stamp: 0x5486db4a
Faulting module name: ntdll.dll, version: 6.1.7601.18798, time stamp: 0x5507b864
Exception code: 0xc0000005
Fault offset: 0x000000000004f8d6
Faulting process id: 0x14d8
Faulting application start time: 0xAdobe Premiere Pro.exe0
Faulting application path: Adobe Premiere Pro.exe1
Faulting module path: Adobe Premiere Pro.exe2
Report Id: Adobe Premiere Pro.exe3

Error: (04/20/2015 00:46:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Adobe Premiere Pro.exe, version: 8.2.0.65, time stamp: 0x5486db4a
Faulting module name: ntdll.dll, version: 6.1.7601.18798, time stamp: 0x5507b864
Exception code: 0xc0000005
Fault offset: 0x000000000004f8d6
Faulting process id: 0x300
Faulting application start time: 0xAdobe Premiere Pro.exe0
Faulting application path: Adobe Premiere Pro.exe1
Faulting module path: Adobe Premiere Pro.exe2
Report Id: Adobe Premiere Pro.exe3

Error: (04/20/2015 00:43:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Adobe Premiere Pro.exe, version: 8.2.0.65, time stamp: 0x5486db4a
Faulting module name: ntdll.dll, version: 6.1.7601.18798, time stamp: 0x5507b864
Exception code: 0xc0000005
Fault offset: 0x000000000004f8d6
Faulting process id: 0x1b38
Faulting application start time: 0xAdobe Premiere Pro.exe0
Faulting application path: Adobe Premiere Pro.exe1
Faulting module path: Adobe Premiere Pro.exe2
Report Id: Adobe Premiere Pro.exe3

Error: (04/20/2015 11:48:44 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/20/2015 01:44:04 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/19/2015 08:37:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/19/2015 08:37:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AsSysCtrlService.exe, version: 0.0.0.0, time stamp: 0x532bf8f2
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0xa28
Faulting application start time: 0xAsSysCtrlService.exe0
Faulting application path: AsSysCtrlService.exe1
Faulting module path: AsSysCtrlService.exe2
Report Id: AsSysCtrlService.exe3

Error: (04/19/2015 08:33:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: explorer.exe, version: 6.1.7601.17567, time stamp: 0x4d6727a7
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x000bce67
Faulting process id: 0x360
Faulting application start time: 0xexplorer.exe0
Faulting application path: explorer.exe1
Faulting module path: explorer.exe2
Report Id: explorer.exe3

Error: (04/19/2015 00:40:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/19/2015 09:36:22 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (04/20/2015 11:49:40 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (04/20/2015 01:44:59 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (04/19/2015 08:38:38 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (04/19/2015 00:41:09 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (04/19/2015 09:37:18 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (04/18/2015 11:01:47 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (04/17/2015 09:17:35 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (04/16/2015 11:53:24 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (04/15/2015 06:38:05 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (04/15/2015 05:54:14 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)


Microsoft Office Sessions:
=========================
Error: (04/20/2015 00:47:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Adobe Premiere Pro.exe8.2.0.655486db4antdll.dll6.1.7601.187985507b864c0000005000000000004f8d614d801d07b57521d44a6C:\Program Files\Adobe\Adobe Premiere Pro CC 2014\Adobe Premiere Pro.exeC:\Windows\SYSTEM32\ntdll.dlla45c705c-e74a-11e4-b459-7824af45e1ab

Error: (04/20/2015 00:46:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Adobe Premiere Pro.exe8.2.0.655486db4antdll.dll6.1.7601.187985507b864c0000005000000000004f8d630001d07b56e604a264C:\Program Files\Adobe\Adobe Premiere Pro CC 2014\Adobe Premiere Pro.exeC:\Windows\SYSTEM32\ntdll.dll7d2c6e98-e74a-11e4-b459-7824af45e1ab

Error: (04/20/2015 00:43:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Adobe Premiere Pro.exe8.2.0.655486db4antdll.dll6.1.7601.187985507b864c0000005000000000004f8d61b3801d07b510597cb07C:\Program Files\Adobe\Adobe Premiere Pro CC 2014\Adobe Premiere Pro.exeC:\Windows\SYSTEM32\ntdll.dll1a485908-e74a-11e4-b459-7824af45e1ab

Error: (04/20/2015 11:48:44 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/20/2015 01:44:04 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/19/2015 08:37:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/19/2015 08:37:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: AsSysCtrlService.exe0.0.0.0532bf8f2unknown0.0.0.000000000c000000500000000a2801d07a8d35fe9b64C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exeunknown1b93904e-e6c3-11e4-8797-7824af45e1ab

Error: (04/19/2015 08:33:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: explorer.exe6.1.7601.175674d6727a7unknown0.0.0.000000000c0000005000bce6736001d07acf56db21ecC:\Windows\SysWOW64\explorer.exeunknown9bbf93fe-e6c2-11e4-8797-7824af45e1ab

Error: (04/19/2015 00:40:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/19/2015 09:36:22 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-4690K CPU @ 3.50GHz
Percentage of memory in use: 44%
Total physical RAM: 8134.07 MB
Available physical RAM: 4520.91 MB
Total Pagefile: 16266.33 MB
Available Pagefile: 11741.32 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:118.88 GB) (Free:35.93 GB) NTFS
Drive d: (Spiele) (Fixed) (Total:113.78 GB) (Free:59.33 GB) NTFS
Drive s: (Seagate) (Fixed) (Total:232.88 GB) (Free:159.56 GB) NTFS
Drive w: (Western) (Fixed) (Total:931.51 GB) (Free:96.15 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: BF1AB914)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 2D4EF20A)
Partition 1: (Active) - (Size=232.9 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
Defogger_disable.log:

Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 18:14 on 20/04/2015 (Jürgen)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         
Gmer Error:





Vielen lieben Dank im Voraus!
__________________

Alt 21.04.2015, 11:33   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Avira Funde: Somoto.hzis, ATRAPS.Gen, Synatix.isks, InstallCore.Gen7, DownlaodSponsor.Gen - System läuft ansonsten einwandfrei - Standard

Avira Funde: Somoto.hzis, ATRAPS.Gen, Synatix.isks, InstallCore.Gen7, DownlaodSponsor.Gen - System läuft ansonsten einwandfrei



Zitat:
127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com
127.0.0.1 na1r.services.adobe.com
127.0.0.1 hlrcv.stage.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 activate.adobe.com
127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com
127.0.0.1 na1r.services.adobe.com
127.0.0.1 na2m-pr.licenses.adobe.com
127.0.0.1 na4r.services.adobe.com
127.0.0.1 ims-na1-prprod.adobelogin.com
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 practivate.adobe.de
127.0.0.1 209-34-83-73.ood.opsource.net
127.0.0.1 3dns.adobe.com
127.0.0.1 3dns-1.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-4.adobe.com
127.0.0.1 3dns-5.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 activate-sea.adobe.de
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 activate-sjc0.adobe.de
127.0.0.1 activate.adobe.com
127.0.0.1 activate.adobe.de
127.0.0.1 activate.wip.adobe.com
Erst mal bitte das gecrackte Adobe entfernen......
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 21.04.2015, 12:08   #5
w1zz4rd
 
Avira Funde: Somoto.hzis, ATRAPS.Gen, Synatix.isks, InstallCore.Gen7, DownlaodSponsor.Gen - System läuft ansonsten einwandfrei - Standard

Avira Funde: Somoto.hzis, ATRAPS.Gen, Synatix.isks, InstallCore.Gen7, DownlaodSponsor.Gen - System läuft ansonsten einwandfrei



Erledigt bzw. nur die Überbleibsel in der Host datei rausgenommen die ich vergessen hab. (hab mir mittlerweile die Student Edition gegönnt da ichs mehr als einmal brauch)

neuer Scan?


Geändert von w1zz4rd (21.04.2015 um 12:34 Uhr)

Alt 22.04.2015, 08:22   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Avira Funde: Somoto.hzis, ATRAPS.Gen, Synatix.isks, InstallCore.Gen7, DownlaodSponsor.Gen - System läuft ansonsten einwandfrei - Standard

Avira Funde: Somoto.hzis, ATRAPS.Gen, Synatix.isks, InstallCore.Gen7, DownlaodSponsor.Gen - System läuft ansonsten einwandfrei



Nö, passt schon

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
--> Avira Funde: Somoto.hzis, ATRAPS.Gen, Synatix.isks, InstallCore.Gen7, DownlaodSponsor.Gen - System läuft ansonsten einwandfrei

Alt 22.04.2015, 11:34   #7
w1zz4rd
 
Avira Funde: Somoto.hzis, ATRAPS.Gen, Synatix.isks, InstallCore.Gen7, DownlaodSponsor.Gen - System läuft ansonsten einwandfrei - Standard

Avira Funde: Somoto.hzis, ATRAPS.Gen, Synatix.isks, InstallCore.Gen7, DownlaodSponsor.Gen - System läuft ansonsten einwandfrei



Code:
ATTFilter
ComboFix 15-04-19.01 - Jürgen 22.04.2015  11:19:29.2.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.8134.5535 [GMT 2:00]
Running from: c:\users\Jürgen\Desktop\ComboFix.exe
AV: Avira Antivirus *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Antivirus *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Jürgen\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\users\JRGEN~1\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\windows\SysWow64\DEBUG.log
.
.
(((((((((((((((((((((((((   Files Created from 2015-03-22 to 2015-04-22  )))))))))))))))))))))))))))))))
.
.
2015-04-22 09:21 . 2015-04-22 09:21	--------	d-----w-	c:\users\Default\AppData\Local\temp
2015-04-22 09:09 . 2014-08-04 09:25	24824	----a-w-	c:\windows\system32\drivers\IOMap64.sys
2015-04-21 18:46 . 2015-04-21 18:46	--------	d-----w-	c:\programdata\BioWare
2015-04-21 09:17 . 2015-04-04 06:25	12032440	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{A8F219E7-9BCB-40BB-AD0C-00FF29BCB07C}\mpengine.dll
2015-04-21 09:17 . 2013-04-02 22:51	1643520	----a-w-	c:\windows\system32\DWrite.dll
2015-04-21 09:17 . 2013-04-09 23:34	1247744	----a-w-	c:\windows\SysWow64\DWrite.dll
2015-04-20 16:17 . 2015-04-21 11:44	136408	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-04-20 16:01 . 2015-04-20 16:03	--------	d-----w-	C:\FRST
2015-04-20 13:59 . 2015-04-20 13:59	--------	d-----w-	c:\program files (x86)\ Malwarebytes Anti-Malware 
2015-04-20 13:59 . 2015-04-14 07:37	63704	----a-w-	c:\windows\system32\drivers\mwac.sys
2015-04-20 13:59 . 2015-04-14 07:37	107736	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2015-04-20 13:59 . 2015-04-14 07:37	25816	----a-w-	c:\windows\system32\drivers\mbam.sys
2015-04-20 13:33 . 2015-04-20 13:33	--------	d-----w-	c:\program files (x86)\Auslogics
2015-04-16 20:27 . 2015-04-16 20:27	--------	d-----w-	c:\programdata\Age of Empires 3
2015-04-15 15:52 . 2015-04-15 15:52	--------	d-s---w-	c:\windows\system32\CompatTel
2015-04-15 15:52 . 2015-04-15 15:52	--------	d-----w-	c:\windows\system32\appraiser
2015-04-15 08:57 . 2015-03-23 03:25	769536	----a-w-	c:\windows\system32\invagent.dll
2015-04-04 22:01 . 2015-04-04 22:01	--------	d-s---w-	c:\windows\system32\GWX
2015-04-04 22:01 . 2015-04-04 22:01	--------	d-s---w-	c:\windows\SysWow64\GWX
2015-04-03 11:39 . 2015-04-21 21:49	--------	d-----w-	c:\users\Jürgen\AppData\Roaming\OBS
2015-04-03 11:39 . 2015-04-03 11:39	--------	d-----w-	c:\program files\OBS
2015-04-03 11:39 . 2015-04-03 11:39	--------	d-----w-	c:\program files (x86)\OBS
2015-03-28 14:41 . 2015-03-28 14:41	--------	d-----w-	c:\users\Jürgen\AppData\Roaming\Milestone
2015-03-25 12:34 . 2015-03-25 12:34	18475704	----a-w-	c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\MSO.DLL
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-04-21 09:24 . 2014-10-20 19:34	5132048	----a-w-	c:\windows\PE_Rom.dll
2015-04-15 13:55 . 2014-10-17 06:30	778416	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2015-04-15 13:55 . 2014-10-17 06:30	142512	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-04-15 09:26 . 2014-10-17 15:15	128913832	----a-w-	c:\windows\system32\MRT.exe
2015-03-25 17:03 . 2014-10-16 22:06	18960	----a-w-	c:\windows\system32\drivers\LNonPnP.sys
2015-03-17 04:56 . 2015-04-15 08:57	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2015-03-15 20:34 . 2014-10-20 19:35	5197584	----a-w-	c:\windows\PE_File.dll
2015-02-26 03:25 . 2015-03-11 09:22	3204096	----a-w-	c:\windows\system32\win32k.sys
2015-02-24 02:17 . 2010-11-21 03:27	295552	------w-	c:\windows\system32\MpSigStub.exe
2015-02-20 04:41 . 2015-03-11 09:22	41984	----a-w-	c:\windows\system32\lpk.dll
2015-02-20 04:40 . 2015-03-11 09:22	100864	----a-w-	c:\windows\system32\fontsub.dll
2015-02-20 04:40 . 2015-03-11 09:22	14336	----a-w-	c:\windows\system32\dciman32.dll
2015-02-20 04:40 . 2015-03-11 09:22	46080	----a-w-	c:\windows\system32\atmlib.dll
2015-02-20 04:13 . 2015-03-11 09:22	70656	----a-w-	c:\windows\SysWow64\fontsub.dll
2015-02-20 04:13 . 2015-03-11 09:22	10240	----a-w-	c:\windows\SysWow64\dciman32.dll
2015-02-20 04:13 . 2015-03-11 09:22	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2015-02-20 04:12 . 2015-03-11 09:22	25600	----a-w-	c:\windows\SysWow64\lpk.dll
2015-02-20 03:29 . 2015-03-11 09:22	372224	----a-w-	c:\windows\system32\atmfd.dll
2015-02-20 03:09 . 2015-03-11 09:22	299008	----a-w-	c:\windows\SysWow64\atmfd.dll
2015-02-17 14:26 . 2015-02-17 14:26	1217184	----a-w-	c:\windows\SysWow64\FM20.DLL
2015-02-13 05:22 . 2015-03-11 09:22	14177280	----a-w-	c:\windows\system32\shell32.dll
2015-02-12 11:07 . 2014-12-19 17:47	44088	----a-w-	c:\windows\system32\drivers\avnetflt.sys
2015-02-12 11:07 . 2014-12-19 17:47	132120	----a-w-	c:\windows\system32\drivers\avipbb.sys
2015-02-12 11:07 . 2014-12-19 17:47	128536	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2015-02-04 10:23 . 2015-02-04 10:23	875688	----a-w-	c:\windows\SysWow64\msvcr120_clr0400.dll
2015-02-04 10:13 . 2015-02-04 10:13	869536	----a-w-	c:\windows\system32\msvcr120_clr0400.dll
2015-02-04 03:16 . 2015-03-11 09:22	465920	----a-w-	c:\windows\system32\WMPhoto.dll
2015-02-04 02:54 . 2015-03-11 09:22	417792	----a-w-	c:\windows\SysWow64\WMPhoto.dll
2015-02-03 03:34 . 2015-03-11 09:23	693176	----a-w-	c:\windows\system32\winload.efi
2015-02-03 03:34 . 2015-03-11 09:23	94656	----a-w-	c:\windows\system32\drivers\mountmgr.sys
2015-02-03 03:33 . 2015-03-11 09:23	616360	----a-w-	c:\windows\system32\winresume.efi
2015-02-03 03:31 . 2015-03-11 09:23	14632960	----a-w-	c:\windows\system32\wmp.dll
2015-02-03 03:31 . 2015-03-11 09:23	782848	----a-w-	c:\windows\system32\wmdrmsdk.dll
2015-02-03 03:31 . 2015-03-11 09:23	229376	----a-w-	c:\windows\system32\wintrust.dll
2015-02-03 03:31 . 2015-03-11 09:22	1424896	----a-w-	c:\windows\system32\WindowsCodecs.dll
2015-02-03 03:31 . 2015-03-11 09:22	215552	----a-w-	c:\windows\system32\ubpm.dll
2015-02-03 03:31 . 2015-03-11 09:23	5120	----a-w-	c:\windows\system32\msdxm.ocx
2015-02-03 03:31 . 2015-03-11 09:23	5120	----a-w-	c:\windows\system32\dxmasf.dll
2015-02-03 03:31 . 2015-03-11 09:23	63488	----a-w-	c:\windows\system32\setbcdlocale.dll
2015-02-03 03:31 . 2015-03-11 09:23	1574400	----a-w-	c:\windows\system32\quartz.dll
2015-02-03 03:31 . 2015-03-11 09:23	500224	----a-w-	c:\windows\system32\AUDIOKSE.dll
2015-02-03 03:31 . 2015-03-11 09:23	371712	----a-w-	c:\windows\system32\qdvd.dll
2015-02-03 03:31 . 2015-03-11 09:23	188416	----a-w-	c:\windows\system32\pcasvc.dll
2015-02-03 03:31 . 2015-03-11 09:23	9728	----a-w-	c:\windows\system32\spwmp.dll
2015-02-03 03:31 . 2015-03-11 09:23	37376	----a-w-	c:\windows\system32\pcadm.dll
2015-02-03 03:31 . 2015-03-11 09:23	641024	----a-w-	c:\windows\system32\msscp.dll
2015-02-03 03:31 . 2015-03-11 09:23	325632	----a-w-	c:\windows\system32\msnetobj.dll
2015-02-03 03:31 . 2015-03-11 09:23	11264	----a-w-	c:\windows\system32\msmmsp.dll
2015-02-03 03:31 . 2015-03-11 09:23	432128	----a-w-	c:\windows\system32\mfplat.dll
2015-02-03 03:31 . 2015-03-11 09:23	4121600	----a-w-	c:\windows\system32\mf.dll
2015-02-03 03:31 . 2015-03-11 09:23	206848	----a-w-	c:\windows\system32\mfps.dll
2015-02-03 03:30 . 2015-03-11 09:23	631808	----a-w-	c:\windows\system32\evr.dll
2015-02-03 03:30 . 2015-03-11 09:23	284672	----a-w-	c:\windows\system32\EncDump.dll
2015-02-03 03:30 . 2015-03-11 09:23	1202176	----a-w-	c:\windows\system32\drmv2clt.dll
2015-02-03 03:30 . 2015-03-11 09:23	497664	----a-w-	c:\windows\system32\drmmgrtn.dll
2015-02-03 03:30 . 2015-03-11 09:23	82432	----a-w-	c:\windows\system32\cryptsp.dll
2015-02-03 03:30 . 2015-03-11 09:23	1480192	----a-w-	c:\windows\system32\crypt32.dll
2015-02-03 03:30 . 2015-03-11 09:23	1069056	----a-w-	c:\windows\system32\cryptui.dll
2015-02-03 03:30 . 2015-03-11 09:23	187904	----a-w-	c:\windows\system32\cryptsvc.dll
2015-02-03 03:30 . 2015-03-11 09:23	140288	----a-w-	c:\windows\system32\cryptnet.dll
2015-02-03 03:30 . 2015-03-11 09:23	842240	----a-w-	c:\windows\system32\blackbox.dll
2015-02-03 03:30 . 2015-03-11 09:23	680960	----a-w-	c:\windows\system32\audiosrv.dll
2015-02-03 03:30 . 2015-03-11 09:23	440832	----a-w-	c:\windows\system32\AudioEng.dll
2015-02-03 03:30 . 2015-03-11 09:23	296448	----a-w-	c:\windows\system32\AudioSes.dll
2015-02-03 03:30 . 2015-03-11 09:23	58880	----a-w-	c:\windows\system32\appidapi.dll
2015-02-03 03:30 . 2015-03-11 09:23	32256	----a-w-	c:\windows\system32\appidsvc.dll
2015-02-03 03:30 . 2015-03-11 09:23	55808	----a-w-	c:\windows\system32\rrinstaller.exe
2015-02-03 03:30 . 2015-03-11 09:23	9728	----a-w-	c:\windows\system32\pcalua.exe
2015-02-03 03:30 . 2015-03-11 09:23	11264	----a-w-	c:\windows\system32\pcawrk.exe
2015-02-03 03:30 . 2015-03-11 09:23	24576	----a-w-	c:\windows\system32\mfpmp.exe
2015-02-03 03:30 . 2015-03-11 09:23	17920	----a-w-	c:\windows\system32\appidcertstorecheck.exe
2015-02-03 03:30 . 2015-03-11 09:23	146944	----a-w-	c:\windows\system32\appidpolicyconverter.exe
2015-02-03 03:30 . 2015-03-11 09:23	126464	----a-w-	c:\windows\system32\audiodg.exe
2015-02-03 03:30 . 2015-03-11 09:23	12625920	----a-w-	c:\windows\system32\wmploc.DLL
2015-02-03 03:29 . 2015-03-11 09:23	8704	----a-w-	c:\windows\system32\pcaevts.dll
2015-02-03 03:28 . 2015-03-11 09:23	2048	----a-w-	c:\windows\system32\mferror.dll
2015-02-03 03:19 . 2015-03-11 09:23	663552	----a-w-	c:\windows\system32\drivers\PEAuth.sys
2015-02-03 03:12 . 2015-03-11 09:23	617984	----a-w-	c:\windows\SysWow64\wmdrmsdk.dll
2015-02-03 03:12 . 2015-03-11 09:23	179200	----a-w-	c:\windows\SysWow64\wintrust.dll
2015-02-03 03:12 . 2015-03-11 09:22	1230848	----a-w-	c:\windows\SysWow64\WindowsCodecs.dll
2015-02-03 03:12 . 2015-03-11 09:22	171520	----a-w-	c:\windows\SysWow64\ubpm.dll
2015-02-03 03:12 . 2015-03-11 09:23	4096	----a-w-	c:\windows\SysWow64\msdxm.ocx
2015-02-03 03:12 . 2015-03-11 09:23	4096	----a-w-	c:\windows\SysWow64\dxmasf.dll
2015-02-03 03:12 . 2015-03-11 09:23	1329664	----a-w-	c:\windows\SysWow64\quartz.dll
2015-02-03 03:12 . 2015-03-11 09:23	519680	----a-w-	c:\windows\SysWow64\qdvd.dll
2015-02-03 03:12 . 2015-03-11 09:23	442880	----a-w-	c:\windows\SysWow64\AUDIOKSE.dll
2015-02-03 03:12 . 2015-03-11 09:23	8192	----a-w-	c:\windows\SysWow64\spwmp.dll
2015-02-03 03:12 . 2015-03-11 09:23	504320	----a-w-	c:\windows\SysWow64\msscp.dll
2015-02-03 03:12 . 2015-03-11 09:23	265216	----a-w-	c:\windows\SysWow64\msnetobj.dll
2015-02-03 03:12 . 2015-03-11 09:23	3209728	----a-w-	c:\windows\SysWow64\mf.dll
2015-02-03 03:12 . 2015-03-11 09:23	354816	----a-w-	c:\windows\SysWow64\mfplat.dll
2015-02-03 03:12 . 2015-03-11 09:23	103424	----a-w-	c:\windows\SysWow64\mfps.dll
2015-02-03 03:12 . 2015-03-11 09:23	489984	----a-w-	c:\windows\SysWow64\evr.dll
2015-02-03 03:12 . 2015-03-11 09:23	988160	----a-w-	c:\windows\SysWow64\drmv2clt.dll
2015-02-03 03:12 . 2015-03-11 09:23	406016	----a-w-	c:\windows\SysWow64\drmmgrtn.dll
2015-02-03 03:12 . 2015-03-11 09:23	81408	----a-w-	c:\windows\SysWow64\cryptsp.dll
2015-02-03 03:12 . 2015-03-11 09:23	1174528	----a-w-	c:\windows\SysWow64\crypt32.dll
2015-02-03 03:12 . 2015-03-11 09:23	1005056	----a-w-	c:\windows\SysWow64\cryptui.dll
2015-02-03 03:12 . 2015-03-11 09:23	143872	----a-w-	c:\windows\SysWow64\cryptsvc.dll
2015-02-03 03:12 . 2015-03-11 09:23	103936	----a-w-	c:\windows\SysWow64\cryptnet.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{9B6B03F1-16CF-4491-BBBB-E872802DD717}]
2014-10-31 00:01	138752	----a-w-	c:\programdata\DNSErrorHelper\bho.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2014-10-16 13:34	323752	----a-w-	c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	152544	----a-w-	c:\users\Jürgen\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	152544	----a-w-	c:\users\Jürgen\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	152544	----a-w-	c:\users\Jürgen\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	152544	----a-w-	c:\users\Jürgen\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	152544	----a-w-	c:\users\Jürgen\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	152544	----a-w-	c:\users\Jürgen\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	152544	----a-w-	c:\users\Jürgen\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	152544	----a-w-	c:\users\Jürgen\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2014-02-21 292848]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2015-03-31 726320]
"StartCCC"="c:\program files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2014-11-20 767176]
"Avira Systray"="c:\program files (x86)\Avira\My Avira\Avira.OE.Systray.exe" [2015-03-16 129272]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
GoPro Importer.lnk - c:\program files (x86)\GoPro\Tools\Importer\GoPro Importer.exe [2014-12-17 3169792]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux6"=wdmaud.drv
.
R2 AddonsHelper;AddonsHelper;c:\users\Jürgen\AppData\Local\Temp\OCS\Downloads\fc14996dfa99adfc7baae624196888c5\3356edf7a88e475d88eac25e50bcafe7\AddonsHelper.exe;c:\users\Jürgen\AppData\Local\Temp\OCS\Downloads\fc14996dfa99adfc7baae624196888c5\3356edf7a88e475d88eac25e50bcafe7\AddonsHelper.exe [x]
R2 AntiVirMailService;Avira Email-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avmailc7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avmailc7.exe [x]
R2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [x]
R3 CM_VENDER_CMD;CM_VENDER_CMD;c:\program files\Common Files\Logitech\G430Install\CMVC64.sys;c:\program files\Common Files\Logitech\G430Install\CMVC64.sys [x]
R3 cpuz134;cpuz134;c:\users\JRGEN~1\AppData\Local\Temp\cpuz134\cpuz134_x64.sys;c:\users\JRGEN~1\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;d:\steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe;d:\steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys;SysWow64\drivers\AsUpIO.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe;c:\program files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [x]
S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe;c:\program files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe [x]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe [x]
S2 AsusFanControlService;AsusFanControlService;c:\program files (x86)\ASUS\AsusFanControlService\1.06.13\AsusFanControlService.exe;c:\program files (x86)\ASUS\AsusFanControlService\1.06.13\AsusFanControlService.exe [x]
S2 Avira.OE.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [x]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys;c:\windows\SYSNATIVE\DRIVERS\avnetflt.sys [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S3 ASUSFILTER;ASUSFILTER;SysWow64\drivers\ASUSFILTER.sys;SysWow64\drivers\ASUSFILTER.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 LADF_CaptureOnly;LADF Capture Filter Driver;c:\windows\system32\DRIVERS\ladfGSCamd64.sys;c:\windows\SYSNATIVE\DRIVERS\ladfGSCamd64.sys [x]
S3 LADF_RenderOnly;LADF Render Filter Driver;c:\windows\system32\DRIVERS\ladfGSRamd64.sys;c:\windows\SYSNATIVE\DRIVERS\ladfGSRamd64.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S4 IOMap;IOMap;c:\windows\system32\drivers\IOMap64.sys;c:\windows\SYSNATIVE\drivers\IOMap64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2015-04-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-17 13:55]
.
2015-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-01-22 09:52]
.
2015-04-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-01-22 09:52]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2014-10-15 14:31	357376	----a-w-	c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	185824	----a-w-	c:\users\Jürgen\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	185824	----a-w-	c:\users\Jürgen\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	185824	----a-w-	c:\users\Jürgen\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	185824	----a-w-	c:\users\Jürgen\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	185824	----a-w-	c:\users\Jürgen\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	185824	----a-w-	c:\users\Jürgen\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	185824	----a-w-	c:\users\Jürgen\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	185824	----a-w-	c:\users\Jürgen\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2014-09-29 7640944]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2014-05-19 3100440]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2015-02-26 13318424]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.firetab.org/?type=ds3nt
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube Download - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: {{c0e8ae32-0758-4c8d-ab71-23b361fe8964} - c:\users\JRGEN~1\AppData\Local\Temp\ie_script.htm
IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
TCP: DhcpNameServer = 192.168.2.1
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.17"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\ASUS\AI Suite III\USB 3.0 Boost\U3BoostSvr.exe
c:\program files (x86)\ASUS\AI Suite III\EZ Update\EzUpdt.exe
c:\program files (x86)\ASUS\AI Suite III\AISuite3.exe
c:\program files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe
c:\program files (x86)\ASUS\AI Suite III\Push Notice\PushNotifyServer.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\TeamViewer\TeamViewer_Service.exe
c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
c:\program files (x86)\Samsung\Samsung Magician\Samsung Magician.exe
c:\program files (x86)\avira\antivir desktop\ipmGui.exe
.
**************************************************************************
.
Completion time: 2015-04-22  11:23:41 - machine was rebooted
ComboFix-quarantined-files.txt  2015-04-22 09:23
.
Pre-Run: 60.456.861.696 bytes free
Post-Run: 60.046.192.640 bytes free
.
- - End Of File - - 54F7AEBDF4F76D56DB6952BB9828C1D1
A36C5E4F47E84449FF07ED3517B43A31
         
2 Fehlermeldungen: 1. nach Neustart 2. Nach Beenden des Scans




Alt 22.04.2015, 19:06   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Avira Funde: Somoto.hzis, ATRAPS.Gen, Synatix.isks, InstallCore.Gen7, DownlaodSponsor.Gen - System läuft ansonsten einwandfrei - Standard

Avira Funde: Somoto.hzis, ATRAPS.Gen, Synatix.isks, InstallCore.Gen7, DownlaodSponsor.Gen - System läuft ansonsten einwandfrei



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 22.04.2015, 20:02   #9
w1zz4rd
 
Avira Funde: Somoto.hzis, ATRAPS.Gen, Synatix.isks, InstallCore.Gen7, DownlaodSponsor.Gen - System läuft ansonsten einwandfrei - Standard

Avira Funde: Somoto.hzis, ATRAPS.Gen, Synatix.isks, InstallCore.Gen7, DownlaodSponsor.Gen - System läuft ansonsten einwandfrei



mbam.txt
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 22.04.2015
Suchlauf-Zeit: 19:35:29
Logdatei: Malwarebytes_log2.txt
Administrator: Ja

Version: 2.01.4.1018
Malware Datenbank: v2015.04.22.05
Rootkit Datenbank: v2015.04.21.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Jürgen

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 431237
Verstrichene Zeit: 6 Min, 47 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente gefunden)

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 0
(Keine schädliche Elemente gefunden)

Registrierungswerte: 0
(Keine schädliche Elemente gefunden)

Registrierungsdaten: 0
(Keine schädliche Elemente gefunden)

Ordner: 0
(Keine schädliche Elemente gefunden)

Dateien: 0
(Keine schädliche Elemente gefunden)

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)
         
AdwCleaner

Code:
ATTFilter
# AdwCleaner v4.201 - Logfile created 22/04/2015 at 19:44:16
# Updated 08/04/2015 by Xplode
# Database : 2015-04-08.1 [Local]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : Jürgen - JUERGEN
# Running from : C:\Users\Jürgen\Desktop\AdwCleaner_4.201.exe
# Option : Cleaning

***** [ Services ] *****

[#] Service Deleted : AddonsHelper

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\DNSErrorHelper
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
Folder Deleted : C:\Program Files (x86)\Coupons
Folder Deleted : C:\Users\Jürgen\AppData\Roaming\DesktopIconForAmazon
Folder Deleted : C:\Users\Jürgen\AppData\Roaming\OCS
File Deleted : C:\Windows\Reimage.ini

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [dnshelp@dnshelp.com]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL
Key Deleted : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine.1
Key Deleted : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{562B9316-C08A-444A-9482-62080DD851AE}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9B6B03F1-16CF-4491-BBBB-E872802DD717}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9B6B03F1-16CF-4491-BBBB-E872802DD717}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{721061FB-EB79-4568-A03C-3CE26D68DAE9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{721061fb-eb79-4568-a03c-3ce26d68dae9}
Key Deleted : HKCU\Software\OCS
Key Deleted : HKCU\Software\Reimage
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.0.0
Key Deleted : [x64] HKLM\SOFTWARE\Reimage
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DesktopIconAmazon
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\icq.com
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17728

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v


-\\ Google Chrome v42.0.2311.90


*************************

AdwCleaner[R0].txt - [1530 bytes] - [18/10/2014 15:05:19]
AdwCleaner[R1].txt - [4690 bytes] - [22/04/2015 19:43:40]
AdwCleaner[S0].txt - [1450 bytes] - [18/10/2014 15:06:28]
AdwCleaner[S1].txt - [4207 bytes] - [22/04/2015 19:44:16]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [4266  bytes] ##########
         
JRT

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.6.0 (04.20.2015:1)
OS: Windows 7 Professional x64
Ran by Jrgen on 22.04.2015 at 19:47:02,67
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\NVIDIA Update Core Service



~~~ Files

Successfully deleted: [File] C:\Windows\couponprinter.ocx



~~~ Folders





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 22.04.2015 at 19:48:07,22
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
FRST


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-04-2015 01
Ran by Jürgen (administrator) on JUERGEN on 22-04-2015 19:49:04
Running from C:\Users\Jürgen\Desktop
Loaded Profiles: Jürgen (Available profiles: Jürgen)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.06.13\AsusFanControlService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7640944 2014-09-29] (Realtek Semiconductor)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [13318424 2015-02-26] (Logitech Inc.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-02-21] (Intel Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [726320 2015-03-31] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GoPro Importer.lnk [2015-03-26]
ShortcutTarget: GoPro Importer.lnk -> C:\Program Files (x86)\GoPro\Tools\Importer\GoPro Importer.exe (GoPro)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jürgen\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jürgen\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jürgen\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jürgen\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jürgen\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jürgen\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jürgen\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jürgen\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jürgen\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jürgen\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jürgen\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jürgen\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jürgen\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jürgen\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jürgen\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jürgen\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-590260112-762417108-2990454751-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-590260112-762417108-2990454751-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22] (Hewlett-Packard Co.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22] (Hewlett-Packard Co.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\vzpxdbe4.default
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\vzpxdbe4.default\searchplugins\4c626cda-b015-4ea7-8185-fbdcf38c7362.xml [2014-10-31]
FF Extension: Segurança do navegador Avira - C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\vzpxdbe4.default\Extensions\abs@avira.com [2015-04-05]
FF Extension: No Name - C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\vzpxdbe4.default\Extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900} [2014-10-25]
FF Extension: Adblock Plus - C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\vzpxdbe4.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-10-17]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2015-03-15]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-10-21]
FF HKU\S-1-5-21-590260112-762417108-2990454751-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKU\S-1-5-21-590260112-762417108-2990454751-1000\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: No Name - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-10-25]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]

Chrome: 
=======
CHR Profile: C:\Users\Jürgen\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (ProxFlow) - C:\Users\Jürgen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek [2015-04-13]
CHR Extension: (Google Slides) - C:\Users\Jürgen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-22]
CHR Extension: (Google Docs) - C:\Users\Jürgen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-22]
CHR Extension: (Google Drive) - C:\Users\Jürgen\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-22]
CHR Extension: (YouTube) - C:\Users\Jürgen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-22]
CHR Extension: (Adblock Plus) - C:\Users\Jürgen\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-02-16]
CHR Extension: (Google Search) - C:\Users\Jürgen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-22]
CHR Extension: (Google Sheets) - C:\Users\Jürgen\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-22]
CHR Extension: (Avira Browser Safety) - C:\Users\Jürgen\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-01-22]
CHR Extension: (Bookmark Manager) - C:\Users\Jürgen\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-16]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Jürgen\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Google Wallet) - C:\Users\Jürgen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-22]
CHR Extension: (Amazon) - C:\Users\Jürgen\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocbnpbkmjpgbdcgiflkgkpnkinifpgpj [2015-01-26]
CHR Extension: (Gmail) - C:\Users\Jürgen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-22]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ocbnpbkmjpgbdcgiflkgkpnkinifpgpj] - C:\Users\Jürgen\ChromeExtensions\ocbnpbkmjpgbdcgiflkgkpnkinifpgpj\amazon-icon-2.crx [2014-10-18]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [815920 2015-03-23] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-03-23] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-03-23] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1004280 2015-03-31] (Avira Operations GmbH & Co. KG)
S2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [936728 2014-01-28] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe [954648 2014-01-28] (ASUSTeK Computer Inc.)
S2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe [1360016 2014-04-24] ()
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.06.13\AsusFanControlService.exe [384000 2014-08-04] (ASUSTeK Computer Inc.) [File not signed]
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)
S3 DAUpdaterSvc; D:\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe [25832 2015-04-21] (BioWare)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5426448 2014-12-15] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2014-01-28] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2014-02-24] ()
R3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-20] (MCCI Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-02-12] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-02-12] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-02-12] (Avira Operations GmbH & Co. KG)
S3 CM_VENDER_CMD; C:\Program Files\Common Files\Logitech\G430Install\CMVC64.sys [17104 2014-07-31] (Windows (R) Win 7 DDK provider)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-10-18] (Disc Soft Ltd)
R4 IOMap; C:\Windows\system32\drivers\IOMap64.sys [24824 2014-08-04] (ASUSTeK Computer Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52592 2014-10-16] (Cisco Systems, Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz134; \??\C:\Users\JRGEN~1\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-22 19:49 - 2015-04-22 19:49 - 00020008 _____ () C:\Users\Jürgen\Desktop\FRST.txt
2015-04-22 19:47 - 2015-04-22 19:47 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-JUERGEN-Windows-7-Professional-(64-bit).dat
2015-04-22 19:47 - 2015-04-22 19:47 - 00000000 ____D () C:\RegBackup
2015-04-22 19:34 - 2015-04-22 19:34 - 02685507 _____ (Thisisu) C:\Users\Jürgen\Desktop\JRT.exe
2015-04-22 19:34 - 2015-04-22 19:34 - 02217984 _____ () C:\Users\Jürgen\Desktop\AdwCleaner_4.201.exe
2015-04-22 19:31 - 2015-04-22 19:31 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-22 19:30 - 2015-04-22 19:30 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-04-22 19:30 - 2015-04-22 19:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-04-22 19:30 - 2015-04-22 19:30 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-04-22 19:30 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-22 19:30 - 2015-03-17 06:15 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-22 19:30 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-22 19:28 - 2015-04-22 19:28 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Jürgen\Downloads\mbam-setup-2.1.4.1018.exe
2015-04-22 13:49 - 2015-04-22 13:49 - 04636584 _____ (Avira Operations GmbH & Co. KG) C:\Users\Jürgen\Downloads\avira_de_av_55378ab3b7d4a__ws.exe
2015-04-22 13:25 - 2015-04-22 13:25 - 00029238 _____ () C:\Users\Jürgen\AppData\Local\recently-used.xbel
2015-04-22 11:41 - 2014-08-04 11:25 - 00024824 _____ (ASUSTeK Computer Inc.) C:\Windows\system32\Drivers\IOMap64.sys
2015-04-22 11:23 - 2015-04-22 11:23 - 00034242 _____ () C:\ComboFix.txt
2015-04-22 11:18 - 2015-04-22 11:23 - 00000000 ____D () C:\ComboFix
2015-04-22 11:13 - 2015-04-22 11:23 - 00000000 ____D () C:\Windows\erdnt
2015-04-22 11:13 - 2015-04-22 11:23 - 00000000 ____D () C:\Qoobox
2015-04-22 11:13 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-04-22 11:13 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-04-22 11:13 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-04-22 11:13 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-04-22 11:13 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-04-22 11:13 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2015-04-22 11:13 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2015-04-22 11:13 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2015-04-22 11:12 - 2015-04-22 11:11 - 05619466 ____R (Swearware) C:\Users\Jürgen\Desktop\ComboFix.exe
2015-04-22 11:11 - 2015-04-22 11:11 - 05619466 _____ (Swearware) C:\Users\Jürgen\Downloads\ComboFix.exe
2015-04-21 20:46 - 2015-04-21 20:46 - 00000000 ____D () C:\ProgramData\BioWare
2015-04-21 20:40 - 2015-04-21 20:40 - 00007820 _____ () C:\Users\Jürgen\Documents\DAO Ultimate Addins Updater.log
2015-04-21 20:40 - 2015-04-21 20:40 - 00000000 ____D () C:\Users\Jürgen\Documents\BioWare
2015-04-21 11:17 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-04-21 11:17 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-04-20 18:12 - 2015-04-22 19:44 - 00001848 _____ () C:\Windows\setupact.log
2015-04-20 18:12 - 2015-04-20 18:12 - 00000000 _____ () C:\Windows\setuperr.log
2015-04-20 18:02 - 2015-04-20 18:02 - 00380416 _____ () C:\Users\Jürgen\Downloads\Gmer-19357.exe
2015-04-20 18:01 - 2015-04-22 19:49 - 00000000 ____D () C:\FRST
2015-04-20 17:59 - 2015-04-20 17:59 - 02098176 _____ (Farbar) C:\Users\Jürgen\Downloads\FRST64.exe
2015-04-20 17:59 - 2015-04-20 17:59 - 02098176 _____ (Farbar) C:\Users\Jürgen\Desktop\FRST64.exe
2015-04-20 17:58 - 2015-04-20 17:58 - 00000168 _____ () C:\Users\Jürgen\defogger_reenable
2015-04-20 15:58 - 2015-04-20 15:58 - 01203488 _____ () C:\Users\Jürgen\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe
2015-04-20 15:33 - 2015-04-20 15:33 - 00001169 _____ () C:\Users\Jürgen\Desktop\Auslogics DiskDefrag.lnk
2015-04-20 15:33 - 2015-04-20 15:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
2015-04-20 15:33 - 2015-04-20 15:33 - 00000000 ____D () C:\Program Files (x86)\Auslogics
2015-04-20 15:32 - 2015-04-20 15:32 - 07213472 _____ (Auslogics Labs Pty Ltd ) C:\Users\Jürgen\Downloads\disk-defrag-setup.exe
2015-04-20 02:21 - 2015-04-20 02:21 - 00326669 _____ () C:\Users\Jürgen\Downloads\Channel Art Templates.zip
2015-04-19 23:16 - 2015-04-19 23:16 - 64677920 _____ (DVDVideoSoft Ltd. ) C:\Users\Jürgen\Downloads\FreeStudio (1).exe
2015-04-19 23:15 - 2015-04-19 23:16 - 64677920 _____ (DVDVideoSoft Ltd. ) C:\Users\Jürgen\Downloads\FreeStudio.exe
2015-04-16 22:27 - 2015-04-16 22:27 - 00000000 ____D () C:\Users\Jürgen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-04-16 22:27 - 2015-04-16 22:27 - 00000000 ____D () C:\ProgramData\Age of Empires 3
2015-04-15 17:52 - 2015-04-15 17:52 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-15 17:52 - 2015-04-15 17:52 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-15 10:58 - 2015-03-25 05:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-15 10:58 - 2015-03-25 05:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-15 10:58 - 2015-03-25 05:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-15 10:58 - 2015-03-25 05:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-15 10:58 - 2015-03-25 05:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-15 10:58 - 2015-03-25 05:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-15 10:58 - 2015-03-25 05:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-15 10:58 - 2015-03-25 05:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-15 10:58 - 2015-03-25 05:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-15 10:58 - 2015-03-25 05:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-15 10:58 - 2015-03-25 05:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-15 10:58 - 2015-03-25 05:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-15 10:58 - 2015-03-25 05:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-04-15 10:58 - 2015-03-25 05:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-04-15 10:58 - 2015-03-25 05:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-04-15 10:58 - 2015-03-25 05:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-15 10:58 - 2015-03-23 05:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-15 10:58 - 2015-03-23 05:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-15 10:58 - 2015-01-28 01:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-04-15 10:57 - 2015-04-02 02:17 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-15 10:57 - 2015-04-02 01:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-04-15 10:57 - 2015-03-23 05:25 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-15 10:57 - 2015-03-23 05:24 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-15 10:57 - 2015-03-23 05:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-15 10:57 - 2015-03-23 05:24 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-15 10:57 - 2015-03-23 05:24 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-15 10:57 - 2015-03-23 05:17 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-15 10:57 - 2015-03-17 07:22 - 05557696 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-15 10:57 - 2015-03-17 07:22 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-15 10:57 - 2015-03-17 07:22 - 00095672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-15 10:57 - 2015-03-17 07:19 - 01727904 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-15 10:57 - 2015-03-17 07:17 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-04-15 10:57 - 2015-03-17 07:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-15 10:57 - 2015-03-17 07:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-15 10:57 - 2015-03-17 07:16 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-15 10:57 - 2015-03-17 07:16 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-04-15 10:57 - 2015-03-17 07:16 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-15 10:57 - 2015-03-17 07:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-15 10:57 - 2015-03-17 07:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-04-15 10:57 - 2015-03-17 07:16 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-15 10:57 - 2015-03-17 07:16 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-15 10:57 - 2015-03-17 07:16 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-15 10:57 - 2015-03-17 07:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-15 10:57 - 2015-03-17 07:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-04-15 10:57 - 2015-03-17 07:16 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-15 10:57 - 2015-03-17 07:16 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-15 10:57 - 2015-03-17 07:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-15 10:57 - 2015-03-17 07:16 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-15 10:57 - 2015-03-17 07:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-15 10:57 - 2015-03-17 07:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-15 10:57 - 2015-03-17 07:16 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-15 10:57 - 2015-03-17 07:16 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-15 10:57 - 2015-03-17 07:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-15 10:57 - 2015-03-17 07:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-04-15 10:57 - 2015-03-17 07:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-04-15 10:57 - 2015-03-17 07:15 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-15 10:57 - 2015-03-17 07:15 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-15 10:57 - 2015-03-17 07:13 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-15 10:57 - 2015-03-17 07:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-15 10:57 - 2015-03-17 07:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-15 10:57 - 2015-03-17 07:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-15 10:57 - 2015-03-17 07:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 07:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 07:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-04-15 10:57 - 2015-03-17 07:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-04-15 10:57 - 2015-03-17 06:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-15 10:57 - 2015-03-17 06:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-04-15 10:57 - 2015-03-17 06:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-04-15 10:57 - 2015-03-17 06:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-04-15 10:57 - 2015-03-17 06:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-04-15 10:57 - 2015-03-17 06:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-04-15 10:57 - 2015-03-17 06:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-04-15 10:57 - 2015-03-17 06:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-04-15 10:57 - 2015-03-17 06:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-04-15 10:57 - 2015-03-17 06:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-04-15 10:57 - 2015-03-17 06:56 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-04-15 10:57 - 2015-03-17 06:56 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-04-15 10:57 - 2015-03-17 06:56 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-04-15 10:57 - 2015-03-17 06:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-04-15 10:57 - 2015-03-17 06:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-04-15 10:57 - 2015-03-17 06:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-04-15 10:57 - 2015-03-17 06:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-04-15 10:57 - 2015-03-17 06:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-04-15 10:57 - 2015-03-17 06:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-04-15 10:57 - 2015-03-17 06:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-04-15 10:57 - 2015-03-17 06:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-04-15 10:57 - 2015-03-17 06:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 06:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 05:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-04-15 10:57 - 2015-03-17 05:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-04-15 10:57 - 2015-03-17 05:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 05:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 05:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 05:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-04-15 10:57 - 2015-03-13 06:32 - 24980480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-15 10:57 - 2015-03-13 06:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-15 10:57 - 2015-03-13 06:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-04-15 10:57 - 2015-03-13 06:09 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-04-15 10:57 - 2015-03-13 06:08 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-15 10:57 - 2015-03-13 06:08 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-15 10:57 - 2015-03-13 06:08 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-04-15 10:57 - 2015-03-13 06:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-15 10:57 - 2015-03-13 06:06 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-04-15 10:57 - 2015-03-13 06:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-15 10:57 - 2015-03-13 05:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-04-15 10:57 - 2015-03-13 05:55 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-15 10:57 - 2015-03-13 05:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-15 10:57 - 2015-03-13 05:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-04-15 10:57 - 2015-03-13 05:53 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-04-15 10:57 - 2015-03-13 05:50 - 06025216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-15 10:57 - 2015-03-13 05:44 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-04-15 10:57 - 2015-03-13 05:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-15 10:57 - 2015-03-13 05:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-04-15 10:57 - 2015-03-13 05:40 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-15 10:57 - 2015-03-13 05:32 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-04-15 10:57 - 2015-03-13 05:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-15 10:57 - 2015-03-13 05:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-04-15 10:57 - 2015-03-13 05:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-04-15 10:57 - 2015-03-13 05:27 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-04-15 10:57 - 2015-03-13 05:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-04-15 10:57 - 2015-03-13 05:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-15 10:57 - 2015-03-13 05:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-04-15 10:57 - 2015-03-13 05:23 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-15 10:57 - 2015-03-13 05:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-15 10:57 - 2015-03-13 05:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-04-15 10:57 - 2015-03-13 05:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-04-15 10:57 - 2015-03-13 05:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-04-15 10:57 - 2015-03-13 05:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-04-15 10:57 - 2015-03-13 05:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-04-15 10:57 - 2015-03-13 05:08 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-15 10:57 - 2015-03-13 05:07 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-15 10:57 - 2015-03-13 05:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-04-15 10:57 - 2015-03-13 05:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-15 10:57 - 2015-03-13 05:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-04-15 10:57 - 2015-03-13 05:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-04-15 10:57 - 2015-03-13 05:00 - 14397440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-15 10:57 - 2015-03-13 04:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-04-15 10:57 - 2015-03-13 04:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-04-15 10:57 - 2015-03-13 04:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-04-15 10:57 - 2015-03-13 04:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-15 10:57 - 2015-03-13 04:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-15 10:57 - 2015-03-13 04:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-15 10:57 - 2015-03-13 04:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-04-15 10:57 - 2015-03-13 04:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-04-15 10:57 - 2015-03-13 04:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-15 10:57 - 2015-03-13 04:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-15 10:57 - 2015-03-13 04:22 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-15 10:57 - 2015-03-13 04:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-15 10:57 - 2015-03-13 04:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-15 10:57 - 2015-03-13 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-04-15 10:57 - 2015-03-10 05:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-15 10:57 - 2015-03-10 05:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-15 10:57 - 2015-03-10 05:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-04-15 10:57 - 2015-03-10 05:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-04-15 10:57 - 2015-03-05 07:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-15 10:57 - 2015-03-05 06:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-04-15 10:57 - 2015-03-04 06:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-15 10:57 - 2015-03-04 06:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-15 10:57 - 2015-03-04 06:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-15 10:57 - 2015-02-25 05:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-10 14:20 - 2015-04-10 14:20 - 00003184 _____ () C:\Windows\System32\Tasks\{8C9030C3-2F75-4CD1-953E-269020D7CAC5}
2015-04-06 16:05 - 2015-04-20 11:59 - 00001456 _____ () C:\Users\Jürgen\AppData\Local\Adobe Für Web speichern 13.0 Prefs
2015-04-05 18:26 - 2015-04-05 18:26 - 00001255 _____ () C:\Users\Jürgen\Desktop\GoPro Importer.lnk
2015-04-05 00:01 - 2015-04-05 00:01 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-05 00:01 - 2015-04-05 00:01 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-03 13:39 - 2015-04-22 19:28 - 00000000 ____D () C:\Users\Jürgen\AppData\Roaming\OBS
2015-04-03 13:39 - 2015-04-03 13:39 - 00000935 _____ () C:\Users\Jürgen\Desktop\Open Broadcaster Software.lnk
2015-04-03 13:39 - 2015-04-03 13:39 - 00000000 ____D () C:\Users\Jürgen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software
2015-04-03 13:39 - 2015-04-03 13:39 - 00000000 ____D () C:\Program Files\OBS
2015-04-03 13:39 - 2015-04-03 13:39 - 00000000 ____D () C:\Program Files (x86)\OBS
2015-03-31 18:35 - 2015-03-31 19:01 - 00000000 ____D () C:\Users\Jürgen\Documents\Outlook-Dateien
2015-03-28 16:41 - 2015-03-28 16:41 - 00000000 ____D () C:\Users\Jürgen\AppData\Roaming\Milestone
2015-03-26 16:18 - 2015-03-26 16:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GoPro

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-22 19:48 - 2014-10-17 08:19 - 01551515 _____ () C:\Windows\WindowsUpdate.log
2015-04-22 19:47 - 2009-07-14 06:45 - 00021808 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-22 19:47 - 2009-07-14 06:45 - 00021808 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-22 19:45 - 2015-01-22 11:52 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-22 19:44 - 2014-10-18 15:04 - 00000000 ____D () C:\AdwCleaner
2015-04-22 19:44 - 2010-11-21 05:47 - 00584382 _____ () C:\Windows\PFRO.log
2015-04-22 19:44 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-22 19:03 - 2015-01-22 11:52 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-22 18:55 - 2014-10-17 08:30 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-22 13:45 - 2014-11-13 18:12 - 00000000 ____D () C:\Users\Jürgen\.gimp-2.8
2015-04-22 12:54 - 2014-11-13 18:14 - 00000000 ____D () C:\Users\Jürgen\AppData\Local\gtk-2.0
2015-04-22 11:47 - 2009-07-14 07:13 - 00786622 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-22 11:23 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2015-04-22 11:22 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2015-04-22 00:41 - 2014-10-17 00:15 - 00000000 ____D () C:\Users\Jürgen\AppData\Roaming\vlc
2015-04-21 22:31 - 2011-04-12 10:28 - 00000000 ___RD () C:\Users\Public\Recorded TV
2015-04-21 20:43 - 2014-10-17 00:16 - 00000000 ____D () C:\Users\Jürgen\AppData\Roaming\MediaMonkey
2015-04-21 20:40 - 2014-10-18 14:59 - 00325279 _____ () C:\Windows\DirectX.log
2015-04-21 16:51 - 2014-11-27 18:56 - 00000000 ____D () C:\Users\Jürgen\AppData\Roaming\Dropbox
2015-04-21 16:30 - 2014-10-17 17:32 - 00000000 ____D () C:\Users\Jürgen\AppData\Local\JDownloader v2.0
2015-04-21 12:20 - 2014-10-16 23:41 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-04-21 12:18 - 2014-10-16 23:41 - 00000000 ____D () C:\ProgramData\Adobe
2015-04-21 12:13 - 2015-02-03 11:52 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2015-04-21 12:12 - 2015-02-03 13:19 - 00000000 ____D () C:\Program Files\Adobe
2015-04-21 11:24 - 2014-10-20 21:34 - 05132048 _____ () C:\Windows\PE_Rom.dll
2015-04-21 11:13 - 2014-10-17 08:30 - 00000000 ____D () C:\Users\Jürgen\AppData\Local\Adobe
2015-04-21 00:28 - 2015-03-09 03:27 - 00000000 ____D () C:\ProgramData\boost_interprocess
2015-04-20 22:57 - 2015-01-26 18:14 - 00009216 _____ () C:\My3DGraph.grf
2015-04-20 22:57 - 2015-01-26 18:14 - 00000000 ____D () C:\ProgramData\TEMP
2015-04-20 17:58 - 2014-10-17 08:19 - 00000000 ____D () C:\Users\Jürgen
2015-04-19 23:15 - 1601-01-01 02:00 - 34439568 _____ (DVDVideoSoft Ltd. ) C:\Users\Jürgen\Downloads\FreeYouTubeDownload.exe
2015-04-19 22:33 - 2014-10-17 18:22 - 00000869 _____ () C:\Users\Public\Desktop\CPUID CPU-Z.lnk
2015-04-18 02:34 - 2014-10-18 15:34 - 00000000 ____D () C:\Users\Jürgen\Documents\My Games
2015-04-18 00:21 - 2014-10-17 00:00 - 00000000 ____D () C:\Program Files (x86)\Trillian
2015-04-16 22:26 - 2014-10-24 23:44 - 00321452 _____ () C:\Windows\msxml4-KB973688-enu.LOG
2015-04-16 22:26 - 2014-10-22 21:11 - 00323832 _____ () C:\Windows\msxml4-KB954430-enu.LOG
2015-04-16 14:58 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-04-16 14:54 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\AppCompat
2015-04-15 15:55 - 2014-10-17 08:30 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-15 15:55 - 2014-10-17 08:30 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-15 15:55 - 2014-10-17 08:30 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-15 11:30 - 2014-10-17 18:18 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-15 11:30 - 2014-10-17 08:34 - 00778744 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-04-15 11:29 - 2014-10-17 17:15 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-15 11:26 - 2014-10-17 17:15 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-15 11:26 - 2009-07-14 04:34 - 00000513 _____ () C:\Windows\win.ini
2015-04-13 10:12 - 2015-02-10 17:26 - 00071168 ___SH () C:\Users\Public\Thumbs.db
2015-04-13 08:44 - 2014-11-27 18:58 - 00001019 _____ () C:\Users\Jürgen\Desktop\Dropbox.lnk
2015-04-13 08:44 - 2014-11-27 18:56 - 00000000 ____D () C:\Users\Jürgen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-04-13 06:48 - 2009-07-14 06:45 - 05008576 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-04-12 23:28 - 2014-10-16 23:43 - 00086136 _____ () C:\Users\Jürgen\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-12 23:24 - 2014-10-17 08:30 - 00000000 ____D () C:\Users\Jürgen\AppData\Roaming\Adobe
2015-04-10 14:20 - 2014-12-08 11:41 - 00000000 ____D () C:\Program Files (x86)\Cisco
2015-04-09 12:38 - 2014-12-19 19:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-04-09 12:38 - 2014-12-19 19:47 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-04-09 12:38 - 2014-10-16 23:35 - 00000000 ____D () C:\ProgramData\Package Cache
2015-04-08 04:25 - 2015-02-03 14:20 - 00000000 ____D () C:\Users\Jürgen\Documents\Adobe
2015-04-03 19:53 - 2009-07-14 06:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-04-01 23:59 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-03-26 16:18 - 2015-01-20 15:44 - 00001108 _____ () C:\Users\Jürgen\Desktop\GoPro Studio.lnk
2015-03-26 16:18 - 2015-01-20 15:44 - 00000000 ____D () C:\Program Files (x86)\GoPro
2015-03-26 16:18 - 2014-11-08 01:01 - 00026056 _____ () C:\Windows\DPINST.LOG
2015-03-25 19:03 - 2014-10-17 00:06 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2015-03-25 19:03 - 2014-10-17 00:06 - 00003127 _____ () C:\Windows\LkmdfCoInst.log
2015-03-23 15:59 - 2014-12-19 19:49 - 00000000 ____D () C:\Users\Jürgen\AppData\Roaming\Avira
2015-03-23 15:59 - 2014-12-19 19:47 - 00000000 ____D () C:\ProgramData\Avira

==================== Files in the root of some directories =======

2014-10-18 15:05 - 2014-10-18 15:05 - 0000287 _____ () C:\Users\Jürgen\AppData\Roaming\removeAllComponents.bat
2014-10-18 15:04 - 2014-10-18 15:04 - 0000135 _____ () C:\Users\Jürgen\AppData\Roaming\tmp_unregister.bat
2015-04-06 16:05 - 2015-04-20 11:59 - 0001456 _____ () C:\Users\Jürgen\AppData\Local\Adobe Für Web speichern 13.0 Prefs
2014-10-18 17:27 - 2014-10-30 01:30 - 1065984 _____ () C:\Users\Jürgen\AppData\Local\file__0.localstorage
2015-04-22 13:25 - 2015-04-22 13:25 - 0029238 _____ () C:\Users\Jürgen\AppData\Local\recently-used.xbel
2014-10-16 23:48 - 2014-10-16 23:48 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-10-21 21:20 - 2014-10-21 21:26 - 0001300 _____ () C:\ProgramData\hpzinstall.log

Some content of TEMP:
====================
C:\Users\Jürgen\AppData\Local\Temp\avgnt.exe
C:\Users\Jürgen\AppData\Local\Temp\Quarantine.exe
C:\Users\Jürgen\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-14 13:25

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-04-2015 01
Ran by Jürgen at 2015-04-22 19:49:24
Running from C:\Users\Jürgen\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 6.2.2 - Hewlett-Packard) Hidden
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AI Suite 3 (HKLM-x32\...\{CD36E28B-6023-469A-91E7-049A2874EC13}) (Version: 1.00.92 - ASUSTeK Computer Inc.)
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Auslogics DiskDefrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 5.4.0.0 - Auslogics Labs Pty Ltd)
Avira (HKLM-x32\...\{b5675cc4-ab8b-4945-8c1d-4c5479556d6a}) (Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.9.504 - Avira Operations GmbH & Co. KG)
B110 (x32 Version: 140.0.142.000 - Hewlett-Packard) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5143 - CDBurnerXP)
CPUID CPU-Z 1.72 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Destinations (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Dragon Age: Origins - Ultimate Edition (HKLM-x32\...\Steam App 47810) (Version:  - BioWare)
Dropbox (HKU\S-1-5-21-590260112-762417108-2990454751-1000\...\Dropbox) (Version: 3.4.3 - Dropbox, Inc.)
EndNote X7 (HKLM-x32\...\{86B3F2D6-AC2B-0017-8AE1-F2F77F781B0C}) (Version: 17.0.0.7072 - Thomson Reuters)
Eraser 6.2.0.2962 (HKLM\...\{C6E287F1-2E47-45F0-BB51-94F815CFFB48}) (Version: 6.2.2962 - The Eraser Project)
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Fraps (HKLM-x32\...\Fraps) (Version:  - )
Free Studio version 6.5.0.301 (HKLM-x32\...\Free Studio_is1) (Version: 6.5.0.301 - DVDVideoSoft Ltd.)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.90 - Google Inc.)
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
GoPro Studio 2.5.4 (HKLM-x32\...\GoPro Studio) (Version: 2.5.4 - GoPro, Inc.)
GoProCineFormDecoders 1.2.0 (HKLM-x32\...\GoProCineFormDecoders) (Version: 1.2.0 - CineForm, Inc & GoPro, Inc.)
GPBaseService2 (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden
Heaven Benchmark version 4.0 (HKLM-x32\...\Unigine Heaven Benchmark (Basic Edition)_is1) (Version: 4.0 - Unigine Corp.)
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)
HP Photosmart Wireless B110 All-In-One Driver Software 14.0 Rel. 7 (HKLM\...\{014E482A-0C27-47E3-BA82-307E9DCA2F47}) (Version: 14.0 - HP)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPAppStudio (x32 Version: 140.0.95.000 - Hewlett-Packard) Hidden
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden
HWiNFO64 Version 4.50 (HKLM\...\HWiNFO64_is1) (Version: 4.50 - Martin Malík - REALiX)
Intel(R) Chipset Device Software (x32 Version: 10.0.17 - Intel(R) Corporation) Hidden
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.1.41 - Intel Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
Logitech G430 Driver (HKLM-x32\...\G430_Driver) (Version: 8.53.0.2 - Logitech)
Logitech Gaming Software 8.58 (HKLM\...\Logitech Gaming Software) (Version: 8.58.177 - Logitech Inc.)
Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech)
Malwarebytes Anti-Malware version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
MediaMonkey 4.1 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-0081-0407-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MPC-HC 1.7.8 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.8 - MPC-HC Team)
MSI Afterburner 4.0.0 (HKLM-x32\...\Afterburner) (Version: 4.0.0 - MSI Co., LTD)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Network64 (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.4.5 - Notepad++ Team)
NVIDIA GeForce Experience 2.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
Origin90 (HKLM-x32\...\{685A89CB-DF27-42D6-A623-34F40DBBFFB2}) (Version: 9.00.00 - OriginLab Corporation)
PS_AIO_07_B110_SW_Min (x32 Version: 140.0.142.000 - Hewlett-Packard) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
QuickTransfer (x32 Version: 140.0.98.000 - Hewlett-Packard) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.87.529.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7354 - Realtek Semiconductor Corp.)
ResearchSoft Direct Export Helper (HKLM-x32\...\ResearchSoft Direct Export Helper) (Version:  - Thomson Reuters)
RivaTuner Statistics Server 6.2.0 (HKLM-x32\...\RTSS) (Version: 6.2.0 - Unwinder)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.5.1 - Samsung Electronics)
Samsung SSD 840 EVO Performance Restoration (HKLM-x32\...\{B4B18E77-4C37-46F2-BC38-9451E65C9AEC}_is1) (Version: 1.0 - Samsung Electronics)
Scan (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
SHIELD Streaming (Version: 3.1.100 - NVIDIA Corporation) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
SKTimeStamp (HKLM\...\{AAD52EF2-3EEB-489C-9F93-B0C1EC1D21A8}) (Version: 1.3.3 - Stefans Tools)
SmartWebPrinting (x32 Version: 140.0.186.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden
Status (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.36897 - TeamViewer)
Toolbox (x32 Version: 140.0.424.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Trillian (HKLM-x32\...\Trillian) (Version:  - Cerulean Studios, LLC)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WebReg (x32 Version: 140.0.212.017 - Hewlett-Packard) Hidden
Windows Driver Package - GoPro (WinUSB) Universal Serial Bus devices  (03/07/2012 ) (HKLM\...\0B624A43DD66DBF5CF3EDFA9741A364E688062A4) (Version: 03/07/2012  - GoPro)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.01 beta 1 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.1 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-590260112-762417108-2990454751-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Jürgen\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-590260112-762417108-2990454751-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Jürgen\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-590260112-762417108-2990454751-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jürgen\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-590260112-762417108-2990454751-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jürgen\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-590260112-762417108-2990454751-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jürgen\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-590260112-762417108-2990454751-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jürgen\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-590260112-762417108-2990454751-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jürgen\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-590260112-762417108-2990454751-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jürgen\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-590260112-762417108-2990454751-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jürgen\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-590260112-762417108-2990454751-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jürgen\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

==================== Restore Points  =========================

20-04-2015 22:10:11 Windows Update
21-04-2015 11:24:54 Windows Update
21-04-2015 12:18:26 Removed Adobe Photoshop Lightroom 5.7.1 64-bit.
21-04-2015 20:39:57 Installed DirectX
21-04-2015 20:40:12 Installed Microsoft Visual C++ 2005 Redistributable
22-04-2015 00:26:25 Removed Rosetta Stone TOTALe
22-04-2015 00:26:35 Removed Rosetta Stone Ltd Services

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2015-04-22 11:22 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {16E9EBE1-E70D-4172-BBE0-4177F82F21BC} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {1C567221-1164-409F-90C3-7BAF0A4974FA} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe [2014-09-28] (Samsung Electronics.)
Task: {21EBC57C-CA88-4370-8077-3E7128259A5F} - System32\Tasks\ASUS\i-Setup213143 => C:\Windows\Intel_Chipset_Win7-8-8-1_V10016\AsusSetup.exe [2013-09-09] (ASUSTeK Computer Inc.)
Task: {2256BD5F-7B6B-4222-82BA-EA55507D5BD6} - System32\Tasks\ASUS\USB 3.0 Boost Service => C:\Program Files (x86)\ASUS\AI Suite III\USB 3.0 Boost\U3BoostSvr.exe [2013-07-24] (ASUSTeK Computer Inc.)
Task: {2B3C6B06-3F74-4E11-A9EC-1E39921472A9} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
Task: {398B55C8-04CC-4E3B-B223-B630FDA16D67} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-22] (Google Inc.)
Task: {47008A7D-CFBD-401D-83CF-0B652C4509FC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-22] (Google Inc.)
Task: {65CF56DF-E590-4A12-ABBB-6D49EE960B7E} - System32\Tasks\ASUS\Ez Update => C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzUpdt.exe [2014-03-27] ()
Task: {73AFB716-D891-4133-8A45-A0FA71293DC7} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {74DB6AB8-0F05-4DA9-A14D-4605C7715737} - System32\Tasks\ASUS\i-Setup221351 => C:\Windows\hotfix\AsusSetup.exe [2013-09-09] (ASUSTeK Computer Inc.)
Task: {74F94B87-D88C-4A8D-85B2-055741781E12} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {7A9A998E-F7A8-41A1-9EB9-1A569E464A04} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {969B1E89-A2F0-4E36-93B5-A8D5A0DBF560} - System32\Tasks\ASUS\ASUS DIPAwayMode => C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe [2014-08-04] ()
Task: {9E173C3B-4FAC-4F91-9A27-E5C9D07EA700} - System32\Tasks\{8C9030C3-2F75-4CD1-953E-269020D7CAC5} => pcalua.exe -a "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\Uninstall.exe" -c -remove
Task: {9FA61605-04F4-4E25-BE2D-0FEB4C182358} - System32\Tasks\ASUS\ASUS AISuiteIII => C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe [2014-09-11] (ASUSTeK Computer Inc.)
Task: {B70804D3-67F3-4717-9950-772B1392AA0D} - System32\Tasks\ASUS\GpuFanHelper => C:\Program Files (x86)\ASUS\AI Suite III\DIP4\GpuFanHelper.exe [2014-08-04] (TODO: <Company name>)
Task: {BA2F8CA6-B21B-4EA1-AA48-C50CBF3BE92E} - System32\Tasks\ASUS\i-Setup221148 => C:\Windows\Intel_Chipset_Win7-8-8-1_V10016\AsusSetup.exe [2013-09-09] (ASUSTeK Computer Inc.)
Task: {BA43CE06-489D-4C28-AE68-6C435B7F119D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-15] (Adobe Systems Incorporated)
Task: {E970647F-791C-4FD6-96E8-44F3F1F95D71} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {FA89AB2E-85D5-4C4B-B384-464185B9EE5C} - System32\Tasks\ASUS\Push Notice Server Execute => C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNotifyServer.exe [2014-01-10] (ASUSTeK Computer Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2012-06-18 17:24 - 2012-06-18 17:24 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_05.dll
2014-10-18 12:57 - 2014-09-09 11:14 - 00091648 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Log4cxxWrapper.dll
2014-10-18 12:57 - 2014-09-09 11:14 - 00147456 _____ () C:\Program Files (x86)\ASUS\AI Suite III\AssistFunc.dll
2014-10-18 12:58 - 2014-08-04 18:31 - 04239360 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\dip4.dll
2014-10-18 12:58 - 2014-08-04 18:25 - 00091648 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\Log4cxxWrapper.dll
2014-10-18 12:57 - 2014-02-25 16:53 - 01138176 _____ () C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EasyUpdt.dll
2014-10-18 12:57 - 2014-09-09 11:14 - 00827392 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Version\Version.dll
2015-03-15 22:30 - 2014-08-04 11:25 - 00053248 _____ () C:\Program Files (x86)\ASUS\VGA COM\1.00.20\Exeio.dll
2015-03-15 22:30 - 2014-08-04 11:25 - 00278528 _____ () C:\Program Files (x86)\ASUS\VGA COM\1.00.20\Vender.dll
2014-10-18 12:57 - 2014-01-28 05:16 - 00662016 ____R () C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMLib.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:054203E4

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-590260112-762417108-2990454751-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Jürgen\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: Media is not connected to internet.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^CineForm Status.lnk => C:\Windows\pss\CineForm Status.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GoPro Importer.lnk => C:\Windows\pss\GoPro Importer.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: Cisco AnyConnect Secure Mobility Agent for Windows => "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: Eraser => "C:\Program Files\Eraser\Eraser.exe" /atRestart
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: ShadowPlay => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart

==================== Accounts: =============================

Administrator (S-1-5-21-590260112-762417108-2990454751-500 - Administrator - Disabled)
Guest (S-1-5-21-590260112-762417108-2990454751-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-590260112-762417108-2990454751-1006 - Limited - Enabled)
Jürgen (S-1-5-21-590260112-762417108-2990454751-1000 - Administrator - Enabled) => C:\Users\Jürgen

==================== Faulty Device Manager Devices =============

Name: Photosmart B110 series
Description: Photosmart B110 series
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: HP
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Realtek PCIe GBE Family Controller
Description: Realtek PCIe GBE Family Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: RTL8167
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Photosmart B110 series
Description: Photosmart B110 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/22/2015 07:44:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/22/2015 02:41:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DAOrigins.exe, version: 1.5.13263.0, time stamp: 0x4eb19d53
Faulting module name: DAOrigins.exe, version: 1.5.13263.0, time stamp: 0x4eb19d53
Exception code: 0xc0000005
Fault offset: 0x00470057
Faulting process id: 0xea8
Faulting application start time: 0xDAOrigins.exe0
Faulting application path: DAOrigins.exe1
Faulting module path: DAOrigins.exe2
Report Id: DAOrigins.exe3

Error: (04/22/2015 02:26:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DAOrigins.exe, version: 1.5.13263.0, time stamp: 0x4eb19d53
Faulting module name: DAOrigins.exe, version: 1.5.13263.0, time stamp: 0x4eb19d53
Exception code: 0xc0000005
Fault offset: 0x004697be
Faulting process id: 0x1bec
Faulting application start time: 0xDAOrigins.exe0
Faulting application path: DAOrigins.exe1
Faulting module path: DAOrigins.exe2
Report Id: DAOrigins.exe3

Error: (04/22/2015 11:40:58 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/22/2015 11:22:44 AM) (Source: Avira Antivirus) (EventID: 4122) (User: NT AUTHORITY)
Description: Die Datei AvShadow konnte nicht geladen werden. 
Fehlercode: 0x3fa

Error: (04/22/2015 11:22:40 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/22/2015 11:09:27 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/22/2015 00:26:58 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Eraser.exe, version: 6.2.0.2962, time stamp: 0x54b418b5
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18798, time stamp: 0x5507b87a
Exception code: 0xe0434352
Fault offset: 0x000000000001aaad
Faulting process id: 0x1590
Faulting application start time: 0xEraser.exe0
Faulting application path: Eraser.exe1
Faulting module path: Eraser.exe2
Report Id: Eraser.exe3

Error: (04/22/2015 00:26:58 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Eraser.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.InvalidOperationException
Stack:
   at System.Collections.Generic.List`1+Enumerator[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].MoveNextRare()
   at Eraser.SchedulerPanel..ctor()
   at Eraser.MainForm..ctor()
   at Eraser.Program.OnGUIInitInstance(System.Object, InitInstanceEventArgs)
   at Eraser.Program+GuiProgram.Run()
   at Eraser.Program.GUIMain(System.String[])
   at Eraser.Program.Main(System.String[])

Error: (04/22/2015 00:26:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Eraser.exe, version: 6.2.0.2962, time stamp: 0x54b418b5
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18798, time stamp: 0x5507b87a
Exception code: 0xe0434352
Fault offset: 0x000000000001aaad
Faulting process id: 0x1b4c
Faulting application start time: 0xEraser.exe0
Faulting application path: Eraser.exe1
Faulting module path: Eraser.exe2
Report Id: Eraser.exe3


System errors:
=============
Error: (04/22/2015 07:49:16 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Software Protection service, but this action failed with the following error: 
%%1056

Error: (04/22/2015 07:47:16 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Software Protection service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (04/22/2015 07:47:15 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (04/22/2015 07:47:15 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) Integrated Clock Controller Service - Intel(R) ICCS service terminated unexpectedly.  It has done this 1 time(s).

Error: (04/22/2015 07:47:15 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Avira Service Host service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (04/22/2015 07:47:15 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Streamer Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (04/22/2015 07:47:15 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Network Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (04/22/2015 07:47:15 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Dienst "Bonjour" service terminated unexpectedly.  It has done this 1 time(s).

Error: (04/22/2015 07:47:15 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The ASUS System Control Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (04/22/2015 07:47:15 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The ASUS Com Service service terminated unexpectedly.  It has done this 1 time(s).


Microsoft Office Sessions:
=========================
Error: (04/22/2015 07:44:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/22/2015 02:41:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: DAOrigins.exe1.5.13263.04eb19d53DAOrigins.exe1.5.13263.04eb19d53c000000500470057ea801d07cf78e4dfa62D:\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAOrigins.exeD:\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAOrigins.exee6a84c70-e8ec-11e4-a423-7824af45e1ab

Error: (04/22/2015 02:26:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: DAOrigins.exe1.5.13263.04eb19d53DAOrigins.exe1.5.13263.04eb19d53c0000005004697be1bec01d07cf57dd4900dD:\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAOrigins.exeD:\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAOrigins.exec423a188-e8ea-11e4-a423-7824af45e1ab

Error: (04/22/2015 11:40:58 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/22/2015 11:22:44 AM) (Source: Avira Antivirus) (EventID: 4122) (User: NT AUTHORITY)
Description: AvShadow0x3fa

Error: (04/22/2015 11:22:40 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/22/2015 11:09:27 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/22/2015 00:26:58 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Eraser.exe6.2.0.296254b418b5KERNELBASE.dll6.1.7601.187985507b87ae0434352000000000001aaad159001d07c8247ad3486C:\Program Files\Eraser\Eraser.exeC:\Windows\system32\KERNELBASE.dll859c65ee-e875-11e4-9849-7824af45e1ab

Error: (04/22/2015 00:26:58 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Eraser.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.InvalidOperationException
Stack:
   at System.Collections.Generic.List`1+Enumerator[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].MoveNextRare()
   at Eraser.SchedulerPanel..ctor()
   at Eraser.MainForm..ctor()
   at Eraser.Program.OnGUIInitInstance(System.Object, InitInstanceEventArgs)
   at Eraser.Program+GuiProgram.Run()
   at Eraser.Program.GUIMain(System.String[])
   at Eraser.Program.Main(System.String[])

Error: (04/22/2015 00:26:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Eraser.exe6.2.0.296254b418b5KERNELBASE.dll6.1.7601.187985507b87ae0434352000000000001aaad1b4c01d07c824136d828C:\Program Files\Eraser\Eraser.exeC:\Windows\system32\KERNELBASE.dll7fdaf225-e875-11e4-9849-7824af45e1ab


CodeIntegrity Errors:
===================================
  Date: 2015-04-22 11:21:39.573
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-04-22 11:21:39.557
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-4690K CPU @ 3.50GHz
Percentage of memory in use: 30%
Total physical RAM: 8134.07 MB
Available physical RAM: 5668.77 MB
Total Pagefile: 16266.33 MB
Available Pagefile: 13958.34 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:118.88 GB) (Free:55.16 GB) NTFS
Drive d: (Spiele) (Fixed) (Total:113.78 GB) (Free:62.96 GB) NTFS
Drive s: (Seagate) (Fixed) (Total:232.88 GB) (Free:146.88 GB) NTFS
Drive w: (Western) (Fixed) (Total:931.51 GB) (Free:148.45 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: BF1AB914)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 2D4EF20A)
Partition 1: (Active) - (Size=232.9 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         

Alt 23.04.2015, 14:45   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Avira Funde: Somoto.hzis, ATRAPS.Gen, Synatix.isks, InstallCore.Gen7, DownlaodSponsor.Gen - System läuft ansonsten einwandfrei - Standard

Avira Funde: Somoto.hzis, ATRAPS.Gen, Synatix.isks, InstallCore.Gen7, DownlaodSponsor.Gen - System läuft ansonsten einwandfrei




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 24.04.2015, 11:27   #11
w1zz4rd
 
Avira Funde: Somoto.hzis, ATRAPS.Gen, Synatix.isks, InstallCore.Gen7, DownlaodSponsor.Gen - System läuft ansonsten einwandfrei - Standard

Avira Funde: Somoto.hzis, ATRAPS.Gen, Synatix.isks, InstallCore.Gen7, DownlaodSponsor.Gen - System läuft ansonsten einwandfrei



ESET:

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=115587c1416ebf42b157e9d36883c7a2
# engine=23528
# end=stopped
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-04-23 05:40:29
# local_time=2015-04-23 07:40:29 (+0100, W. Europe Daylight Time)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 200302 181440679 0 0
# scanned=334
# found=0
# cleaned=0
# scan_time=13
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=115587c1416ebf42b157e9d36883c7a2
# engine=23528
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-04-23 06:18:13
# local_time=2015-04-23 08:18:13 (+0100, W. Europe Daylight Time)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 202566 181442943 0 0
# scanned=465182
# found=3
# cleaned=0
# scan_time=2155
sh=89756626B505B20424695A2ACFA5042D93D166F9 ft=1 fh=0ab825c614dbe0e0 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Jürgen\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe"
sh=E750C443A83F9B135B499E7917C5A93120384BB3 ft=1 fh=4eedbac881d1fc72 vn="Win32/DownWare.L evtl. unerwünschte Anwendung" ac=I fn="W:\Downloads\Treiber\DTLite4491-0356.exe"
sh=15C1D18080576FF75FB9144B97A1C0EF079EB544 ft=1 fh=d9fe321f16688176 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="W:\Downloads\Treiber\Logitech SetPoint 64 Bit - CHIP-Installer.exe"
         
Security Check:

Code:
ATTFilter
 Results of screen317's Security Check version 1.00  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Avira Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Adobe Flash Player 17.0.0.169  
 Adobe Reader XI  
 Google Chrome (41.0.2272.118) 
 Google Chrome (42.0.2311.90) 
````````Process Check: objlist.exe by Laurent````````  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 17% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
         
FRST:


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-04-2015 02
Ran by Jürgen (administrator) on JUERGEN on 24-04-2015 11:16:37
Running from C:\Users\Jürgen\Desktop
Loaded Profiles: Jürgen (Available profiles: Jürgen)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe
() C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzUpdt.exe
() C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNotifyServer.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
() C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe
() C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.06.13\AsusFanControlService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\USB 3.0 Boost\U3BoostSvr64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
() C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNoticeMonitor.exe
() C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNotify_PCCtrl.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Samsung Electronics.) C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe
() C:\Program Files (x86)\ASUS\AI Suite III\AsusMiniBar.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7640944 2014-09-29] (Realtek Semiconductor)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [13318424 2015-02-26] (Logitech Inc.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-02-21] (Intel Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [726320 2015-03-31] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GoPro Importer.lnk [2015-03-26]
ShortcutTarget: GoPro Importer.lnk -> C:\Program Files (x86)\GoPro\Tools\Importer\GoPro Importer.exe (GoPro)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jürgen\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jürgen\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jürgen\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jürgen\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jürgen\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jürgen\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jürgen\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jürgen\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jürgen\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jürgen\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jürgen\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jürgen\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jürgen\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jürgen\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jürgen\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jürgen\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-590260112-762417108-2990454751-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-590260112-762417108-2990454751-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22] (Hewlett-Packard Co.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22] (Hewlett-Packard Co.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\vzpxdbe4.default
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\vzpxdbe4.default\searchplugins\4c626cda-b015-4ea7-8185-fbdcf38c7362.xml [2014-10-31]
FF Extension: Avira Browser Safety - C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\vzpxdbe4.default\Extensions\abs@avira.com [2015-04-05]
FF Extension: Download videos and MP3s from YouTube - C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\vzpxdbe4.default\Extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900} [2014-10-25]
FF Extension: Adblock Plus - C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\vzpxdbe4.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-10-17]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2015-03-15]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-10-21]
FF HKU\S-1-5-21-590260112-762417108-2990454751-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKU\S-1-5-21-590260112-762417108-2990454751-1000\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-10-25]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]

Chrome: 
=======
CHR Profile: C:\Users\Jürgen\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (ProxFlow) - C:\Users\Jürgen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek [2015-04-13]
CHR Extension: (Google Slides) - C:\Users\Jürgen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-22]
CHR Extension: (Google Docs) - C:\Users\Jürgen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-22]
CHR Extension: (Google Drive) - C:\Users\Jürgen\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-22]
CHR Extension: (YouTube) - C:\Users\Jürgen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-22]
CHR Extension: (Adblock Plus) - C:\Users\Jürgen\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-02-16]
CHR Extension: (Google Search) - C:\Users\Jürgen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-22]
CHR Extension: (Google Sheets) - C:\Users\Jürgen\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-22]
CHR Extension: (Avira Browser Safety) - C:\Users\Jürgen\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-01-22]
CHR Extension: (Bookmark Manager) - C:\Users\Jürgen\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-16]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Jürgen\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Google Wallet) - C:\Users\Jürgen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-22]
CHR Extension: (Amazon) - C:\Users\Jürgen\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocbnpbkmjpgbdcgiflkgkpnkinifpgpj [2015-01-26]
CHR Extension: (Gmail) - C:\Users\Jürgen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-22]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ocbnpbkmjpgbdcgiflkgkpnkinifpgpj] - C:\Users\Jürgen\ChromeExtensions\ocbnpbkmjpgbdcgiflkgkpnkinifpgpj\amazon-icon-2.crx [2014-10-18]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [815920 2015-03-23] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-03-23] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-03-23] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1004280 2015-03-31] (Avira Operations GmbH & Co. KG)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [936728 2014-01-28] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe [954648 2014-01-28] (ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe [1360016 2014-04-24] ()
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.06.13\AsusFanControlService.exe [384000 2014-08-04] (ASUSTeK Computer Inc.) [File not signed]
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)
S3 DAUpdaterSvc; D:\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe [25832 2015-04-21] (BioWare)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5426448 2014-12-15] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2014-01-28] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2014-02-24] ()
R3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-20] (MCCI Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-02-12] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-02-12] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-02-12] (Avira Operations GmbH & Co. KG)
S3 CM_VENDER_CMD; C:\Program Files\Common Files\Logitech\G430Install\CMVC64.sys [17104 2014-07-31] (Windows (R) Win 7 DDK provider)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-10-18] (Disc Soft Ltd)
R4 IOMap; C:\Windows\system32\drivers\IOMap64.sys [24824 2014-08-04] (ASUSTeK Computer Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52592 2014-10-16] (Cisco Systems, Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz134; \??\C:\Users\JRGEN~1\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-24 11:16 - 2015-04-24 11:16 - 00022076 _____ () C:\Users\Jürgen\Desktop\FRST.txt
2015-04-24 11:16 - 2015-04-24 11:16 - 00000000 ____D () C:\Users\Jürgen\Desktop\FRST-OlderVersion
2015-04-23 19:39 - 2015-04-23 19:39 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-04-23 19:38 - 2015-04-23 19:38 - 00852616 _____ () C:\Users\Jürgen\Desktop\SecurityCheck.exe
2015-04-23 19:36 - 2015-04-23 19:37 - 02347384 _____ (ESET) C:\Users\Jürgen\Desktop\esetsmartinstaller_deu.exe
2015-04-23 17:36 - 2015-04-23 17:36 - 00031689 _____ () C:\Users\Jürgen\AppData\Local\recently-used.xbel
2015-04-22 19:47 - 2015-04-22 19:47 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-JUERGEN-Windows-7-Professional-(64-bit).dat
2015-04-22 19:47 - 2015-04-22 19:47 - 00000000 ____D () C:\RegBackup
2015-04-22 19:34 - 2015-04-22 19:34 - 02217984 _____ () C:\Users\Jürgen\Desktop\AdwCleaner_4.201.exe
2015-04-22 19:31 - 2015-04-22 19:55 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-22 19:30 - 2015-04-22 19:30 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-04-22 19:30 - 2015-04-22 19:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-04-22 19:30 - 2015-04-22 19:30 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-04-22 19:30 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-22 19:30 - 2015-03-17 06:15 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-22 19:30 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-22 19:28 - 2015-04-22 19:28 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Jürgen\Downloads\mbam-setup-2.1.4.1018.exe
2015-04-22 13:49 - 2015-04-22 13:49 - 04636584 _____ (Avira Operations GmbH & Co. KG) C:\Users\Jürgen\Downloads\avira_de_av_55378ab3b7d4a__ws.exe
2015-04-22 11:41 - 2014-08-04 11:25 - 00024824 _____ (ASUSTeK Computer Inc.) C:\Windows\system32\Drivers\IOMap64.sys
2015-04-22 11:23 - 2015-04-22 11:23 - 00034242 _____ () C:\ComboFix.txt
2015-04-22 11:18 - 2015-04-22 11:23 - 00000000 ____D () C:\ComboFix
2015-04-22 11:13 - 2015-04-22 11:23 - 00000000 ____D () C:\Windows\erdnt
2015-04-22 11:13 - 2015-04-22 11:23 - 00000000 ____D () C:\Qoobox
2015-04-22 11:13 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-04-22 11:13 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-04-22 11:13 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-04-22 11:13 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-04-22 11:13 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-04-22 11:13 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2015-04-22 11:13 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2015-04-22 11:13 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2015-04-22 11:11 - 2015-04-22 11:11 - 05619466 _____ (Swearware) C:\Users\Jürgen\Downloads\ComboFix.exe
2015-04-21 20:46 - 2015-04-21 20:46 - 00000000 ____D () C:\ProgramData\BioWare
2015-04-21 20:40 - 2015-04-21 20:40 - 00007820 _____ () C:\Users\Jürgen\Documents\DAO Ultimate Addins Updater.log
2015-04-21 20:40 - 2015-04-21 20:40 - 00000000 ____D () C:\Users\Jürgen\Documents\BioWare
2015-04-21 11:17 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-04-21 11:17 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-04-20 18:12 - 2015-04-24 11:08 - 00002352 _____ () C:\Windows\setupact.log
2015-04-20 18:12 - 2015-04-20 18:12 - 00000000 _____ () C:\Windows\setuperr.log
2015-04-20 18:02 - 2015-04-20 18:02 - 00380416 _____ () C:\Users\Jürgen\Downloads\Gmer-19357.exe
2015-04-20 18:01 - 2015-04-24 11:16 - 00000000 ____D () C:\FRST
2015-04-20 17:59 - 2015-04-24 11:16 - 02099712 _____ (Farbar) C:\Users\Jürgen\Desktop\FRST64.exe
2015-04-20 17:59 - 2015-04-20 17:59 - 02098176 _____ (Farbar) C:\Users\Jürgen\Downloads\FRST64.exe
2015-04-20 17:58 - 2015-04-20 17:58 - 00000168 _____ () C:\Users\Jürgen\defogger_reenable
2015-04-20 15:58 - 2015-04-20 15:58 - 01203488 _____ () C:\Users\Jürgen\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe
2015-04-20 15:33 - 2015-04-20 15:33 - 00001169 _____ () C:\Users\Jürgen\Desktop\Auslogics DiskDefrag.lnk
2015-04-20 15:33 - 2015-04-20 15:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
2015-04-20 15:33 - 2015-04-20 15:33 - 00000000 ____D () C:\Program Files (x86)\Auslogics
2015-04-20 15:32 - 2015-04-20 15:32 - 07213472 _____ (Auslogics Labs Pty Ltd ) C:\Users\Jürgen\Downloads\disk-defrag-setup.exe
2015-04-20 02:21 - 2015-04-20 02:21 - 00326669 _____ () C:\Users\Jürgen\Downloads\Channel Art Templates.zip
2015-04-19 23:16 - 2015-04-19 23:16 - 64677920 _____ (DVDVideoSoft Ltd. ) C:\Users\Jürgen\Downloads\FreeStudio (1).exe
2015-04-19 23:15 - 2015-04-19 23:16 - 64677920 _____ (DVDVideoSoft Ltd. ) C:\Users\Jürgen\Downloads\FreeStudio.exe
2015-04-16 22:27 - 2015-04-16 22:27 - 00000000 ____D () C:\Users\Jürgen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-04-16 22:27 - 2015-04-16 22:27 - 00000000 ____D () C:\ProgramData\Age of Empires 3
2015-04-15 17:52 - 2015-04-15 17:52 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-15 17:52 - 2015-04-15 17:52 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-15 10:58 - 2015-03-25 05:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-15 10:58 - 2015-03-25 05:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-15 10:58 - 2015-03-25 05:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-15 10:58 - 2015-03-25 05:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-15 10:58 - 2015-03-25 05:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-15 10:58 - 2015-03-25 05:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-15 10:58 - 2015-03-25 05:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-15 10:58 - 2015-03-25 05:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-15 10:58 - 2015-03-25 05:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-15 10:58 - 2015-03-25 05:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-15 10:58 - 2015-03-25 05:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-15 10:58 - 2015-03-25 05:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-15 10:58 - 2015-03-25 05:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-04-15 10:58 - 2015-03-25 05:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-04-15 10:58 - 2015-03-25 05:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-04-15 10:58 - 2015-03-25 05:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-15 10:58 - 2015-03-23 05:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-15 10:58 - 2015-03-23 05:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-15 10:58 - 2015-01-28 01:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-04-15 10:57 - 2015-04-02 02:17 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-15 10:57 - 2015-04-02 01:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-04-15 10:57 - 2015-03-23 05:25 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-15 10:57 - 2015-03-23 05:24 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-15 10:57 - 2015-03-23 05:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-15 10:57 - 2015-03-23 05:24 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-15 10:57 - 2015-03-23 05:24 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-15 10:57 - 2015-03-23 05:17 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-15 10:57 - 2015-03-17 07:22 - 05557696 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-15 10:57 - 2015-03-17 07:22 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-15 10:57 - 2015-03-17 07:22 - 00095672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-15 10:57 - 2015-03-17 07:19 - 01727904 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-15 10:57 - 2015-03-17 07:17 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-04-15 10:57 - 2015-03-17 07:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-15 10:57 - 2015-03-17 07:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-15 10:57 - 2015-03-17 07:16 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-15 10:57 - 2015-03-17 07:16 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-04-15 10:57 - 2015-03-17 07:16 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-15 10:57 - 2015-03-17 07:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-15 10:57 - 2015-03-17 07:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-04-15 10:57 - 2015-03-17 07:16 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-15 10:57 - 2015-03-17 07:16 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-15 10:57 - 2015-03-17 07:16 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-15 10:57 - 2015-03-17 07:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-15 10:57 - 2015-03-17 07:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-04-15 10:57 - 2015-03-17 07:16 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-15 10:57 - 2015-03-17 07:16 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-15 10:57 - 2015-03-17 07:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-15 10:57 - 2015-03-17 07:16 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-15 10:57 - 2015-03-17 07:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-15 10:57 - 2015-03-17 07:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-15 10:57 - 2015-03-17 07:16 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-15 10:57 - 2015-03-17 07:16 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-15 10:57 - 2015-03-17 07:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-15 10:57 - 2015-03-17 07:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-04-15 10:57 - 2015-03-17 07:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-04-15 10:57 - 2015-03-17 07:15 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-15 10:57 - 2015-03-17 07:15 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-15 10:57 - 2015-03-17 07:13 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-15 10:57 - 2015-03-17 07:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-15 10:57 - 2015-03-17 07:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-15 10:57 - 2015-03-17 07:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-15 10:57 - 2015-03-17 07:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 07:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 07:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-04-15 10:57 - 2015-03-17 07:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-04-15 10:57 - 2015-03-17 06:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-15 10:57 - 2015-03-17 06:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-04-15 10:57 - 2015-03-17 06:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-04-15 10:57 - 2015-03-17 06:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-04-15 10:57 - 2015-03-17 06:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-04-15 10:57 - 2015-03-17 06:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-04-15 10:57 - 2015-03-17 06:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-04-15 10:57 - 2015-03-17 06:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-04-15 10:57 - 2015-03-17 06:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-04-15 10:57 - 2015-03-17 06:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-04-15 10:57 - 2015-03-17 06:56 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-04-15 10:57 - 2015-03-17 06:56 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-04-15 10:57 - 2015-03-17 06:56 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-04-15 10:57 - 2015-03-17 06:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-04-15 10:57 - 2015-03-17 06:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-04-15 10:57 - 2015-03-17 06:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-04-15 10:57 - 2015-03-17 06:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-04-15 10:57 - 2015-03-17 06:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-04-15 10:57 - 2015-03-17 06:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-04-15 10:57 - 2015-03-17 06:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-04-15 10:57 - 2015-03-17 06:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-04-15 10:57 - 2015-03-17 06:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 06:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 05:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-04-15 10:57 - 2015-03-17 05:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-04-15 10:57 - 2015-03-17 05:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 05:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 05:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-04-15 10:57 - 2015-03-17 05:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-04-15 10:57 - 2015-03-13 06:32 - 24980480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-15 10:57 - 2015-03-13 06:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-15 10:57 - 2015-03-13 06:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-04-15 10:57 - 2015-03-13 06:09 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-04-15 10:57 - 2015-03-13 06:08 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-15 10:57 - 2015-03-13 06:08 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-15 10:57 - 2015-03-13 06:08 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-04-15 10:57 - 2015-03-13 06:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-15 10:57 - 2015-03-13 06:06 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-04-15 10:57 - 2015-03-13 06:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-15 10:57 - 2015-03-13 05:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-04-15 10:57 - 2015-03-13 05:55 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-15 10:57 - 2015-03-13 05:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-15 10:57 - 2015-03-13 05:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-04-15 10:57 - 2015-03-13 05:53 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-04-15 10:57 - 2015-03-13 05:50 - 06025216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-15 10:57 - 2015-03-13 05:44 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-04-15 10:57 - 2015-03-13 05:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-15 10:57 - 2015-03-13 05:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-04-15 10:57 - 2015-03-13 05:40 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-15 10:57 - 2015-03-13 05:32 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-04-15 10:57 - 2015-03-13 05:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-15 10:57 - 2015-03-13 05:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-04-15 10:57 - 2015-03-13 05:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-04-15 10:57 - 2015-03-13 05:27 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-04-15 10:57 - 2015-03-13 05:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-04-15 10:57 - 2015-03-13 05:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-15 10:57 - 2015-03-13 05:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-04-15 10:57 - 2015-03-13 05:23 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-15 10:57 - 2015-03-13 05:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-15 10:57 - 2015-03-13 05:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-04-15 10:57 - 2015-03-13 05:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-04-15 10:57 - 2015-03-13 05:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-04-15 10:57 - 2015-03-13 05:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-04-15 10:57 - 2015-03-13 05:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-04-15 10:57 - 2015-03-13 05:08 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-15 10:57 - 2015-03-13 05:07 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-15 10:57 - 2015-03-13 05:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-04-15 10:57 - 2015-03-13 05:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-15 10:57 - 2015-03-13 05:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-04-15 10:57 - 2015-03-13 05:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-04-15 10:57 - 2015-03-13 05:00 - 14397440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-15 10:57 - 2015-03-13 04:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-04-15 10:57 - 2015-03-13 04:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-04-15 10:57 - 2015-03-13 04:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-04-15 10:57 - 2015-03-13 04:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-15 10:57 - 2015-03-13 04:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-15 10:57 - 2015-03-13 04:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-15 10:57 - 2015-03-13 04:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-04-15 10:57 - 2015-03-13 04:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-04-15 10:57 - 2015-03-13 04:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-15 10:57 - 2015-03-13 04:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-15 10:57 - 2015-03-13 04:22 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-15 10:57 - 2015-03-13 04:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-15 10:57 - 2015-03-13 04:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-15 10:57 - 2015-03-13 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-04-15 10:57 - 2015-03-10 05:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-15 10:57 - 2015-03-10 05:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-15 10:57 - 2015-03-10 05:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-04-15 10:57 - 2015-03-10 05:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-04-15 10:57 - 2015-03-05 07:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-15 10:57 - 2015-03-05 06:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-04-15 10:57 - 2015-03-04 06:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-15 10:57 - 2015-03-04 06:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-15 10:57 - 2015-03-04 06:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-15 10:57 - 2015-02-25 05:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-10 14:20 - 2015-04-10 14:20 - 00003184 _____ () C:\Windows\System32\Tasks\{8C9030C3-2F75-4CD1-953E-269020D7CAC5}
2015-04-06 16:05 - 2015-04-20 11:59 - 00001456 _____ () C:\Users\Jürgen\AppData\Local\Adobe Für Web speichern 13.0 Prefs
2015-04-05 18:26 - 2015-04-05 18:26 - 00001255 _____ () C:\Users\Jürgen\Desktop\GoPro Importer.lnk
2015-04-05 00:01 - 2015-04-05 00:01 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-05 00:01 - 2015-04-05 00:01 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-03 13:39 - 2015-04-23 19:38 - 00000000 ____D () C:\Users\Jürgen\AppData\Roaming\OBS
2015-04-03 13:39 - 2015-04-03 13:39 - 00000935 _____ () C:\Users\Jürgen\Desktop\Open Broadcaster Software.lnk
2015-04-03 13:39 - 2015-04-03 13:39 - 00000000 ____D () C:\Users\Jürgen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software
2015-04-03 13:39 - 2015-04-03 13:39 - 00000000 ____D () C:\Program Files\OBS
2015-04-03 13:39 - 2015-04-03 13:39 - 00000000 ____D () C:\Program Files (x86)\OBS
2015-03-31 18:35 - 2015-03-31 19:01 - 00000000 ____D () C:\Users\Jürgen\Documents\Outlook-Dateien
2015-03-28 16:41 - 2015-03-28 16:41 - 00000000 ____D () C:\Users\Jürgen\AppData\Roaming\Milestone
2015-03-26 16:18 - 2015-03-26 16:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GoPro

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-24 11:16 - 2009-07-14 06:45 - 00021808 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-24 11:16 - 2009-07-14 06:45 - 00021808 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-24 11:15 - 2009-07-14 07:13 - 00786622 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-24 11:13 - 2014-10-17 08:19 - 01611536 _____ () C:\Windows\WindowsUpdate.log
2015-04-24 11:09 - 2015-01-22 11:52 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-24 11:08 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-24 03:18 - 2014-10-17 00:00 - 00000000 ____D () C:\Program Files (x86)\Trillian
2015-04-24 03:03 - 2015-01-22 11:52 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-24 02:55 - 2014-10-17 08:30 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-23 19:36 - 2014-10-17 00:16 - 00000000 ____D () C:\Users\Jürgen\AppData\Roaming\MediaMonkey
2015-04-23 17:36 - 2014-11-13 18:12 - 00000000 ____D () C:\Users\Jürgen\.gimp-2.8
2015-04-23 17:35 - 2014-11-13 18:14 - 00000000 ____D () C:\Users\Jürgen\AppData\Local\gtk-2.0
2015-04-23 17:28 - 2014-10-17 17:32 - 00000000 ____D () C:\Users\Jürgen\AppData\Local\JDownloader v2.0
2015-04-22 19:44 - 2014-10-18 15:04 - 00000000 ____D () C:\AdwCleaner
2015-04-22 19:44 - 2010-11-21 05:47 - 00584382 _____ () C:\Windows\PFRO.log
2015-04-22 11:23 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2015-04-22 11:22 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2015-04-22 00:41 - 2014-10-17 00:15 - 00000000 ____D () C:\Users\Jürgen\AppData\Roaming\vlc
2015-04-21 22:31 - 2011-04-12 10:28 - 00000000 ___RD () C:\Users\Public\Recorded TV
2015-04-21 20:40 - 2014-10-18 14:59 - 00325279 _____ () C:\Windows\DirectX.log
2015-04-21 16:51 - 2014-11-27 18:56 - 00000000 ____D () C:\Users\Jürgen\AppData\Roaming\Dropbox
2015-04-21 12:20 - 2014-10-16 23:41 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-04-21 12:18 - 2014-10-16 23:41 - 00000000 ____D () C:\ProgramData\Adobe
2015-04-21 12:13 - 2015-02-03 11:52 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2015-04-21 12:12 - 2015-02-03 13:19 - 00000000 ____D () C:\Program Files\Adobe
2015-04-21 11:24 - 2014-10-20 21:34 - 05132048 _____ () C:\Windows\PE_Rom.dll
2015-04-21 11:13 - 2014-10-17 08:30 - 00000000 ____D () C:\Users\Jürgen\AppData\Local\Adobe
2015-04-21 00:28 - 2015-03-09 03:27 - 00000000 ____D () C:\ProgramData\boost_interprocess
2015-04-20 22:57 - 2015-01-26 18:14 - 00009216 _____ () C:\My3DGraph.grf
2015-04-20 22:57 - 2015-01-26 18:14 - 00000000 ____D () C:\ProgramData\TEMP
2015-04-20 17:58 - 2014-10-17 08:19 - 00000000 ____D () C:\Users\Jürgen
2015-04-19 23:15 - 1601-01-01 02:00 - 34439568 _____ (DVDVideoSoft Ltd. ) C:\Users\Jürgen\Downloads\FreeYouTubeDownload.exe
2015-04-19 22:33 - 2014-10-17 18:22 - 00000869 _____ () C:\Users\Public\Desktop\CPUID CPU-Z.lnk
2015-04-18 02:34 - 2014-10-18 15:34 - 00000000 ____D () C:\Users\Jürgen\Documents\My Games
2015-04-16 22:26 - 2014-10-24 23:44 - 00321452 _____ () C:\Windows\msxml4-KB973688-enu.LOG
2015-04-16 22:26 - 2014-10-22 21:11 - 00323832 _____ () C:\Windows\msxml4-KB954430-enu.LOG
2015-04-16 14:58 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-04-16 14:54 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\AppCompat
2015-04-15 15:55 - 2014-10-17 08:30 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-15 15:55 - 2014-10-17 08:30 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-15 15:55 - 2014-10-17 08:30 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-15 11:30 - 2014-10-17 18:18 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-15 11:30 - 2014-10-17 08:34 - 00778744 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-04-15 11:29 - 2014-10-17 17:15 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-15 11:26 - 2014-10-17 17:15 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-15 11:26 - 2009-07-14 04:34 - 00000513 _____ () C:\Windows\win.ini
2015-04-13 10:12 - 2015-02-10 17:26 - 00071168 ___SH () C:\Users\Public\Thumbs.db
2015-04-13 08:44 - 2014-11-27 18:58 - 00001019 _____ () C:\Users\Jürgen\Desktop\Dropbox.lnk
2015-04-13 08:44 - 2014-11-27 18:56 - 00000000 ____D () C:\Users\Jürgen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-04-13 06:48 - 2009-07-14 06:45 - 05008576 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-04-12 23:28 - 2014-10-16 23:43 - 00086136 _____ () C:\Users\Jürgen\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-12 23:24 - 2014-10-17 08:30 - 00000000 ____D () C:\Users\Jürgen\AppData\Roaming\Adobe
2015-04-10 14:20 - 2014-12-08 11:41 - 00000000 ____D () C:\Program Files (x86)\Cisco
2015-04-09 12:38 - 2014-12-19 19:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-04-09 12:38 - 2014-12-19 19:47 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-04-09 12:38 - 2014-10-16 23:35 - 00000000 ____D () C:\ProgramData\Package Cache
2015-04-08 04:25 - 2015-02-03 14:20 - 00000000 ____D () C:\Users\Jürgen\Documents\Adobe
2015-04-03 19:53 - 2009-07-14 06:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-04-01 23:59 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-03-26 16:18 - 2015-01-20 15:44 - 00001108 _____ () C:\Users\Jürgen\Desktop\GoPro Studio.lnk
2015-03-26 16:18 - 2015-01-20 15:44 - 00000000 ____D () C:\Program Files (x86)\GoPro
2015-03-26 16:18 - 2014-11-08 01:01 - 00026056 _____ () C:\Windows\DPINST.LOG
2015-03-25 19:03 - 2014-10-17 00:06 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2015-03-25 19:03 - 2014-10-17 00:06 - 00003127 _____ () C:\Windows\LkmdfCoInst.log

==================== Files in the root of some directories =======

2014-10-18 15:05 - 2014-10-18 15:05 - 0000287 _____ () C:\Users\Jürgen\AppData\Roaming\removeAllComponents.bat
2014-10-18 15:04 - 2014-10-18 15:04 - 0000135 _____ () C:\Users\Jürgen\AppData\Roaming\tmp_unregister.bat
2015-04-06 16:05 - 2015-04-20 11:59 - 0001456 _____ () C:\Users\Jürgen\AppData\Local\Adobe Für Web speichern 13.0 Prefs
2014-10-18 17:27 - 2014-10-30 01:30 - 1065984 _____ () C:\Users\Jürgen\AppData\Local\file__0.localstorage
2015-04-23 17:36 - 2015-04-23 17:36 - 0031689 _____ () C:\Users\Jürgen\AppData\Local\recently-used.xbel
2014-10-16 23:48 - 2014-10-16 23:48 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-10-21 21:20 - 2014-10-21 21:26 - 0001300 _____ () C:\ProgramData\hpzinstall.log

Some content of TEMP:
====================
C:\Users\Jürgen\AppData\Local\Temp\avgnt.exe
C:\Users\Jürgen\AppData\Local\Temp\proxy_vole6140825046175449585.dll
C:\Users\Jürgen\AppData\Local\Temp\Quarantine.exe
C:\Users\Jürgen\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-14 13:25

==================== End Of Log ============================
         
--- --- ---


Addition:

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-04-2015 02
Ran by Jürgen at 2015-04-24 11:16:59
Running from C:\Users\Jürgen\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-590260112-762417108-2990454751-500 - Administrator - Disabled)
Guest (S-1-5-21-590260112-762417108-2990454751-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-590260112-762417108-2990454751-1006 - Limited - Enabled)
Jürgen (S-1-5-21-590260112-762417108-2990454751-1000 - Administrator - Enabled) => C:\Users\Jürgen

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 6.2.2 - Hewlett-Packard) Hidden
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AI Suite 3 (HKLM-x32\...\{CD36E28B-6023-469A-91E7-049A2874EC13}) (Version: 1.00.92 - ASUSTeK Computer Inc.)
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Auslogics DiskDefrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 5.4.0.0 - Auslogics Labs Pty Ltd)
Avira (HKLM-x32\...\{b5675cc4-ab8b-4945-8c1d-4c5479556d6a}) (Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.9.504 - Avira Operations GmbH & Co. KG)
B110 (x32 Version: 140.0.142.000 - Hewlett-Packard) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5143 - CDBurnerXP)
CPUID CPU-Z 1.72 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Destinations (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Dragon Age: Origins - Ultimate Edition (HKLM-x32\...\Steam App 47810) (Version:  - BioWare)
Dropbox (HKU\S-1-5-21-590260112-762417108-2990454751-1000\...\Dropbox) (Version: 3.4.3 - Dropbox, Inc.)
EndNote X7 (HKLM-x32\...\{86B3F2D6-AC2B-0017-8AE1-F2F77F781B0C}) (Version: 17.0.0.7072 - Thomson Reuters)
Eraser 6.2.0.2962 (HKLM\...\{C6E287F1-2E47-45F0-BB51-94F815CFFB48}) (Version: 6.2.2962 - The Eraser Project)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Fraps (HKLM-x32\...\Fraps) (Version:  - )
Free Studio version 6.5.0.301 (HKLM-x32\...\Free Studio_is1) (Version: 6.5.0.301 - DVDVideoSoft Ltd.)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.90 - Google Inc.)
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
GoPro Studio 2.5.4 (HKLM-x32\...\GoPro Studio) (Version: 2.5.4 - GoPro, Inc.)
GoProCineFormDecoders 1.2.0 (HKLM-x32\...\GoProCineFormDecoders) (Version: 1.2.0 - CineForm, Inc & GoPro, Inc.)
GPBaseService2 (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden
Heaven Benchmark version 4.0 (HKLM-x32\...\Unigine Heaven Benchmark (Basic Edition)_is1) (Version: 4.0 - Unigine Corp.)
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)
HP Photosmart Wireless B110 All-In-One Driver Software 14.0 Rel. 7 (HKLM\...\{014E482A-0C27-47E3-BA82-307E9DCA2F47}) (Version: 14.0 - HP)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPAppStudio (x32 Version: 140.0.95.000 - Hewlett-Packard) Hidden
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden
HWiNFO64 Version 4.50 (HKLM\...\HWiNFO64_is1) (Version: 4.50 - Martin Malík - REALiX)
Intel(R) Chipset Device Software (x32 Version: 10.0.17 - Intel(R) Corporation) Hidden
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.1.41 - Intel Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
Logitech G430 Driver (HKLM-x32\...\G430_Driver) (Version: 8.53.0.2 - Logitech)
Logitech Gaming Software 8.58 (HKLM\...\Logitech Gaming Software) (Version: 8.58.177 - Logitech Inc.)
Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech)
Malwarebytes Anti-Malware version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
MediaMonkey 4.1 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-0081-0407-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MPC-HC 1.7.8 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.8 - MPC-HC Team)
MSI Afterburner 4.0.0 (HKLM-x32\...\Afterburner) (Version: 4.0.0 - MSI Co., LTD)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Network64 (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.4.5 - Notepad++ Team)
NVIDIA GeForce Experience 2.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
Origin90 (HKLM-x32\...\{685A89CB-DF27-42D6-A623-34F40DBBFFB2}) (Version: 9.00.00 - OriginLab Corporation)
PS_AIO_07_B110_SW_Min (x32 Version: 140.0.142.000 - Hewlett-Packard) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
QuickTransfer (x32 Version: 140.0.98.000 - Hewlett-Packard) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.87.529.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7354 - Realtek Semiconductor Corp.)
ResearchSoft Direct Export Helper (HKLM-x32\...\ResearchSoft Direct Export Helper) (Version:  - Thomson Reuters)
RivaTuner Statistics Server 6.2.0 (HKLM-x32\...\RTSS) (Version: 6.2.0 - Unwinder)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.5.1 - Samsung Electronics)
Samsung SSD 840 EVO Performance Restoration (HKLM-x32\...\{B4B18E77-4C37-46F2-BC38-9451E65C9AEC}_is1) (Version: 1.0 - Samsung Electronics)
Scan (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
SHIELD Streaming (Version: 3.1.100 - NVIDIA Corporation) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
SKTimeStamp (HKLM\...\{AAD52EF2-3EEB-489C-9F93-B0C1EC1D21A8}) (Version: 1.3.3 - Stefans Tools)
SmartWebPrinting (x32 Version: 140.0.186.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden
Status (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.36897 - TeamViewer)
Toolbox (x32 Version: 140.0.424.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Trillian (HKLM-x32\...\Trillian) (Version:  - Cerulean Studios, LLC)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WebReg (x32 Version: 140.0.212.017 - Hewlett-Packard) Hidden
Windows Driver Package - GoPro (WinUSB) Universal Serial Bus devices  (03/07/2012 ) (HKLM\...\0B624A43DD66DBF5CF3EDFA9741A364E688062A4) (Version: 03/07/2012  - GoPro)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.01 beta 1 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.1 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-590260112-762417108-2990454751-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Jürgen\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-590260112-762417108-2990454751-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Jürgen\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-590260112-762417108-2990454751-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jürgen\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-590260112-762417108-2990454751-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jürgen\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-590260112-762417108-2990454751-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jürgen\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-590260112-762417108-2990454751-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jürgen\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-590260112-762417108-2990454751-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jürgen\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-590260112-762417108-2990454751-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jürgen\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-590260112-762417108-2990454751-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jürgen\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-590260112-762417108-2990454751-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jürgen\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

==================== Restore Points  =========================

20-04-2015 22:10:11 Windows Update
21-04-2015 11:24:54 Windows Update
21-04-2015 12:18:26 Removed Adobe Photoshop Lightroom 5.7.1 64-bit.
21-04-2015 20:39:57 Installed DirectX
21-04-2015 20:40:12 Installed Microsoft Visual C++ 2005 Redistributable
22-04-2015 00:26:25 Removed Rosetta Stone TOTALe
22-04-2015 00:26:35 Removed Rosetta Stone Ltd Services

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2015-04-22 11:22 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {16E9EBE1-E70D-4172-BBE0-4177F82F21BC} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {1C567221-1164-409F-90C3-7BAF0A4974FA} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe [2014-09-28] (Samsung Electronics.)
Task: {21EBC57C-CA88-4370-8077-3E7128259A5F} - System32\Tasks\ASUS\i-Setup213143 => C:\Windows\Intel_Chipset_Win7-8-8-1_V10016\AsusSetup.exe [2013-09-09] (ASUSTeK Computer Inc.)
Task: {2256BD5F-7B6B-4222-82BA-EA55507D5BD6} - System32\Tasks\ASUS\USB 3.0 Boost Service => C:\Program Files (x86)\ASUS\AI Suite III\USB 3.0 Boost\U3BoostSvr.exe [2013-07-24] (ASUSTeK Computer Inc.)
Task: {2B3C6B06-3F74-4E11-A9EC-1E39921472A9} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
Task: {398B55C8-04CC-4E3B-B223-B630FDA16D67} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-22] (Google Inc.)
Task: {47008A7D-CFBD-401D-83CF-0B652C4509FC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-22] (Google Inc.)
Task: {65CF56DF-E590-4A12-ABBB-6D49EE960B7E} - System32\Tasks\ASUS\Ez Update => C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzUpdt.exe [2014-03-27] ()
Task: {73AFB716-D891-4133-8A45-A0FA71293DC7} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {74DB6AB8-0F05-4DA9-A14D-4605C7715737} - System32\Tasks\ASUS\i-Setup221351 => C:\Windows\hotfix\AsusSetup.exe [2013-09-09] (ASUSTeK Computer Inc.)
Task: {74F94B87-D88C-4A8D-85B2-055741781E12} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {7A9A998E-F7A8-41A1-9EB9-1A569E464A04} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {969B1E89-A2F0-4E36-93B5-A8D5A0DBF560} - System32\Tasks\ASUS\ASUS DIPAwayMode => C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe [2014-08-04] ()
Task: {9E173C3B-4FAC-4F91-9A27-E5C9D07EA700} - System32\Tasks\{8C9030C3-2F75-4CD1-953E-269020D7CAC5} => pcalua.exe -a "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\Uninstall.exe" -c -remove
Task: {9FA61605-04F4-4E25-BE2D-0FEB4C182358} - System32\Tasks\ASUS\ASUS AISuiteIII => C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe [2014-09-11] (ASUSTeK Computer Inc.)
Task: {B70804D3-67F3-4717-9950-772B1392AA0D} - System32\Tasks\ASUS\GpuFanHelper => C:\Program Files (x86)\ASUS\AI Suite III\DIP4\GpuFanHelper.exe [2014-08-04] (TODO: <Company name>)
Task: {BA2F8CA6-B21B-4EA1-AA48-C50CBF3BE92E} - System32\Tasks\ASUS\i-Setup221148 => C:\Windows\Intel_Chipset_Win7-8-8-1_V10016\AsusSetup.exe [2013-09-09] (ASUSTeK Computer Inc.)
Task: {BA43CE06-489D-4C28-AE68-6C435B7F119D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-15] (Adobe Systems Incorporated)
Task: {E970647F-791C-4FD6-96E8-44F3F1F95D71} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {FA89AB2E-85D5-4C4B-B384-464185B9EE5C} - System32\Tasks\ASUS\Push Notice Server Execute => C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNotifyServer.exe [2014-01-10] (ASUSTeK Computer Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2012-06-18 17:24 - 2012-06-18 17:24 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_05.dll
2014-10-18 12:57 - 2014-03-27 19:33 - 01430328 _____ () C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzUpdt.exe
2014-10-18 12:58 - 2014-08-04 20:21 - 01271096 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe
2014-01-28 05:16 - 2014-01-28 05:16 - 00936728 ____R () C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
2014-09-18 09:23 - 2014-09-18 09:23 - 00866584 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2015-02-26 20:39 - 2015-02-26 20:39 - 01050904 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2014-09-18 09:23 - 2014-09-18 09:23 - 00059160 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2015-02-26 20:39 - 2015-02-26 20:39 - 00242456 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2014-10-20 22:16 - 2014-04-24 08:29 - 01360016 _____ () C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe
2014-10-18 12:58 - 2014-04-11 09:53 - 01045304 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNoticeMonitor.exe
2014-10-18 12:58 - 2014-04-11 10:53 - 00037176 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNotify_PCCtrl.exe
2014-10-18 12:57 - 2014-09-09 11:14 - 00947512 _____ () C:\Program Files (x86)\ASUS\AI Suite III\ASUSMiniBar.exe
2014-10-18 12:57 - 2014-09-09 11:14 - 00091648 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Log4cxxWrapper.dll
2014-10-18 12:57 - 2014-09-09 11:14 - 00147456 _____ () C:\Program Files (x86)\ASUS\AI Suite III\AssistFunc.dll
2014-10-18 12:58 - 2014-08-04 18:31 - 04239360 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\dip4.dll
2014-10-18 12:58 - 2014-08-04 18:25 - 00091648 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\Log4cxxWrapper.dll
2014-10-18 12:57 - 2014-02-25 16:53 - 01138176 _____ () C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EasyUpdt.dll
2014-10-18 12:57 - 2014-09-09 11:14 - 00827392 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Version\Version.dll
2015-03-15 22:30 - 2014-08-04 11:25 - 00053248 _____ () C:\Program Files (x86)\ASUS\VGA COM\1.00.20\Exeio.dll
2015-03-15 22:30 - 2014-08-04 11:25 - 00278528 _____ () C:\Program Files (x86)\ASUS\VGA COM\1.00.20\Vender.dll
2014-10-18 12:57 - 2014-01-28 05:16 - 00662016 ____R () C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMLib.dll
2014-10-18 12:57 - 2014-03-27 19:32 - 05778096 _____ () C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzULIB.dll
2014-10-18 12:57 - 2014-02-24 17:49 - 00208896 _____ () C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\ImageHelper.dll
2014-10-18 12:58 - 2014-08-04 18:25 - 00711680 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4DIGIPowerControlAction.dll
2014-10-18 12:58 - 2014-08-04 18:25 - 00856576 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4EpuAction.dll
2014-10-18 12:58 - 2014-08-04 18:25 - 00803840 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4FanAction.dll
2014-10-18 12:58 - 2014-08-04 18:25 - 00807936 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4TurboVEVOAction.dll
2014-10-18 12:58 - 2014-08-04 18:25 - 00010240 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\IccHelper.dll
2014-10-18 12:57 - 2015-04-24 11:08 - 00034960 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\PEbiosinterface32.dll
2014-10-18 12:57 - 2014-01-28 05:16 - 00104448 ____R () C:\Program Files (x86)\ASUS\AXSP\1.02.00\ATKEX.dll
2014-10-18 12:58 - 2013-11-20 10:10 - 00662016 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\aaHMLib.dll
2014-10-18 12:58 - 2013-07-02 10:40 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\pngio.dll
2014-10-16 23:43 - 2014-09-28 18:59 - 00019872 _____ () C:\Program Files (x86)\Samsung\Samsung Magician\SAMSUNG_SSD.dll
2014-10-18 12:58 - 2014-08-04 18:25 - 00743424 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\EPU.dll
2014-10-18 12:58 - 2014-08-04 18:25 - 00908288 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\FAN.dll
2014-10-18 12:58 - 2014-04-10 15:23 - 00643584 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNoticeMiniMsg.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:054203E4

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-590260112-762417108-2990454751-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Jürgen\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^CineForm Status.lnk => C:\Windows\pss\CineForm Status.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GoPro Importer.lnk => C:\Windows\pss\GoPro Importer.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: Cisco AnyConnect Secure Mobility Agent for Windows => "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: Eraser => "C:\Program Files\Eraser\Eraser.exe" /atRestart
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: ShadowPlay => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart

==================== Faulty Device Manager Devices =============

Name: Photosmart B110 series
Description: Photosmart B110 series
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: HP
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Photosmart B110 series
Description: Photosmart B110 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/24/2015 11:10:08 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (04/24/2015 11:08:58 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/24/2015 00:52:53 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4339527

Error: (04/24/2015 00:52:53 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4339527

Error: (04/24/2015 00:52:53 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/23/2015 08:29:13 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (04/23/2015 07:40:47 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (04/23/2015 07:40:46 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (04/23/2015 07:39:13 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (04/23/2015 07:39:12 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.


System errors:
=============
Error: (04/24/2015 11:09:54 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (04/23/2015 00:23:57 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (04/23/2015 10:04:17 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (04/22/2015 07:49:16 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Software Protection service, but this action failed with the following error: 
%%1056

Error: (04/22/2015 07:47:16 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Software Protection service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (04/22/2015 07:47:15 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (04/22/2015 07:47:15 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) Integrated Clock Controller Service - Intel(R) ICCS service terminated unexpectedly.  It has done this 1 time(s).

Error: (04/22/2015 07:47:15 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Avira Service Host service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (04/22/2015 07:47:15 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Streamer Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (04/22/2015 07:47:15 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Network Service service terminated unexpectedly.  It has done this 1 time(s).


Microsoft Office Sessions:
=========================
Error: (04/24/2015 11:10:08 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (04/24/2015 11:08:58 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/24/2015 00:52:53 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4339527

Error: (04/24/2015 00:52:53 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4339527

Error: (04/24/2015 00:52:53 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/23/2015 08:29:13 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (04/23/2015 07:40:47 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Jürgen\Desktop\esetsmartinstaller_deu.exe

Error: (04/23/2015 07:40:46 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Jürgen\Desktop\esetsmartinstaller_deu.exe

Error: (04/23/2015 07:39:13 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Jürgen\Desktop\esetsmartinstaller_deu.exe

Error: (04/23/2015 07:39:12 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Jürgen\Desktop\esetsmartinstaller_deu.exe


CodeIntegrity Errors:
===================================
  Date: 2015-04-22 11:21:39.573
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-04-22 11:21:39.557
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-4690K CPU @ 3.50GHz
Percentage of memory in use: 23%
Total physical RAM: 8134.07 MB
Available physical RAM: 6192.67 MB
Total Pagefile: 16266.33 MB
Available Pagefile: 13941.71 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:118.88 GB) (Free:52.41 GB) NTFS
Drive d: (Spiele) (Fixed) (Total:113.78 GB) (Free:62.96 GB) NTFS
Drive s: (Seagate) (Fixed) (Total:232.88 GB) (Free:146.88 GB) NTFS
Drive w: (Western) (Fixed) (Total:931.51 GB) (Free:146.5 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: BF1AB914)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 2D4EF20A)
Partition 1: (Active) - (Size=232.9 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
Also ich hab keine Probleme, wie vorher. Eset hat wohl "Anti Malware Malware Scanner - CHIP-Installer.exe", "DTLite4491-0356.exe" und "Logitech SetPoint 64 Bit - CHIP-Installer.exe" als unerwünschte Software erkannt weil dort während der Installation Werbung kommt. Mal sehn ob AntiVir noch Funde meldet bei einem Scan. (= ursprüngliches Problem)

By the Way die Funde liegen noch in der Quarantäne. Was soll ich damit machen?


Alt 24.04.2015, 16:44   #12
schrauber
/// the machine
/// TB-Ausbilder
 

Avira Funde: Somoto.hzis, ATRAPS.Gen, Synatix.isks, InstallCore.Gen7, DownlaodSponsor.Gen - System läuft ansonsten einwandfrei - Standard

Avira Funde: Somoto.hzis, ATRAPS.Gen, Synatix.isks, InstallCore.Gen7, DownlaodSponsor.Gen - System läuft ansonsten einwandfrei



Kannste dort lassen oder löschen

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
C:\Users\Jürgen\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe

W:\Downloads\Treiber\DTLite4491-0356.exe

W:\Downloads\Treiber\Logitech SetPoint 64 Bit - CHIP-Installer.exe
Emptytemp:
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.





Und hör auf bei Chip zu laden:
CHIP-Installer - was ist das? - Anleitungen



Cleanup:
(Die Reihenfolge ist hier entscheidend)

Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken.

Falls Combofix verwendet wurde:
Combofix deinstallieren
  • Wichtig: Bitte Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.
  • Drücke bitte die + R Taste und schreibe Combofix /Uninstall in das Ausführen-Fenster.
  • Klicke auf OK.
    Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert.
  • Nun die eben deaktivierten Programme wieder aktivieren.

Alle Logs gepostet? Dann lade Dir bitte DelFix herunter.
  • Schließe alle offenen Programme.
  • Starte die delfix.exe mit einem Doppelklick.
  • Setze vor jede Funktion ein Häkchen.
  • Klicke auf Start.

Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...und/oder das Forum mit einer kleinen Spende unterstützen.


Absicherung:
Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen:

Browser
Java
Flash-Player
PDF-Reader

Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.
Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen.

Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.

Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank.
Meine Empfehlung:

Emsisoft

Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen.

Optional:
NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen.
Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.


Lade Software von einem sauberen Portal wie .
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner .


Abschließend noch ein paar grundsätzliche Bemerkungen:
Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems.
Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 24.04.2015, 18:47   #13
w1zz4rd
 
Avira Funde: Somoto.hzis, ATRAPS.Gen, Synatix.isks, InstallCore.Gen7, DownlaodSponsor.Gen - System läuft ansonsten einwandfrei - Standard

Avira Funde: Somoto.hzis, ATRAPS.Gen, Synatix.isks, InstallCore.Gen7, DownlaodSponsor.Gen - System läuft ansonsten einwandfrei



Hab ausversehn Delfix schon ausgeführt. daher hat er die
Fixlog.txt gelöscht. DIe Genannten 3 Programme wurden aber entfernt, habe reingeschaut..

AntiVir hat auch nichts mehr gefunden. Vielen Dank für die sehr kompetente Hilfe!
Ich werde die Tipps berücksichtigen

Delfix.txt

Code:
ATTFilter
# DelFix v10.9 - Logfile created 24/04/2015 at 18:39:59
# Updated 27/02/2015 by Xplode
# Username : Jürgen - JUERGEN
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)

~ Activating UAC ... OK

~ Removing disinfection tools ...

Deleted : C:\Qoobox
Deleted : C:\Combofix
Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\ComboFix.txt
Deleted : C:\Users\Jürgen\Desktop\AdwCleaner_4.201.exe
Deleted : C:\Users\Jürgen\Desktop\esetsmartinstaller_deu.exe
Deleted : C:\Users\Jürgen\Desktop\Fixlog.txt
Deleted : C:\Users\Jürgen\Desktop\FRST64.exe
Deleted : C:\Users\Jürgen\Desktop\SecurityCheck.exe
Deleted : C:\Users\Jürgen\Downloads\ComboFix.exe
Deleted : C:\Users\Jürgen\Downloads\FRST64.exe
Deleted : C:\Windows\grep.exe
Deleted : C:\Windows\PEV.exe
Deleted : C:\Windows\NIRCMD.exe
Deleted : C:\Windows\MBR.exe
Deleted : C:\Windows\SED.exe
Deleted : C:\Windows\SWREG.exe
Deleted : C:\Windows\SWSC.exe
Deleted : C:\Windows\SWXCACLS.exe
Deleted : C:\Windows\Zip.exe
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SOFTWARE\Swearware
Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #158 [Removed Adobe Photoshop Lightroom 5.7.1 64-bit. | 04/21/2015 10:18:26]
Deleted : RP #159 [Installed DirectX | 04/21/2015 18:39:57]
Deleted : RP #160 [Installed Microsoft Visual C++ 2005 Redistributable | 04/21/2015 18:40:12]
Deleted : RP #161 [Removed Rosetta Stone TOTALe | 04/21/2015 22:26:25]
Deleted : RP #162 [Removed Rosetta Stone Ltd Services | 04/21/2015 22:26:35]
Deleted : RP #163 [Windows Update | 04/24/2015 12:48:36]

New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########
         

Alt 25.04.2015, 15:51   #14
schrauber
/// the machine
/// TB-Ausbilder
 

Avira Funde: Somoto.hzis, ATRAPS.Gen, Synatix.isks, InstallCore.Gen7, DownlaodSponsor.Gen - System läuft ansonsten einwandfrei - Standard

Avira Funde: Somoto.hzis, ATRAPS.Gen, Synatix.isks, InstallCore.Gen7, DownlaodSponsor.Gen - System läuft ansonsten einwandfrei



Gern Geschehen
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Avira Funde: Somoto.hzis, ATRAPS.Gen, Synatix.isks, InstallCore.Gen7, DownlaodSponsor.Gen - System läuft ansonsten einwandfrei
adware, antivir, avira, bonjour, browser, desktop, dllhost.exe, dnsapi.dll, error, flash player, google, homepage, installcore.gen7, internet, launch, mozilla, programm, prozesse, pua/installcore.gen, realtek, registry, rundll, security, services.exe, software, svchost.exe, system, warnung, windows, wuauclt.exe



Ähnliche Themen: Avira Funde: Somoto.hzis, ATRAPS.Gen, Synatix.isks, InstallCore.Gen7, DownlaodSponsor.Gen - System läuft ansonsten einwandfrei


  1. installcore.gen7
    Plagegeister aller Art und deren Bekämpfung - 19.03.2015 (15)
  2. Fund ADWARE/InstallCore.Gen7
    Log-Analyse und Auswertung - 02.02.2015 (9)
  3. Windows 7: ADWARE/InstallCore.Gen7 mit Avira gefunden
    Log-Analyse und Auswertung - 02.02.2015 (9)
  4. ADWARE/InstallCore.Gen7 nach Avira-Scan gefunden
    Plagegeister aller Art und deren Bekämpfung - 13.12.2014 (10)
  5. ADWARE/InstallCore.Gen7 gefunden Win 8
    Plagegeister aller Art und deren Bekämpfung - 27.11.2014 (11)
  6. Avira Fund - ADWARE/InstallCore.Gen7
    Plagegeister aller Art und deren Bekämpfung - 16.11.2014 (5)
  7. ADWARE/InstallCore.Gen7 --> fund nach systemscan mit avira antivir!
    Log-Analyse und Auswertung - 24.10.2014 (9)
  8. APPL/Somoto.hzis mit Antivir gefunden
    Plagegeister aller Art und deren Bekämpfung - 16.10.2014 (9)
  9. Windows 7: Malware ADWARE/InstallCore.Gen7 mit Avira gefunden
    Log-Analyse und Auswertung - 27.05.2014 (13)
  10. 3 Funde von Avira (TR/Waledac.2544821, TR/Crypt.XPAC.gen7, TR/Ransom.5990154)
    Plagegeister aller Art und deren Bekämpfung - 02.03.2014 (9)
  11. ADWARE/InstallCore.Gen7 Malware
    Plagegeister aller Art und deren Bekämpfung - 08.02.2014 (15)
  12. Avira-Maleware-Fund "Adware/InstallCore.Gen7" habe mit FRST_32 logfile erstellt
    Log-Analyse und Auswertung - 01.10.2013 (16)
  13. Win 7 - avira - zipopenersetup.exe - ADWARE/InstallCore.Gen7
    Log-Analyse und Auswertung - 27.09.2013 (1)
  14. Avira-Maleware-Fund "Adware/InstallCore.Gen7" - wie System verlässlich säubern?
    Plagegeister aller Art und deren Bekämpfung - 09.09.2013 (13)
  15. Trojaner: tr/atraps.gen2, tr/atraps.gen, tr/atraps.gen3, tr/atraps.gen4, tr/atraps.gen5, tr/atraps.gen7 und services.exe virus
    Plagegeister aller Art und deren Bekämpfung - 11.01.2013 (29)
  16. Avira: 7 Funde! Darunter TR/ATRAPS.Gen2 und TR/ATRAPS.Gen
    Log-Analyse und Auswertung - 15.10.2012 (31)
  17. Avira Antivirus Premium 2012: Funde von TR/ATRAPS.GEN TR/ATRAPS.GEN2 TR/Sirefef.P.666 BDS/ZAccess.T
    Log-Analyse und Auswertung - 25.07.2012 (3)

Zum Thema Avira Funde: Somoto.hzis, ATRAPS.Gen, Synatix.isks, InstallCore.Gen7, DownlaodSponsor.Gen - System läuft ansonsten einwandfrei - Hi, mein Avira AntiVir hat heute Funde gemeldet daraufhin habe ich einen Systemscan mit AntiVir und Malwarebytes durchgeführt. Es wurden 9 Funde bei AntiVir gemeldet, wovon zurzeit 6 in der - Avira Funde: Somoto.hzis, ATRAPS.Gen, Synatix.isks, InstallCore.Gen7, DownlaodSponsor.Gen - System läuft ansonsten einwandfrei...
Archiv
Du betrachtest: Avira Funde: Somoto.hzis, ATRAPS.Gen, Synatix.isks, InstallCore.Gen7, DownlaodSponsor.Gen - System läuft ansonsten einwandfrei auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.