Win7: Snapdo deinstalieren
Hallo & Frohe Weihnachten!
Mein Paps hat sich Snapdo eingefangen und ich bitte hiermit um Hilfe beim deinstallieren. Weis leider nicht genau wie lange schon, vermute ca 5 Monate.
Hier die Logfiles:
FRST_24-12-2013_21-20-21.txt Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-12-2013 01
Ran by Wolfgang (administrator) on WJW7HPNB01 on 24-12-2013 21:11:58
Running from C:\Users\Wolfgang\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\System32\atiesrxx.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Motorola, Inc.) C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\System Control Manager\MSIService.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
() C:\Windows\SysWOW64\PSIService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
() C:\Program Files (x86)\SoftwareUpdater\UpdaterService.exe
(Wajam) C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Sentelic Corporation) C:\Program Files\FSP\FspUip.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Corel, Inc.) C:\Program Files (x86)\Corel\Corel MediaOne\Corel Photo Downloader.exe
(AceBIT GmbH) C:\Program Files (x86)\AceBIT\WISE-FTP 6\wf_tp.exe
(Smartbar) C:\Users\Wolfgang\AppData\Local\Smartbar\Application\SnapDo.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_FATIBEE.EXE
() C:\Program Files (x86)\ScanWizard 5\ScannerFinder.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Ask) C:\Program Files (x86)\Ask.com\Updater\Updater.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Motorola, Inc.) C:\Program Files\Motorola\Bluetooth\obexsrv.exe
() C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Macrovision Europe Ltd.) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
(Motorola, Inc.) C:\Program Files\Motorola\Bluetooth\audiosrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
() C:\Program Files (x86)\SoftwareUpdater\AppsUpdater.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\usrreq.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [HotKeysCmds] - C:\windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10060832 2010-02-08] (Realtek Semiconductor)
HKLM\...\Run: [BTMTrayAgent] - rundll32.exe "C:\Program Files\Motorola\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [fspuip] - C:\Program Files\FSP\FspUip.exe [3768832 2010-02-09] (Sentelic Corporation)
HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe [186904 2009-10-13] (Intel Corporation)
HKLM\...\Run: [Corel Photo Downloader] - C:\Program Files (x86)\Corel\Corel MediaOne\Corel Photo Downloader.exe [483144 2007-08-17] (Corel, Inc.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-12-18] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [MGSysCtrl] - C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe [2396160 2010-01-08] (Micro-Star International Co., Ltd.)
HKLM-x32\...\Run: [ArcSoft Connection Service] - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [FreePDF Assistant] - C:\Program Files (x86)\FreePDF_XP\fpassist.exe [385024 2009-09-05] (shbox.de)
HKLM-x32\...\Run: [LWS] - C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.)
HKLM-x32\...\Run: [Corel Photo Downloader] - "C:\Program Files (x86)\Corel\Corel MediaOne\Corel PhotoDownloader.exe" -startup
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-17] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [ApnUpdater] - C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1573584 2012-10-29] (Ask)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKCU\...\Run: [WISE-FTP Task Planner] - C:\Program Files (x86)\AceBIT\WISE-FTP 6\wf_tp.exe [1786624 2011-01-14] (AceBIT GmbH)
HKCU\...\Run: [Browser Infrastructure Helper] - C:\Users\Wolfgang\AppData\Local\Smartbar\Application\SnapDo.exe [21536 2013-08-19] (Smartbar)
HKCU\...\Run: [EPSON Stylus DX4000 Series] - C:\Windows\Temp\E_S7465.tmp [132 2013-11-14] ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=SnapdoGOblidooYB&co=DE&userid=e67da77d-e09c-4daf-8b70-902df6579629&searchtype=ds&q={searchTerms}&installDate=29/06/2013
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://msi.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.yhs.delta-search.com/?affID=119394&tt=210213_yh&babsrc=HP_ss&mntrId=eae8d3c80000000000004061861f7169
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=SnapdoGOblidooYB&co=DE&userid=e67da77d-e09c-4daf-8b70-902df6579629&searchtype=ds&q={searchTerms}&installDate=29/06/2013
URLSearchHook: HKLM-x32 - (No Name) - {78e516ef-11de-47a1-8364-a99b917ec5ee} - No File
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=SnapdoGOblidooYB&co=DE&userid=e67da77d-e09c-4daf-8b70-902df6579629&searchtype=ds&q={searchTerms}&installDate=29/06/2013
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=SnapdoGOblidooYB&co=DE&userid=e67da77d-e09c-4daf-8b70-902df6579629&searchtype=ds&q={searchTerms}&installDate=29/06/2013
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=SnapdoGOblidooYB&co=DE&userid=e67da77d-e09c-4daf-8b70-902df6579629&searchtype=ds&q={searchTerms}&installDate=29/06/2013
SearchScopes: HKCU - bProtectorDefaultScope {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=SnapdoGOblidooYB&co=DE&userid=e67da77d-e09c-4daf-8b70-902df6579629&searchtype=ds&q={searchTerms}&installDate=29/06/2013
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.yhs.delta-search.com/?q={searchTerms}&affID=119394&tt=210213_yh&babsrc=SP_ss&mntrId=eae8d3c80000000000004061861f7169
BHO: Snap.DoEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Snap.DoEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: No Name - {78e516ef-11de-47a1-8364-a99b917ec5ee} - No File
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files (x86)\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (Ask.com)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Wajam - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll (Wajam)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.10.0\bh\delta.dll (Delta-search.com)
BHO-x32: Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: PricePeep - {FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} - C:\Program Files (x86)\PricePeep\pricepeep.dll (PricePeep)
BHO-x32: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files (x86)\AskTBar\bar\1.bin\ASKTBAR.DLL (Ask.com)
Toolbar: HKLM - Snap.Do - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files (x86)\AskTBar\bar\1.bin\ASKTBAR.DLL (Ask.com)
Toolbar: HKLM-x32 - Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM-x32 - Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.10.0\deltaTlbr.dll (Delta-search.com)
Toolbar: HKLM-x32 - Snap.Do - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKCU - No Name - {FE063DB9-4EC0-403E-8DD8-394C54984B2C} - No File
Toolbar: HKCU - No Name - {78E516EF-11DE-47A1-8364-A99B917EC5EE} - No File
DPF: HKLM-x32 {888078C6-70B2-4F88-8EE7-1F50DDEA6120} https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab
DPF: HKLM-x32 {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll No File
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Chrome:
=======
CHR HomePage: hxxp://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=SnapdoGOblidooYB&co=DE&userid=e67da77d-e09c-4daf-8b70-902df6579629&searchtype=hp&installDate=29/06/2013
CHR RestoreOnStartup: "hxxp://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=SnapdoGOblidooYB&co=DE&userid=e67da77d-e09c-4daf-8b70-902df6579629&searchtype=hp&installDate=29/06/2013"
CHR DefaultSearchKeyword: radolfzeller-handwerker.de
CHR DefaultSearchProvider: Handwerker in Radolfzell - Handwerk aus Fachbetrieben
CHR DefaultSearchURL: hxxp://www.radolfzeller-handwerker.de/index.php?option=com_search&searchword={searchTerms}
CHR DefaultNewTabURL:
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U7) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.70.11) - C:\windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Extension: (Avira Toolbar) - C:\Users\Wolfgang\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabfjnbeinlpljodiajipidiompfl\7.15.11.0_1
CHR Extension: (LyricsContainer) - C:\Users\Wolfgang\AppData\Local\Google\Chrome\User Data\Default\Extensions\abfmigjiaapipflmopkaaooigcjjdojh\1.122_1
CHR Extension: (Delta Toolbar) - C:\Users\Wolfgang\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnnabbonolmdccgncgckdfikehphiknc\1.0_1
CHR Extension: (Wajam) - C:\Users\Wolfgang\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_1
CHR Extension: (Skype Click to Call) - C:\Users\Wolfgang\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_1
CHR Extension: (Chrome In-App Payments service) - C:\Users\Wolfgang\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (Auto Lyrics) - C:\Users\Wolfgang\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkcdkfohdadbjmlfejhncigcbfkiaamf\1.111_1
CHR HKLM-x32\...\Chrome\Extension: [aaaaabfjnbeinlpljodiajipidiompfl] - C:\Users\Wolfgang\AppData\Local\APN\GoogleCRXs\aaaaabfjnbeinlpljodiajipidiompfl_7.15.11.0.crx
CHR HKLM-x32\...\Chrome\Extension: [abfmigjiaapipflmopkaaooigcjjdojh] - C:\Program Files (x86)\LyricsContainer\122.crx
CHR HKLM-x32\...\Chrome\Extension: [gaiilaahiahdejapggenmdmafpmbipje] - C:\Program Files (x86)\DealPly\DealPly.crx
CHR HKLM-x32\...\Chrome\Extension: [gnnabbonolmdccgncgckdfikehphiknc] - C:\Users\Wolfgang\AppData\Roaming\CRDeltaTB\DeltaYHS.crx
CHR HKLM-x32\...\Chrome\Extension: [jpmbfleldcgkldadpdinhjjopdfpjfjp] - C:\Users\Wolfgang\AppData\Local\Wajam\Chrome\wajam.crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
CHR HKLM-x32\...\Chrome\Extension: [pkcdkfohdadbjmlfejhncigcbfkiaamf] - C:\Program Files (x86)\AutoLyrics\Chrome.crx
==================== Services (Whitelisted) =================
R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AntiVirFirewallService; C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe [1012280 2013-12-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [896056 2013-12-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1011768 2013-12-17] (Avira Operations GmbH & Co. KG)
R2 EPSON_PM_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE [102400 2006-04-18] (SEIKO EPSON CORPORATION)
R2 ProtexisLicensing; C:\windows\SysWOW64\PSIService.exe [177704 2007-06-05] ()
R2 SrvUpdater; C:\Program Files (x86)\SoftwareUpdater\UpdaterService.exe [31744 2013-02-18] ()
S2 tor; C:\Program Files (x86)\Tor\tor.exe [3233806 2013-09-10] ()
R2 WajamUpdater; C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe [109064 2013-05-02] (Wajam)
S2 vToolbarUpdater14.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [x]
S2 Windows Internet Name Service; C:\windows\system32\config\systemprofile\AppData\Local\Windows Internet Name Service\wins.exe [x]
==================== Drivers (Whitelisted) ====================
R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
R3 avfwim; C:\Windows\System32\DRIVERS\avfwim.sys [114608 2013-02-06] (Avira GmbH)
R1 avfwot; C:\Windows\System32\DRIVERS\avfwot.sys [141376 2013-02-06] (Avira GmbH)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avgtp; C:\windows\system32\drivers\avgtpx64.sys [39768 2013-02-18] (AVG Technologies)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-14] (Avira Operations GmbH & Co. KG)
S3 RSUSBSTOR; C:\Windows\SysWow64\Drivers\RtsUStor.sys [225280 2009-09-02] (Realtek Semiconductor Corp.)
S3 smserial; C:\Windows\System32\DRIVERS\SmSerl64.sys [1227776 2009-06-10] (Motorola Inc.)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-08-06] ()
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-12-24 21:11 - 2013-12-24 21:12 - 00022620 _____ C:\Users\Wolfgang\Downloads\FRST.txt
2013-12-24 21:11 - 2013-12-24 21:11 - 00000000 ____D C:\FRST
2013-12-24 21:04 - 2013-12-24 21:04 - 01928636 _____ (Farbar) C:\Users\Wolfgang\Downloads\FRST64.exe
2013-12-24 21:03 - 2013-12-24 21:03 - 00000478 _____ C:\Users\Wolfgang\Downloads\defogger_disable.log
2013-12-24 21:03 - 2013-12-24 21:03 - 00000000 _____ C:\Users\Wolfgang\defogger_reenable
2013-12-24 21:02 - 2013-12-24 21:02 - 00050477 _____ C:\Users\Wolfgang\Downloads\Defogger.exe
2013-12-24 16:46 - 2013-12-24 16:46 - 00000288 ____H C:\windows\Tasks\User_Feed_Synchronization-{31E681F0-2B1D-442F-BEAA-8FE07DA6E180}.job
2013-12-24 16:37 - 2013-12-24 16:37 - 00000000 ____D C:\Users\Wolfgang\Desktop\snapdo
2013-12-19 09:50 - 2013-12-19 09:50 - 00000434 _____ C:\Users\Wolfgang\Desktop\Buchung - Cheaptickets.de.url
2013-12-18 16:14 - 2013-12-18 16:14 - 00012800 ___SH C:\Users\Wolfgang\Documents\Thumbs.db
2013-12-11 20:15 - 2013-05-10 06:56 - 14631424 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll
2013-12-11 20:15 - 2013-05-10 06:56 - 12625920 _____ (Microsoft Corporation) C:\windows\system32\wmploc.DLL
2013-12-11 20:15 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmploc.DLL
2013-12-11 20:15 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmp.dll
2013-12-11 17:32 - 2013-11-26 12:54 - 23183360 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-12-11 17:32 - 2013-11-26 11:19 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-12-11 17:32 - 2013-11-26 11:18 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2013-12-11 17:32 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2013-12-11 17:32 - 2013-11-26 10:48 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-12-11 17:32 - 2013-11-26 10:46 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2013-12-11 17:32 - 2013-11-26 10:41 - 02764288 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-12-11 17:32 - 2013-11-26 10:29 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-12-11 17:32 - 2013-11-26 10:27 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-12-11 17:32 - 2013-11-26 10:23 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2013-12-11 17:32 - 2013-11-26 10:21 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-12-11 17:32 - 2013-11-26 10:18 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2013-12-11 17:32 - 2013-11-26 10:18 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2013-12-11 17:32 - 2013-11-26 10:16 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2013-12-11 17:32 - 2013-11-26 09:57 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-12-11 17:32 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2013-12-11 17:32 - 2013-11-26 09:38 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2013-12-11 17:32 - 2013-11-26 09:35 - 05769216 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-12-11 17:32 - 2013-11-26 09:32 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2013-12-11 17:32 - 2013-11-26 09:28 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2013-12-11 17:32 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2013-12-11 17:32 - 2013-11-26 09:02 - 01995264 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2013-12-11 17:32 - 2013-11-26 08:48 - 12996608 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-12-11 17:32 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2013-12-11 17:32 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2013-12-11 17:32 - 2013-11-26 08:07 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-12-11 17:32 - 2013-11-26 07:40 - 01395200 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-12-11 17:32 - 2013-11-26 07:34 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2013-12-11 17:32 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2013-12-11 17:32 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2013-12-11 17:32 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2013-12-11 17:31 - 2013-11-12 03:23 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2013-12-11 17:31 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2013-12-11 17:31 - 2013-10-30 03:32 - 00335360 _____ (Microsoft Corporation) C:\windows\system32\msieftp.dll
2013-12-11 17:31 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\windows\SysWOW64\msieftp.dll
2013-12-11 17:31 - 2013-10-19 03:18 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\imagehlp.dll
2013-12-11 17:31 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\windows\SysWOW64\imagehlp.dll
2013-12-11 17:30 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMPhoto.dll
2013-12-11 17:30 - 2013-11-23 18:47 - 00465920 _____ (Microsoft Corporation) C:\windows\system32\WMPhoto.dll
2013-12-11 17:30 - 2013-10-30 02:24 - 03155968 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2013-12-11 17:30 - 2013-10-12 03:32 - 00150016 _____ (Microsoft Corporation) C:\windows\system32\wshom.ocx
2013-12-11 17:30 - 2013-10-12 03:31 - 00202752 _____ (Microsoft Corporation) C:\windows\system32\scrrun.dll
2013-12-11 17:30 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\windows\SysWOW64\wshom.ocx
2013-12-11 17:30 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\scrrun.dll
2013-12-11 17:30 - 2013-10-12 02:33 - 00168960 _____ (Microsoft Corporation) C:\windows\system32\wscript.exe
2013-12-11 17:30 - 2013-10-12 02:33 - 00156160 _____ (Microsoft Corporation) C:\windows\system32\cscript.exe
2013-12-11 17:30 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\windows\SysWOW64\wscript.exe
2013-12-11 17:30 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\windows\SysWOW64\cscript.exe
2013-12-11 17:30 - 2013-10-04 03:16 - 00116736 _____ (Microsoft Corporation) C:\windows\system32\Drivers\drmk.sys
2013-12-11 17:30 - 2013-10-04 02:36 - 00230400 _____ (Microsoft Corporation) C:\windows\system32\Drivers\portcls.sys
2013-12-09 07:53 - 2013-12-09 07:53 - 00001106 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore1cef4ab5737af2e.job
2013-11-25 17:55 - 2013-11-25 17:55 - 00000042 _____ C:\Users\Wolfgang\Desktop\WEB.DE - E-Mail-Adresse kostenlos, FreeMail, De-Mail & Nachrichten.url
2013-11-25 17:15 - 2013-11-25 17:15 - 00000145 _____ C:\Users\Wolfgang\Desktop\Interaktive Online-Übungen.url
==================== One Month Modified Files and Folders =======
2013-12-24 21:12 - 2013-12-24 21:11 - 00022620 _____ C:\Users\Wolfgang\Downloads\FRST.txt
2013-12-24 21:11 - 2013-12-24 21:11 - 00000000 ____D C:\FRST
2013-12-24 21:09 - 2009-07-14 05:45 - 00017600 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-24 21:09 - 2009-07-14 05:45 - 00017600 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-24 21:04 - 2013-12-24 21:04 - 01928636 _____ (Farbar) C:\Users\Wolfgang\Downloads\FRST64.exe
2013-12-24 21:03 - 2013-12-24 21:03 - 00000478 _____ C:\Users\Wolfgang\Downloads\defogger_disable.log
2013-12-24 21:03 - 2013-12-24 21:03 - 00000000 _____ C:\Users\Wolfgang\defogger_reenable
2013-12-24 21:03 - 2010-07-02 15:36 - 00000000 ____D C:\Users\Wolfgang
2013-12-24 21:02 - 2013-12-24 21:02 - 00050477 _____ C:\Users\Wolfgang\Downloads\Defogger.exe
2013-12-24 21:02 - 2010-12-17 17:19 - 00000000 ____D C:\Users\Wolfgang\AppData\Roaming\Skype
2013-12-24 19:40 - 2010-07-02 15:38 - 01467801 _____ C:\windows\WindowsUpdate.log
2013-12-24 16:49 - 2009-07-14 05:51 - 00119183 _____ C:\windows\setupact.log
2013-12-24 16:46 - 2013-12-24 16:46 - 00000288 ____H C:\windows\Tasks\User_Feed_Synchronization-{31E681F0-2B1D-442F-BEAA-8FE07DA6E180}.job
2013-12-24 16:37 - 2013-12-24 16:37 - 00000000 ____D C:\Users\Wolfgang\Desktop\snapdo
2013-12-20 18:15 - 2010-08-22 13:49 - 00000000 ____D C:\Users\Wolfgang\Documents\excel
2013-12-20 14:57 - 2010-08-19 19:15 - 00000000 ____D C:\Users\Wolfgang\AppData\Local\FreePDF_XP
2013-12-20 14:56 - 2010-08-19 19:15 - 00003000 _____ C:\fpRedmon.log
2013-12-20 14:44 - 2010-08-22 13:47 - 00000000 ____D C:\Users\Wolfgang\Documents\pdf
2013-12-19 09:50 - 2013-12-19 09:50 - 00000434 _____ C:\Users\Wolfgang\Desktop\Buchung - Cheaptickets.de.url
2013-12-18 18:18 - 2010-03-16 22:36 - 00654400 _____ C:\windows\system32\perfh007.dat
2013-12-18 18:18 - 2010-03-16 22:36 - 00130240 _____ C:\windows\system32\perfc007.dat
2013-12-18 18:18 - 2009-07-14 06:13 - 01498742 _____ C:\windows\system32\PerfStringBackup.INI
2013-12-18 16:14 - 2013-12-18 16:14 - 00012800 ___SH C:\Users\Wolfgang\Documents\Thumbs.db
2013-12-17 12:19 - 2013-05-07 13:18 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avnetflt.sys
2013-12-17 12:19 - 2013-03-29 09:36 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys
2013-12-17 12:19 - 2013-03-29 09:36 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys
2013-12-15 20:47 - 2013-08-13 18:44 - 00000000 ____D C:\windows\system32\MRT
2013-12-15 11:12 - 2010-07-06 18:01 - 90708896 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-12-12 09:43 - 2009-07-14 05:45 - 00495888 _____ C:\windows\system32\FNTCACHE.DAT
2013-12-11 17:33 - 2010-03-17 00:02 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-09 07:53 - 2013-12-09 07:53 - 00001106 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore1cef4ab5737af2e.job
2013-12-06 12:45 - 2010-12-12 15:04 - 00000000 ____D C:\ProgramData\Skype
2013-12-06 12:44 - 2010-12-17 17:19 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-12-05 14:38 - 2011-07-19 12:55 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-11-26 12:54 - 2013-12-11 17:32 - 23183360 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-11-26 11:19 - 2013-12-11 17:32 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-11-26 11:18 - 2013-12-11 17:32 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2013-11-26 11:11 - 2013-12-11 17:32 - 17112576 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2013-11-26 10:48 - 2013-12-11 17:32 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-11-26 10:46 - 2013-12-11 17:32 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2013-11-26 10:41 - 2013-12-11 17:32 - 02764288 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-11-26 10:29 - 2013-12-11 17:32 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-11-26 10:27 - 2013-12-11 17:32 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-11-26 10:23 - 2013-12-11 17:32 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2013-11-26 10:21 - 2013-12-11 17:32 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-11-26 10:18 - 2013-12-11 17:32 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2013-11-26 10:18 - 2013-12-11 17:32 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2013-11-26 10:16 - 2013-12-11 17:32 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2013-11-26 09:57 - 2013-12-11 17:32 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-11-26 09:38 - 2013-12-11 17:32 - 02166784 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2013-11-26 09:38 - 2013-12-11 17:32 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2013-11-26 09:35 - 2013-12-11 17:32 - 05769216 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-11-26 09:32 - 2013-12-11 17:32 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2013-11-26 09:28 - 2013-12-11 17:32 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2013-11-26 09:16 - 2013-12-11 17:32 - 04243968 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2013-11-26 09:02 - 2013-12-11 17:32 - 01995264 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2013-11-26 08:48 - 2013-12-11 17:32 - 12996608 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-11-26 08:32 - 2013-12-11 17:32 - 01928192 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2013-11-26 08:26 - 2013-12-11 17:32 - 11221504 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2013-11-26 08:07 - 2013-12-11 17:32 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-11-26 07:40 - 2013-12-11 17:32 - 01395200 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-11-26 07:34 - 2013-12-11 17:32 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2013-11-26 07:34 - 2013-12-11 17:32 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2013-11-26 07:33 - 2013-12-11 17:32 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2013-11-26 07:27 - 2013-12-11 17:32 - 01157632 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2013-11-25 17:55 - 2013-11-25 17:55 - 00000042 _____ C:\Users\Wolfgang\Desktop\WEB.DE - E-Mail-Adresse kostenlos, FreeMail, De-Mail & Nachrichten.url
2013-11-25 17:15 - 2013-11-25 17:15 - 00000145 _____ C:\Users\Wolfgang\Desktop\Interaktive Online-Übungen.url
Some content of TEMP:
====================
C:\Users\Wolfgang\AppData\Local\Temp\26384-671274-skype.exe
C:\Users\Wolfgang\AppData\Local\Temp\54425-667390-photoscape.exe
C:\Users\Wolfgang\AppData\Local\Temp\AcDeltree.exe
C:\Users\Wolfgang\AppData\Local\Temp\AMPing.exe
C:\Users\Wolfgang\AppData\Local\Temp\AskSLib.dll
C:\Users\Wolfgang\AppData\Local\Temp\avgnt.exe
C:\Users\Wolfgang\AppData\Local\Temp\avguidx.dll
C:\Users\Wolfgang\AppData\Local\Temp\CommonInstaller.exe
C:\Users\Wolfgang\AppData\Local\Temp\contentDATs.exe
C:\Users\Wolfgang\AppData\Local\Temp\EpsonInkjetDriverDownloader.EXE
C:\Users\Wolfgang\AppData\Local\Temp\GoogleChromeInstaller.exe
C:\Users\Wolfgang\AppData\Local\Temp\iGearedHelper.dll
C:\Users\Wolfgang\AppData\Local\Temp\InstallManager_BAB_BAB.exe
C:\Users\Wolfgang\AppData\Local\Temp\install_flashplayer11x32ax_gtbp_chra_aih[1].exe
C:\Users\Wolfgang\AppData\Local\Temp\instloffer.exe
C:\Users\Wolfgang\AppData\Local\Temp\jre-7u40-windows-i586-iftw.exe
C:\Users\Wolfgang\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Wolfgang\AppData\Local\Temp\LyricsContainertmp.exe
C:\Users\Wolfgang\AppData\Local\Temp\MachineIdCreator.exe
C:\Users\Wolfgang\AppData\Local\Temp\MSN4F88.exe
C:\Users\Wolfgang\AppData\Local\Temp\ose00000.exe
C:\Users\Wolfgang\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\Wolfgang\AppData\Local\Temp\setup_fsu_cid.exe
C:\Users\Wolfgang\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Wolfgang\AppData\Local\Temp\tbNCH_.dll
C:\Users\Wolfgang\AppData\Local\Temp\TB_3EA7.exe
C:\Users\Wolfgang\AppData\Local\Temp\ToolbarInstaller.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-08-22 10:17
==================== End Of Log ============================
Addition.txt: Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-12-2013 01
Ran by Wolfgang at 2013-12-24 21:14:21
Running from C:\Users\Wolfgang\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: FireWall (Enabled) {CE40CCC0-8ADB-6D67-25A0-C5B6438E4B57}
==================== Installed Programs ======================
ABBYY FineReader 6.0 Sprint (x32 Version: 6.00.1568.4089)
Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224)
Adobe Reader X (10.1.8) - Deutsch (x32 Version: 10.1.8)
Advertising Center (x32 Version: 0.0.0.1)
ArcSoft Magic-i Visual Effects 2 (x32 Version: 2.0.10.94)
ArcSoft Print Creations - Album Page (x32)
ArcSoft Print Creations - Brochures & Flyers (x32)
ArcSoft Print Creations - Funhouse (x32)
ArcSoft Print Creations - Funhouse II (x32)
ArcSoft Print Creations - Greeting Card (x32)
ArcSoft Print Creations - Photo Book (x32)
ArcSoft Print Creations - Photo Calendar (x32)
ArcSoft Print Creations - Photo Prints (x32)
ArcSoft Print Creations - Poster Creator (x32)
ArcSoft Print Creations - Scrapbook (x32)
ArcSoft Print Creations - Slimline Card (x32)
ArcSoft Print Creations (x32 Version: 3.0.255.407)
ArcSoft WebCam Companion 3 (x32 Version: 3.0.32.221)
Ask Toolbar (x32 Version: 1.15.11.0) <==== ATTENTION
Ask Toolbar (x32) <==== ATTENTION
ATI Catalyst Install Manager (Version: 3.0.754.0)
Auto Lyrics (x32) <==== ATTENTION
Autodesk Design Review 2011 (x32 Version: 11.0.0.86)
Autodesk Material Library 2011 (x32 Version: 2.0.0.100)
Autodesk Material Library 2011 Base Image library (x32 Version: 2.0.0.49)
AVG Security Toolbar (x32 Version: 14.2.0.1)
Avira Internet Security (x32 Version: 14.0.2.286)
Avira SearchFree Toolbar plus Web Protection Updater (HKCU Version: 1.2.3.30498)
BurnRecovery (x32 Version: 3.0.1003.801)
CAD+T OEM Deutsch 2011 (Version: 18.1.116.0)
CAD+T OEM Deutsch 2011 Version 2.1 (Version: 1)
CameraHelperMsi (x32 Version: 13.31.1038.0)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center Core Implementation (x32 Version: 2009.1217.1632.29627)
Catalyst Control Center Graphics Full Existing (x32 Version: 2009.1217.1632.29627)
Catalyst Control Center Graphics Full New (x32 Version: 2009.1217.1632.29627)
Catalyst Control Center Graphics Light (x32 Version: 2009.1217.1632.29627)
Catalyst Control Center Graphics Previews Vista (x32 Version: 2009.1217.1632.29627)
Catalyst Control Center InstallProxy (x32 Version: 2009.1217.1632.29627)
Catalyst Control Center Localization All (x32 Version: 2009.1217.1632.29627)
CCC Help Chinese Standard (x32 Version: 2009.1217.1631.29627)
CCC Help Chinese Traditional (x32 Version: 2009.1217.1631.29627)
CCC Help Czech (x32 Version: 2009.1217.1631.29627)
CCC Help Danish (x32 Version: 2009.1217.1631.29627)
CCC Help Dutch (x32 Version: 2009.1217.1631.29627)
CCC Help English (x32 Version: 2009.1217.1631.29627)
CCC Help Finnish (x32 Version: 2009.1217.1631.29627)
CCC Help French (x32 Version: 2009.1217.1631.29627)
CCC Help German (x32 Version: 2009.1217.1631.29627)
CCC Help Greek (x32 Version: 2009.1217.1631.29627)
CCC Help Hungarian (x32 Version: 2009.1217.1631.29627)
CCC Help Italian (x32 Version: 2009.1217.1631.29627)
CCC Help Japanese (x32 Version: 2009.1217.1631.29627)
CCC Help Korean (x32 Version: 2009.1217.1631.29627)
CCC Help Norwegian (x32 Version: 2009.1217.1631.29627)
CCC Help Polish (x32 Version: 2009.1217.1631.29627)
CCC Help Portuguese (x32 Version: 2009.1217.1631.29627)
CCC Help Russian (x32 Version: 2009.1217.1631.29627)
CCC Help Spanish (x32 Version: 2009.1217.1631.29627)
CCC Help Swedish (x32 Version: 2009.1217.1631.29627)
CCC Help Thai (x32 Version: 2009.1217.1631.29627)
CCC Help Turkish (x32 Version: 2009.1217.1631.29627)
ccc-core-static (x32 Version: 2009.1217.1632.29627)
ccc-utility64 (Version: 2009.1217.1632.29627)
Compatibility Pack für 2007 Office System (x32 Version: 12.0.6612.1000)
Corel MediaOne (x32 Version: 2.00.0000)
Crystal Reports Basic Runtime for Visual Studio 2008 (x64) (Version: 10.5.0.0)
D3DX10 (x32 Version: 15.4.2368.0902)
DealPly (HKCU) <==== ATTENTION
DealPly (remove only) (x32 Version: 4.8.6.4) <==== ATTENTION
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
Delta (x32 Version: 1.0.0.0)
Delta toolbar (x32 Version: 1.8.10.0) <==== ATTENTION
Driver Whiz (x32 Version: 8.0.1)
ENE CIR Receiver Driver (Version: 2.7.3.519)
English Network 2 Aussprache-CD-ROM (x32 Version: 1.0.0000)
EPSON Scan (x32)
EPSON-Drucker-Software
erLT (x32 Version: 1.20.138.34)
FARO LS 1.1.406.58 (x32 Version: 4.6.58.2)
FileConverter 1.3 Toolbar (x32 Version: 6.10.3.8)
Finger Sensing Pad Driver (Version: 8.5.6.4)
FreePDF (Remove only) (x32)
GIMP 2.8.4 (Version: 2.8.4)
Google Chrome (x32 Version: 31.0.1650.63)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0)
Google Toolbar for Internet Explorer (x32 Version: 7.5.4805.320)
Google Update Helper (x32 Version: 1.3.22.3)
GPL Ghostscript 8.71 (x32)
Intel(R) Management Engine Components (x32 Version: 6.0.0.1179)
Intel(R) Turbo Boost Technology Driver (x32 Version: 01.01.01.1007)
Intel(R) Turbo Boost Technology Monitor (Version: 1.0.115.11)
Intel® Matrix Storage Manager
Java 7 Update 45 (x32 Version: 7.0.450)
Java Auto Updater (x32 Version: 2.1.9.8)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Logitech Webcam Software (x32 Version: 2.0)
LSI HDA Modem (Version: 2.1.95)
LWS Facebook (x32 Version: 13.31.1038.0)
LWS Gallery (x32 Version: 13.31.1038.0)
LWS Help_main (x32 Version: 13.31.1044.0)
LWS Launcher (x32 Version: 13.31.1038.0)
LWS Motion Detection (x32 Version: 13.30.1395.0)
LWS Pictures And Video (x32 Version: 13.31.1038.0)
LWS Twitter (x32 Version: 13.30.1346.0)
LWS Video Mask Maker (x32 Version: 13.30.1379.0)
LWS VideoEffects (Version: 13.30.1379.0)
LWS Webcam Software (x32 Version: 13.31.1038.0)
LWS WLM Plugin (x32 Version: 1.30.1201.0)
LWS YouTube Plugin (x32 Version: 13.31.1038.0)
LyricsContainer (x32) <==== ATTENTION
Mesh Runtime (x32 Version: 15.4.5722.2)
Messenger Companion (x32 Version: 15.4.3502.0922)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Home and Student 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000)
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Outlook Connector (x32 Version: 14.0.5118.5000)
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office PowerPoint Viewer 2007 (German) (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Suite Activation Assistant (x32 Version: 2.9)
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (x32 Version: 14.0.5120.5000)
Microsoft Search Enhancement Pack (x32 Version: 3.0.133.0)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Works (x32 Version: 9.7.0621)
Microtek FineReader OCR Engine (x32)
Motorola Bluetooth (Version: 3.0.0.217)
msi Software Install (x32 Version: 3.0.911.2701)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
Nero 9 Essentials (x32)
Nero ControlCenter (x32 Version: 9.0.0.1)
Nero Installer (x32 Version: 4.4.9.0)
Nero Online Upgrade (x32 Version: 1.3.0.0)
Nero StartSmart (x32 Version: 9.4.12.100)
Nero StartSmart OEM (x32 Version: 9.4.10.100)
neroxml (x32 Version: 1.0.0)
PricePeep (x32 Version: 2.1.0.22) <==== ATTENTION
PX Profile Update (x32 Version: 1.00.1.)
Realtek Ethernet Controller Driver (x32 Version: 1.00.0008)
Realtek HDMI Audio Driver for ATI (x32 Version: 6.0.1.5992)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6043)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.7600.30104)
RedMon - Redirection Port Monitor
ScanWizard 5 (x32)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32)
Skype Click to Call (x32 Version: 5.9.9216)
Skype™ 6.11 (x32 Version: 6.11.102)
Snap.Do (x32 Version: 1.71.1.11943)
SoftwareUpdater (x32)
SRS Premium Sound Control Panel (Version: 1.8.3400)
System Control Manager (x32 Version: 2.210.0108.006.04)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2494150) (x32)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (x32)
Wajam (x32 Version: 1.80) <==== ATTENTION
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3508.1109)
Windows Live Family Safety (Version: 15.4.3502.0922)
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3508.1109)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX control for remote connections (x32 Version: 15.4.5722.2)
Windows Live Messenger (x32 Version: 15.4.3502.0922)
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live Sync (x32 Version: 14.0.8089.726)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
WinRAR archiver (x32)
WISE-FTP 6 (x32 Version: 6.1.5)
WoodWOP (x32)
==================== Restore Points =========================
21-10-2013 17:20:55 Installed Java 7 Update 45
05-11-2013 08:58:42 Windows Update
14-11-2013 20:09:45 Windows Update
20-11-2013 20:07:29 Windows Update
11-12-2013 16:29:42 Windows Update
11-12-2013 19:13:16 Windows Update
15-12-2013 10:12:08 Windows Update
==================== Hosts content: ==========================
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {035E3558-E37F-4AB2-9628-4B38043BBD28} - System32\Tasks\NCH Software\FlingReminder => C:\Program Files (x86)\NCH Software\Fling\Fling.exe
Task: {052A4A6C-40BD-4904-BEAA-2DE0E23B2A07} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {0978FAAC-4FD4-42BB-B4AE-C83524C9F9D8} - System32\Tasks\BrowserProtect => Sc.exe start BrowserProtect <==== ATTENTION
Task: {230F025F-ECD0-4664-9FB7-96AD16F55D29} - System32\Tasks\{5AEA4162-68F9-4B58-A055-050C1B4ECB2D} => Iexplore.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=5.0.0.152.211&LastError=12002
Task: {246C59AE-6F94-4A99-8E0A-7A78BE1CDEE2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-01-01] (Google Inc.)
Task: {261BDD69-8C2C-4ED5-944E-C763D401803C} - System32\Tasks\{3F131422-28D2-4C3E-8E8C-22B50F89D79A} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.1.0.112.211/de/eula
Task: {3926858C-2E80-4194-9F0D-9AB366C5537B} - System32\Tasks\AdobeFlashPlayerUpdate => C:\windows\SysWOW64\FlashPlayerUpdateService.exe
Task: {3FA1D99F-8419-4B42-AD2C-48BD5BD1C96F} - System32\Tasks\{6556D5C2-471D-46E2-8F2F-ABCE90541EE5} => Iexplore.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=5.0.0.156.211&LastError=12002
Task: {4FEAE710-34C1-4BF1-9435-B10DEB9325D5} - System32\Tasks\{4EFF6C15-4FB1-44EF-AAE4-BC175A0CB24C} => Iexplore.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=5.0.0.152.211&LastError=12002
Task: {54A6ABB4-F973-45AB-B446-BB2CEEAB223A} - System32\Tasks\AdobeFlashPlayerUpdate 2 => C:\windows\SysWOW64\FlashPlayerUpdateService.exe
Task: {8168711E-D665-46B0-9E38-C7F6DDBF9779} - System32\Tasks\{8CC1CA2D-97E3-46E8-9B06-C351CE7A00BE} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
Task: {9AADAFB1-7DD5-41A1-B4E9-E3092902986C} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\windows\TEMP\{FF6173BE-C7DC-44AA-86DD-A9578C53AE7E}.exe
Task: {A621FD53-5064-4BFB-95DA-8B83BF327154} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: {A75CFCDB-550F-45F1-BF7C-431A8A4EE63E} - System32\Tasks\NCH Software\FlingDowngrade => C:\Program Files (x86)\NCH Software\Fling\fling.exe
Task: {AA575E16-4F04-45F2-A2E8-CB0778B841EE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-01-01] (Google Inc.)
Task: {D112D442-B6C9-4312-9CE1-9E158C91178F} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe [2012-10-29] ()
Task: {E2972E38-BC77-48CA-98F1-45B7806F5F0A} - System32\Tasks\LyricsContainer Update => C:\Program Files (x86)\LyricsContainer\LrcsCtrUpdr.exe [2013-07-15] () <==== ATTENTION
Task: {E8E8FE9C-D89B-4A23-B433-031E22995567} - System32\Tasks\DealPly => C:\Users\Wolfgang\AppData\Roaming\DealPly\UpdateProc\UpdateTask.exe [2013-04-23] () <==== ATTENTION
Task: {F245AB03-A5CF-4E30-B42E-79CE45071956} - System32\Tasks\{7ED7745F-929A-45F4-AADC-FF44D82DF9EE} => Iexplore.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=5.0.0.156.211&LastError=12002
Task: {F545BD55-2A72-43B1-8739-BCCCD9615F4B} - System32\Tasks\DealPlyUpdate => C:\Program
Task: {FD6A98B3-5526-489D-8E7E-D81EE846CC6D} - System32\Tasks\{7331A976-97BE-413B-B128-3ED37BBE63D2} => Iexplore.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=5.0.0.152.211&LastError=12002
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\windows\TEMP\{FF6173BE-C7DC-44AA-86DD-A9578C53AE7E}.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore1cef4ab5737af2e.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\LyricsContainer Update.job => C:\Program Files (x86)\LyricsContainer\LrcsCtrUpdr.exe <==== ATTENTION
Task: C:\windows\Tasks\User_Feed_Synchronization-{31E681F0-2B1D-442F-BEAA-8FE07DA6E180}.job => C:\windows\system32\msfeedssync.exe
==================== Loaded Modules (whitelisted) =============
2010-03-16 23:02 - 2010-02-09 02:32 - 00049152 _____ () C:\Program Files\FSP\KbdHook.dll
2010-03-16 23:02 - 2010-02-09 02:32 - 00080896 _____ () C:\Program Files\FSP\FspLib.dll
2009-08-31 21:56 - 2009-08-31 21:56 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-03-16 23:42 - 2010-03-16 23:42 - 00270336 _____ () C:\windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2012-11-27 16:35 - 2012-11-27 16:29 - 00397088 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2013-08-19 15:55 - 2013-08-19 15:55 - 00033824 _____ () C:\Users\Wolfgang\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Core.dll
2013-08-19 15:55 - 2013-08-19 15:55 - 00056864 _____ () C:\Users\Wolfgang\AppData\Local\Smartbar\Application\Smartbar.Resources.AutomaticUpdates.dll
2013-08-19 15:55 - 2013-08-19 15:55 - 00150560 _____ () C:\Users\Wolfgang\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Utilities.dll
2013-08-19 15:55 - 2013-08-19 15:55 - 00112672 _____ () C:\Users\Wolfgang\AppData\Local\Smartbar\Application\Smartbar.Resources.HistoryAndStatsWrapper.dll
2013-08-19 15:55 - 2013-08-19 15:55 - 01767968 _____ () C:\Users\Wolfgang\AppData\Local\Smartbar\Application\Smartbar.GUI.MainClient.dll
2013-08-19 15:55 - 2013-08-19 15:55 - 00078880 _____ () C:\Users\Wolfgang\AppData\Local\Smartbar\Application\Smartbar.Personalization.BusinessLogic.dll
2013-08-19 15:55 - 2013-08-19 15:55 - 00013344 _____ () C:\Users\Wolfgang\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.EventManager.dll
2013-08-19 15:55 - 2013-08-19 15:55 - 00726048 _____ () C:\Users\Wolfgang\AppData\Local\Smartbar\Application\Smartbar.GUI.Controls.dll
2013-08-19 15:55 - 2013-08-19 15:55 - 00082464 _____ () C:\Users\Wolfgang\AppData\Local\Smartbar\Application\Smartbar.GUI.Docking.dll
2013-08-19 15:55 - 2013-08-19 15:55 - 00014368 _____ () C:\Users\Wolfgang\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.BusinessEntities.dll
2013-08-19 15:55 - 2013-08-19 15:55 - 00016928 _____ () C:\Users\Wolfgang\AppData\Local\Smartbar\Application\Smartbar.Personalization.Common.dll
2013-08-19 15:56 - 2013-08-19 15:56 - 00020512 _____ () C:\Users\Wolfgang\AppData\Local\Smartbar\Application\Smartbar.Resources.SideBySide.dll
2013-08-19 15:56 - 2013-08-19 15:56 - 00026656 _____ () C:\Users\Wolfgang\AppData\Local\Smartbar\Application\Smartbar.Resources.Utilities.dll
2013-08-19 15:55 - 2013-08-19 15:55 - 00057888 _____ () C:\Users\Wolfgang\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.InternetExplorerLocalPlugin.dll
2013-08-19 15:55 - 2013-08-19 15:55 - 00014880 _____ () C:\Users\Wolfgang\AppData\Local\Smartbar\Application\Smartbar.GUI.Multimedia.Loader.dll
2013-08-19 15:55 - 2013-08-19 15:55 - 00052768 _____ () C:\Users\Wolfgang\AppData\Local\Smartbar\Application\Smartbar.Resources.LanguageSettings.dll
2013-08-19 15:55 - 2013-08-19 15:55 - 00014880 _____ () C:\Users\Wolfgang\AppData\Local\Smartbar\Application\Smartbar.Resources.ProcessDownMonitor.dll
2013-08-19 15:55 - 2013-08-19 15:55 - 00048160 _____ () C:\Users\Wolfgang\AppData\Local\Smartbar\Application\MACTrackBarLib.dll
2013-08-19 15:55 - 2013-08-19 15:55 - 00026144 _____ () C:\Users\Wolfgang\AppData\Local\Smartbar\Application\de\Smartbar.Resources.LanguageSettings.resources.dll
2013-08-19 15:56 - 2013-08-19 15:56 - 00026144 _____ () C:\Users\Wolfgang\AppData\Local\Smartbar\Application\Smartbar.Resources.SocialNetsSharer.dll
2013-08-19 15:54 - 2013-08-19 15:54 - 00194080 _____ () C:\Users\Wolfgang\AppData\Local\Smartbar\Application\Smartbar.GUI.Multimedia.dll
2013-08-19 15:53 - 2013-08-19 15:53 - 00068640 _____ () C:\Users\Wolfgang\AppData\Local\Smartbar\Application\AxInterop.WMPLib.dll
2013-08-19 15:55 - 2013-08-19 15:55 - 00246304 _____ () C:\Users\Wolfgang\AppData\Local\Smartbar\Application\Smartbar.Resources.NetSeer.dll
2011-11-19 16:22 - 2009-07-22 17:22 - 00249856 _____ () C:\Program Files (x86)\ScanWizard 5\SFRes.dll
2011-08-12 11:18 - 2011-08-12 11:18 - 02145304 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
2011-08-12 11:18 - 2011-08-12 11:18 - 07956504 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
2011-08-12 11:18 - 2011-08-12 11:18 - 00342552 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
2011-08-12 11:18 - 2011-08-12 11:18 - 00029208 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2011-08-12 11:18 - 2011-08-12 11:18 - 00128536 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2011-11-11 14:09 - 2011-11-11 14:09 - 00336408 _____ () C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
2013-12-05 14:37 - 2013-12-04 03:47 - 00702416 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libglesv2.dll
2013-12-05 14:37 - 2013-12-04 03:47 - 00099792 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libegl.dll
2013-12-05 14:37 - 2013-12-04 03:48 - 04055504 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll
2013-12-05 14:37 - 2013-12-04 03:48 - 00399312 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
2013-12-05 14:37 - 2013-12-04 03:47 - 01619408 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll
2013-12-05 14:38 - 2013-12-04 03:48 - 13586896 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
2012-11-27 16:35 - 2012-03-26 19:13 - 00447848 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\libxml2.dll
2012-11-27 16:35 - 2012-03-26 19:13 - 00060264 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\cares.dll
2012-12-17 11:04 - 2013-09-23 10:43 - 00093184 _____ () C:\Program Files (x86)\SoftwareUpdater\KeyGen.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (12/24/2013 04:50:26 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: tor.exe, Version: 0.0.0.0, Zeitstempel: 0x512e1a4a
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000
ID des fehlerhaften Prozesses: 0x820
Startzeit der fehlerhaften Anwendung: 0xtor.exe0
Pfad der fehlerhaften Anwendung: tor.exe1
Pfad des fehlerhaften Moduls: tor.exe2
Berichtskennung: tor.exe3
Error: (12/24/2013 04:29:02 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: tor.exe, Version: 0.0.0.0, Zeitstempel: 0x512e1a4a
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000
ID des fehlerhaften Prozesses: 0x840
Startzeit der fehlerhaften Anwendung: 0xtor.exe0
Pfad der fehlerhaften Anwendung: tor.exe1
Pfad des fehlerhaften Moduls: tor.exe2
Berichtskennung: tor.exe3
System errors:
=============
Error: (12/24/2013 04:53:46 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "FLEXnet Licensing Service 64" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (12/24/2013 04:53:46 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst FLEXnet Licensing Service 64 erreicht.
Error: (12/24/2013 04:50:10 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Tor Win32 Service" wurde mit folgendem Fehler beendet:
%%1064
Error: (12/24/2013 04:50:10 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Internet Name Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (12/24/2013 04:50:10 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "vToolbarUpdater14.2.0" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (12/24/2013 04:28:47 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Tor Win32 Service" wurde mit folgendem Fehler beendet:
%%1064
Error: (12/24/2013 04:28:47 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Internet Name Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (12/24/2013 04:28:47 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "vToolbarUpdater14.2.0" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (12/24/2013 11:52:53 AM) (Source: DCOM) (User: )
Description: {3EB3C877-1F16-487C-9050-104DBCD66683}
Error: (12/23/2013 05:43:27 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Tor Win32 Service" wurde mit folgendem Fehler beendet:
%%1064
Microsoft Office Sessions:
=========================
Error: (12/24/2013 04:50:26 PM) (Source: Application Error)(User: )
Description: tor.exe0.0.0.0512e1a4aunknown0.0.0.000000000c00000050000000082001cf00bfcfe46ac0C:\Program Files (x86)\Tor\tor.exeunknown1a97ed21-6cb3-11e3-a45a-4061861f7169
Error: (12/24/2013 04:29:02 PM) (Source: Application Error)(User: )
Description: tor.exe0.0.0.0512e1a4aunknown0.0.0.000000000c00000050000000084001cf00bcd62d45a4C:\Program Files (x86)\Tor\tor.exeunknown1d321778-6cb0-11e3-b4d0-4061861f7169
gmer.txt Code:
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-12-24 21:45:05
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD50 rev.01.0 465,76GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Wolfgang\AppData\Local\Temp\kglirpog.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff800035b0000 52 bytes [FF, FF, FF, FF, FF, FF, FF, ...]
INITKDBG C:\windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 582 fffff800035b0036 27 bytes [FF, FF, FF, FF, FF, FF, FF, ...]
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1516] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000769d1465 2 bytes [9D, 76]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1516] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000769d14bb 2 bytes [9D, 76]
.text ... * 2
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe[1592] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000769d1465 2 bytes [9D, 76]
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe[1592] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000769d14bb 2 bytes [9D, 76]
.text ... * 2
.text C:\Users\Wolfgang\AppData\Local\Smartbar\Application\SnapDo.exe[2828] C:\windows\syswow64\psapi.dll!GetModuleInformation + 69 00000000769d1465 2 bytes [9D, 76]
.text C:\Users\Wolfgang\AppData\Local\Smartbar\Application\SnapDo.exe[2828] C:\windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000769d14bb 2 bytes [9D, 76]
.text ... * 2
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[2868] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000769d1465 2 bytes [9D, 76]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[2868] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000769d14bb 2 bytes [9D, 76]
.text ... * 2
.text C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe[2936] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000769d1465 2 bytes [9D, 76]
.text C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe[2936] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000769d14bb 2 bytes [9D, 76]
.text ... * 2
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[2864] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000769d1465 2 bytes [9D, 76]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[2864] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000769d14bb 2 bytes [9D, 76]
.text ... * 2
.text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[3100] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000769d1465 2 bytes [9D, 76]
.text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[3100] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000769d14bb 2 bytes [9D, 76]
.text ... * 2
.text C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe[3244] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000769d1465 2 bytes [9D, 76]
.text C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe[3244] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000769d14bb 2 bytes [9D, 76]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[3324] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000769d1465 2 bytes [9D, 76]
.text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[3324] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000769d14bb 2 bytes [9D, 76]
.text ... * 2
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5844] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000769d1465 2 bytes [9D, 76]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5844] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000769d14bb 2 bytes [9D, 76]
.text ... * 2
.text C:\Program Files (x86)\SoftwareUpdater\AppsUpdater.exe[2492] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000769d1465 2 bytes [9D, 76]
.text C:\Program Files (x86)\SoftwareUpdater\AppsUpdater.exe[2492] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000769d14bb 2 bytes [9D, 76]
.text ... * 2
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002421d239cf
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002421d239cf (not active ControlSet)
Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\Wolfgang\AppData\Local\Logitech\xae Webcam-Software\Logishrd\LU2.0\LogitechUpdate.exe 1
---- EOF - GMER 2.1 ----
|
Malwarebytes Anti-Malware 
AdwCleaner auf deinen Desktop.
So funktioniert es:
SecurityCheck und:
