Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Firefox ploppt soviel Werbung auf, dass ich es nicht mehr benutzen kann. Antivir hat Adware installcore.gen gefunden (https://www.trojaner-board.de/164765-firefox-ploppt-soviel-werbung-mehr-benutzen-antivir-hat-adware-installcore-gen-gefunden.html)

Schnagi 06.03.2015 12:35
Firefox ploppt soviel Werbung auf, dass ich es nicht mehr benutzen kann. Antivir hat Adware installcore.gen gefunden
 
Liste der Anhänge anzeigen (Anzahl: 2)
Hallo liebes Trojaner-Board Team,
ich habe seit einiger Zeit das Problem, dass beim Surfen mit Firefox soviel Werbebanner aufploppen, dass ich z.B. bei GMX meine Accountdaten zum Einloggen nicht mehr eingeben kann. Ich habe einen Adware Blocker (Adblock plus) installiert und Antivir auf Pro ubgedatet. Ich habe aber leider keinen Erfolg gehabt. Auch das De- und Neuinstallieren von Firefox brachte nichts.
Ich hoffe, dass ich das mit den Logfiles richtig gemacht habe - ich bin leider etwas unterbelichtet, was PC`s angeht :crazy:
Ich benutze den Laptop größtenteils privat aber auch einen kleinen Teil für unser Nebengewerbe.

Wenn wir das gemeinsam wieder hinbekommen bin ich glücklich!

Liebe Grüße Schnagi

Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-03-06 12:01:47
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST9500325AS rev.0003SDM1 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\SCHNAG~1\AppData\Local\Temp\kgtcypob.sys


---- User code sections - GMER 2.1 ----

.text  C:\Windows\AsScrPro.exe[2280] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17            0000000076d21401 2 bytes JMP 76f9b21b C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\AsScrPro.exe[2280] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17              0000000076d21419 2 bytes JMP 76f9b346 C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\AsScrPro.exe[2280] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17            0000000076d21431 2 bytes JMP 77018ea9 C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\AsScrPro.exe[2280] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42            0000000076d2144a 2 bytes CALL 76f748ad C:\Windows\syswow64\kernel32.dll
.text  ...                                                                                              * 9
.text  C:\Windows\AsScrPro.exe[2280] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17              0000000076d214dd 2 bytes JMP 770187a2 C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\AsScrPro.exe[2280] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17        0000000076d214f5 2 bytes JMP 77018978 C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\AsScrPro.exe[2280] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17              0000000076d2150d 2 bytes JMP 77018698 C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\AsScrPro.exe[2280] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17        0000000076d21525 2 bytes JMP 77018a62 C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\AsScrPro.exe[2280] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17              0000000076d2153d 2 bytes JMP 76f8fca8 C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\AsScrPro.exe[2280] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                  0000000076d21555 2 bytes JMP 76f968ef C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\AsScrPro.exe[2280] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17            0000000076d2156d 2 bytes JMP 77018f61 C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\AsScrPro.exe[2280] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17              0000000076d21585 2 bytes JMP 77018ac2 C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\AsScrPro.exe[2280] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                0000000076d2159d 2 bytes JMP 7701865c C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\AsScrPro.exe[2280] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17              0000000076d215b5 2 bytes JMP 76f8fd41 C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\AsScrPro.exe[2280] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17            0000000076d215cd 2 bytes JMP 76f9b2dc C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\AsScrPro.exe[2280] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20        0000000076d216b2 2 bytes JMP 77018e24 C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\AsScrPro.exe[2280] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31        0000000076d216bd 2 bytes JMP 770185f1 C:\Windows\syswow64\kernel32.dll
?      C:\Windows\system32\mssprxy.dll [2496] entry point in ".rdata" section                          00000000750671e6

---- Registry - GMER 2.1 ----

Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001060a774bf                     
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001060a774bf (not active ControlSet) 

---- EOF - GMER 2.1 ----
Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-03-06 12:01:47
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST9500325AS rev.0003SDM1 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\SCHNAG~1\AppData\Local\Temp\kgtcypob.sys


---- User code sections - GMER 2.1 ----

.text  C:\Windows\AsScrPro.exe[2280] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17            0000000076d21401 2 bytes JMP 76f9b21b C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\AsScrPro.exe[2280] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17              0000000076d21419 2 bytes JMP 76f9b346 C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\AsScrPro.exe[2280] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17            0000000076d21431 2 bytes JMP 77018ea9 C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\AsScrPro.exe[2280] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42            0000000076d2144a 2 bytes CALL 76f748ad C:\Windows\syswow64\kernel32.dll
.text  ...                                                                                              * 9
.text  C:\Windows\AsScrPro.exe[2280] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17              0000000076d214dd 2 bytes JMP 770187a2 C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\AsScrPro.exe[2280] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17        0000000076d214f5 2 bytes JMP 77018978 C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\AsScrPro.exe[2280] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17              0000000076d2150d 2 bytes JMP 77018698 C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\AsScrPro.exe[2280] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17        0000000076d21525 2 bytes JMP 77018a62 C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\AsScrPro.exe[2280] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17              0000000076d2153d 2 bytes JMP 76f8fca8 C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\AsScrPro.exe[2280] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                  0000000076d21555 2 bytes JMP 76f968ef C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\AsScrPro.exe[2280] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17            0000000076d2156d 2 bytes JMP 77018f61 C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\AsScrPro.exe[2280] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17              0000000076d21585 2 bytes JMP 77018ac2 C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\AsScrPro.exe[2280] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                0000000076d2159d 2 bytes JMP 7701865c C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\AsScrPro.exe[2280] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17              0000000076d215b5 2 bytes JMP 76f8fd41 C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\AsScrPro.exe[2280] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17            0000000076d215cd 2 bytes JMP 76f9b2dc C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\AsScrPro.exe[2280] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20        0000000076d216b2 2 bytes JMP 77018e24 C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\AsScrPro.exe[2280] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31        0000000076d216bd 2 bytes JMP 770185f1 C:\Windows\syswow64\kernel32.dll
?      C:\Windows\system32\mssprxy.dll [2496] entry point in ".rdata" section                          00000000750671e6

---- Registry - GMER 2.1 ----

Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001060a774bf                     
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001060a774bf (not active ControlSet) 

---- EOF - GMER 2.1 ----

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-03-2015 01
Ran by Schnagendorff (administrator) on SCHNAGENDORFF01 on 06-03-2015 11:40:46
Running from C:\Users\Schnagendorff\Desktop
Loaded Profiles: Schnagendorff (Available profiles: Schnagendorff)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_38986e29a8b510a2\stacsv64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
() C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
() C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(ATK) C:\Program Files\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
(ATK) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(ASUS) C:\Windows\AsScrPro.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\perfhost.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(AlcorMicro Co., Ltd.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Sonix Technology Co., Ltd.) C:\Windows\vsnp2uvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup_ultimateprotectionsuite.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [621440 2009-09-30] (ELAN Microelectronic Corp.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2009-11-27] (IDT, Inc.)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323584 2009-09-01] (AlcorMicro Co., Ltd.)
HKLM\...\Run: [snp2uvc] => C:\Windows\vsnp2uvc.exe [909824 2010-01-21] (Sonix Technology Co., Ltd.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2818800 2014-08-25] (Synaptics Incorporated)
HKLM-x32\...\Run: [UpdateLBPShortCut] => C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-11-11] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [6998656 2009-10-27] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [127792 2015-02-12] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [111928 2013-05-03] (Intel Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [704248 2015-03-05] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-774983500-107182102-3582295664-1000\...\MountPoints2: F - F:\AutoRun.exe
HKU\S-1-5-21-774983500-107182102-3582295664-1000\...\MountPoints2: {0c8b3889-5cc2-11e3-9559-20cf302ffb6d} - F:\AutoRun.exe
HKU\S-1-5-21-774983500-107182102-3582295664-1000\...\MountPoints2: {0c8b389d-5cc2-11e3-9559-20cf302ffb6d} - F:\AutoRun.exe
HKU\S-1-5-21-774983500-107182102-3582295664-1000\...\MountPoints2: {0c8b38b2-5cc2-11e3-9559-20cf302ffb6d} - F:\AutoRun.exe
HKU\S-1-5-21-774983500-107182102-3582295664-1000\...\MountPoints2: {0c8b38bf-5cc2-11e3-9559-20cf302ffb6d} - F:\AutoRun.exe
HKU\S-1-5-18\...\RunOnce: [Del1054220420] => cmd.exe /Q /D /c del "C:\Windows\TEMP\0.del" <===== ATTENTION
HKU\S-1-5-18\...\RunOnce: [Del14217494] => cmd.exe /Q /D /c del "C:\Windows\TEMP\0.del" <===== ATTENTION
HKU\S-1-5-18\...\RunOnce: [Del196020638] => cmd.exe /Q /D /c del "C:\Windows\TEMP\0.del" <===== ATTENTION
HKU\S-1-5-18\...\RunOnce: [Del11550189] => cmd.exe /Q /D /c del "C:\Windows\TEMP\0.del" <===== ATTENTION
HKU\S-1-5-18\...\RunOnce: [Del100880838] => cmd.exe /Q /D /c del "C:\Windows\TEMP\0.del" <===== ATTENTION
HKU\S-1-5-18\...\RunOnce: [Del286916508] => cmd.exe /Q /D /c del "C:\Windows\TEMP\0.del" <===== ATTENTION
HKU\S-1-5-18\...\RunOnce: [Del357147612] => cmd.exe /Q /D /c del "C:\Windows\TEMP\0.del" <===== ATTENTION
HKU\S-1-5-18\...\RunOnce: [Del467723976] => cmd.exe /Q /D /c del "C:\Windows\TEMP\0.del" <===== ATTENTION
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\service\AsusWSShellExt64.dll (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\service\AsusWSShellExt64.dll (eCareme Technologies, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-774983500-107182102-3582295664-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/?pc=COSP&ptag=D022115-A6B219395BABB4E59ADF&form=CONMHP&conlogo=CT3332005
HKU\S-1-5-21-774983500-107182102-3582295664-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-774983500-107182102-3582295664-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
SearchScopes: HKU\S-1-5-21-774983500-107182102-3582295664-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: Windows Live Family Safety Browser Helper Class -> {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} -> C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Google Dictionary Compression sdch -> {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} -> C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-774983500-107182102-3582295664-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Schnagendorff\AppData\Roaming\Mozilla\Firefox\Profiles\e3y8gbvs.default
FF NewTab: hxxp://www.bing.com/?pc=COSP&ptag=D022115-A6B219395BABB4E59ADF&form=CONMHP&conlogo=CT3332005
FF DefaultSearchUrl: hxxp://securesearch.lavasoft.com/?source=f439e2c0&tbp=homepage&toolbarid=adawaretb&v=2_5&u=FF6138F0ADD1C3D1144DD7513B90F08B
FF SelectedSearchEngine: Bing
FF Homepage: https://www.google.de/
FF Keyword.URL:
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8051.1204 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-774983500-107182102-3582295664-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Schnagendorff\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKU\S-1-5-21-774983500-107182102-3582295664-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Schnagendorff\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Extension: 20-20 3D Viewer - IKEA - C:\Users\Schnagendorff\AppData\Roaming\Mozilla\Firefox\Profiles\e3y8gbvs.default\Extensions\2020Player_IKEA@2020Technologies.com [2014-01-17]
FF Extension: Avira Browser Safety - C:\Users\Schnagendorff\AppData\Roaming\Mozilla\Firefox\Profiles\e3y8gbvs.default\Extensions\abs@avira.com [2015-02-25]
FF Extension: Lavasoft Search Plugin - C:\Users\Schnagendorff\AppData\Roaming\Mozilla\Firefox\Profiles\e3y8gbvs.default\Extensions\jid1-yZwVFzbsyfMrqQ@jetpack [2013-03-09]
FF Extension: GMX MailCheck - C:\Users\Schnagendorff\AppData\Roaming\Mozilla\Firefox\Profiles\e3y8gbvs.default\Extensions\toolbar@gmx.net [2015-02-27]
FF Extension: Zoom It - C:\Users\Schnagendorff\AppData\Roaming\Mozilla\Firefox\Profiles\e3y8gbvs.default\Extensions\{79e5e2aa-ce59-fdac-82a6-7bac7f83c4af} [2015-03-04]
FF Extension: DownloadHelper - C:\Users\Schnagendorff\AppData\Roaming\Mozilla\Firefox\Profiles\e3y8gbvs.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-05]
FF Extension: OLB - C:\Users\Schnagendorff\AppData\Roaming\Mozilla\Firefox\Profiles\e3y8gbvs.default\Extensions\{C752FF21-A8EF-468E-B507-5BBAFB84359D} [2014-08-26]
FF Extension: entrusted  - C:\Users\Schnagendorff\AppData\Roaming\Mozilla\Firefox\Profiles\e3y8gbvs.default\Extensions\{e44a1809-4d10-4ab8-b343-3326b64c7cdd} [2013-09-10]
FF Extension: Adblock Plus - C:\Users\Schnagendorff\AppData\Roaming\Mozilla\Firefox\Profiles\e3y8gbvs.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-25]
FF Extension: {e794c1e8-6f9e-4ddd-9918-bc7a784b7812} - C:\Users\Schnagendorff\AppData\Roaming\Mozilla\Firefox\Profiles\e3y8gbvs.default\Extensions\{e794c1e8-6f9e-4ddd-9918-bc7a784b7812}.xpi [2015-02-21]
FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2012-11-10]

Chrome:
=======
CHR DefaultSuggestURL: Default -> hxxp://ssmsp.ask.com/query?sstype=prefix&li=ff&q={searchTerms}
CHR Profile: C:\Users\Schnagendorff\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Schnagendorff\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-09]
CHR Extension: (Avira Browser Safety) - C:\Users\Schnagendorff\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-03-02]
CHR Extension: (Google Wallet) - C:\Users\Schnagendorff\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-09]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [806192 2015-03-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2015-03-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2015-03-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [992048 2015-03-05] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [184056 2015-02-12] (Avira Operations GmbH & Co. KG)
S3 lxci_device; C:\Windows\system32\lxcicoms.exe [452608 2006-05-15] ( )
S3 lxci_device; C:\Windows\SysWOW64\lxcicoms.exe [537520 2007-02-01] ( )
S4 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-07-26] (Nitro PDF Software)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_38986e29a8b510a2\STacSV64.exe [243712 2009-11-27] (IDT, Inc.)
S4 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [191728 2014-08-25] (Synaptics Incorporated)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-03-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-03-05] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-11-24] (Avira Operations GmbH & Co. KG)
S3 AVMCOWAN; C:\Windows\System32\DRIVERS\AVMCOWAN.sys [105472 2006-12-08] (AVM GmbH) [File not signed]
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-03-05] (Avira Operations GmbH & Co. KG)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-03-20] () [File not signed]
S3 fxusbase; C:\Windows\System32\DRIVERS\fxusbase.sys [706560 2006-12-08] (AVM Berlin) [File not signed]
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-03-09] (GFI Software)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
S3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [31472 2014-08-25] (Synaptics Incorporated)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1800832 2010-09-07] (Sonix Technology Co., Ltd.)
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
U3 tmlwf; No ImagePath
U3 tmwfp; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-06 11:40 - 2015-03-06 11:41 - 00021568 _____ () C:\Users\Schnagendorff\Desktop\FRST.txt
2015-03-06 11:40 - 2015-03-06 11:40 - 00000000 ____D () C:\FRST
2015-03-06 11:39 - 2015-03-06 11:39 - 02092544 _____ (Farbar) C:\Users\Schnagendorff\Desktop\FRST64.exe
2015-03-06 11:37 - 2015-03-06 11:38 - 00000488 _____ () C:\Users\Schnagendorff\Desktop\defogger_disable.log
2015-03-06 11:37 - 2015-03-06 11:37 - 00000000 _____ () C:\Users\Schnagendorff\defogger_reenable
2015-03-06 11:36 - 2015-03-06 11:36 - 00050477 _____ () C:\Users\Schnagendorff\Downloads\Defogger (1).exe
2015-03-06 11:34 - 2015-03-06 11:34 - 00050477 _____ () C:\Users\Schnagendorff\Desktop\Defogger.exe
2015-03-06 10:06 - 2015-03-06 10:13 - 00000000 ____D () C:\Users\Schnagendorff\Desktop\Global Well
2015-03-04 15:16 - 2015-03-06 08:32 - 00000112 _____ () C:\Windows\setupact.log
2015-03-04 15:16 - 2015-03-04 15:16 - 00000000 _____ () C:\Windows\setuperr.log
2015-03-04 09:07 - 2015-03-04 09:08 - 00652800 _____ () C:\Users\Schnagendorff\Downloads\MicrosoftFixit50362.msi
2015-03-04 09:06 - 2015-03-04 09:06 - 00000420 _____ () C:\DelFix.txt
2015-03-04 08:32 - 2015-03-04 08:32 - 00000000 ____D () C:\Windows\Sun
2015-03-04 08:30 - 2015-01-09 04:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-03-04 08:30 - 2015-01-09 04:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-03-04 08:30 - 2015-01-09 04:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-03-04 08:30 - 2015-01-09 03:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2015-03-04 08:25 - 2015-03-04 08:25 - 00561576 _____ (Oracle Corporation) C:\Users\Schnagendorff\Downloads\chromeinstall-8u40.exe
2015-03-03 08:30 - 2015-03-03 08:30 - 00001121 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-03-03 08:29 - 2015-03-03 08:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-03 08:29 - 2015-03-03 08:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-02 23:45 - 2015-03-02 23:45 - 00243576 _____ () C:\Users\Schnagendorff\Downloads\Firefox Setup Stub 36.0.exe
2015-03-02 23:08 - 2015-03-04 08:57 - 00000000 ____D () C:\Users\Schnagendorff\AppData\Local\AviraSpeedup
2015-03-02 23:08 - 2015-03-02 23:08 - 00001283 _____ () C:\Users\Public\Desktop\Avira System Speedup.lnk
2015-03-02 23:08 - 2015-03-02 23:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AviraSpeedup
2015-03-02 23:06 - 2015-03-02 23:06 - 04568832 _____ (2000 - 2015 Avira Operations GmbH & Co. KG ) C:\Users\Schnagendorff\Downloads\avira_speedup_ultimateprotectionsuite.exe
2015-03-02 23:06 - 2015-03-02 23:06 - 00003368 _____ () C:\Windows\System32\Tasks\AviraSpeedup
2015-03-02 23:05 - 2015-03-02 23:05 - 00000000 ____D () C:\Users\Schnagendorff\AppData\Roaming\Avira
2015-03-02 23:04 - 2015-03-05 12:17 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-03-02 23:04 - 2015-03-05 12:17 - 00128536 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-03-02 23:04 - 2015-03-05 12:17 - 00044088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-03-02 23:04 - 2015-03-02 23:04 - 00002028 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2015-03-02 23:04 - 2014-11-24 10:23 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2015-03-02 23:00 - 2015-03-02 23:01 - 175605432 _____ () C:\Users\Schnagendorff\Downloads\avira_antivirus_pro_de.exe
2015-03-02 22:04 - 2015-03-02 22:04 - 04582672 _____ (Avira Operations & Co. KG) C:\Users\Schnagendorff\Downloads\avira_de_av_5881315009__ws.exe
2015-03-02 21:41 - 2015-03-02 21:41 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2015-03-02 21:39 - 2015-03-02 21:39 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
2015-03-02 21:39 - 2015-03-02 21:39 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01011.Wdf
2015-03-02 21:39 - 2015-03-02 21:39 - 00000000 ____D () C:\Program Files\Synaptics
2015-03-02 21:38 - 2014-08-25 17:22 - 00750320 _____ (Synaptics Incorporated) C:\Windows\system32\SynCOM.dll
2015-03-02 21:38 - 2014-08-25 17:22 - 00546032 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\SynTP.sys
2015-03-02 21:38 - 2014-08-25 17:22 - 00407280 _____ (Synaptics Incorporated) C:\Windows\SysWOW64\SynCom.dll
2015-03-02 21:38 - 2014-08-25 17:22 - 00255216 _____ (Synaptics Incorporated) C:\Windows\system32\SynTPAPI.dll
2015-03-02 21:38 - 2014-08-25 17:22 - 00208624 _____ (Synaptics Incorporated) C:\Windows\system32\SynTPCo20.dll
2015-03-02 21:38 - 2014-08-25 17:22 - 00031472 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\Smb_driver_Intel.sys
2015-03-02 21:38 - 2013-04-16 18:33 - 01795952 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01011.dll
2015-03-02 21:33 - 2015-03-02 21:50 - 00000000 ____D () C:\drivertemp
2015-03-02 21:15 - 2015-03-02 21:15 - 05777320 _____ (SuperEasy Software GmbH & Co. KG ) C:\Users\Schnagendorff\Downloads\supereasy_driver_updater_1.1.1_7870.exe
2015-03-02 21:15 - 2015-03-02 21:15 - 00000000 ____D () C:\Users\Schnagendorff\AppData\Roaming\Nitro PDF
2015-03-02 20:54 - 2015-03-02 20:54 - 00000000 ____D () C:\Users\Schnagendorff\AppData\Roaming\Chip Digital GmbH
2015-03-02 09:42 - 2015-03-02 09:42 - 00001169 _____ () C:\Users\Public\Desktop\Avira.lnk
2015-03-02 09:41 - 2015-03-02 09:41 - 04582672 _____ (Avira Operations & Co. KG) C:\Users\Schnagendorff\Downloads\avira_de_uppro_21353280_w9qz89wi8m2jo9ezvl6r_wd.exe
2015-03-02 09:41 - 2015-03-02 09:41 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-27 14:29 - 2015-02-27 14:29 - 00000000 _____ () C:\Users\Schnagendorff\Desktop\Neue Bitmap (2).bmp
2015-02-25 14:30 - 2015-01-09 00:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
2015-02-25 14:30 - 2015-01-09 00:43 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-02-25 09:28 - 2015-02-25 09:28 - 01494894 _____ () C:\Users\Schnagendorff\Desktop\Präsentation Yo-You-Effekt 2.pptx
2015-02-21 11:17 - 2015-02-21 11:17 - 00000000 ____D () C:\Users\Schnagendorff\AppData\Roaming\dlg
2015-02-21 11:15 - 2015-02-21 11:15 - 00000000 ____D () C:\Users\Schnagendorff\AppData\Roaming\Nitro
2015-02-21 11:15 - 2015-02-21 11:15 - 00000000 ____D () C:\Users\Schnagendorff\AppData\Roaming\FileOpen
2015-02-21 11:15 - 2015-02-21 11:15 - 00000000 ____D () C:\ProgramData\FileOpen
2015-02-21 11:14 - 2015-02-21 11:14 - 00002499 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nitro Reader 3.lnk
2015-02-21 11:14 - 2015-02-21 11:14 - 00002005 _____ () C:\Users\Public\Desktop\Nitro Reader.lnk
2015-02-21 11:14 - 2015-02-21 11:14 - 00000000 ____D () C:\ProgramData\Nitro
2015-02-21 11:14 - 2015-02-21 11:14 - 00000000 ____D () C:\Program Files\Common Files\Nitro
2015-02-21 11:14 - 2015-02-21 11:14 - 00000000 ____D () C:\Program Files (x86)\Nitro
2015-02-21 11:14 - 2013-07-26 06:57 - 00029712 _____ (Nitro PDF Software) C:\Windows\system32\nitrolocalmon2.dll
2015-02-21 11:14 - 2013-07-26 06:57 - 00017936 _____ (Nitro PDF Software) C:\Windows\system32\nitrolocalui2.dll
2015-02-21 11:09 - 2015-02-21 11:13 - 00000000 ____D () C:\Users\Schnagendorff\AppData\Roaming\Downloaded Installations
2015-02-21 11:08 - 2015-02-25 12:49 - 00002960 _____ () C:\Windows\SysWOW64\LavasoftTcpServiceOff.ini
2015-02-21 11:08 - 2015-02-25 12:49 - 00002960 _____ () C:\Windows\system32\LavasoftTcpServiceOff.ini
2015-02-21 11:08 - 2015-02-18 11:55 - 00372264 _____ (Lavasoft Limited) C:\Windows\system32\LavasoftTcpService64.dll
2015-02-21 11:08 - 2015-02-18 11:55 - 00326240 _____ (Lavasoft Limited) C:\Windows\SysWOW64\LavasoftTcpService.dll
2015-02-13 10:49 - 2015-01-23 05:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-13 10:49 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-13 10:49 - 2015-01-23 04:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-13 10:49 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-11 08:53 - 2015-02-04 04:16 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-11 08:53 - 2015-02-04 04:16 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-11 08:53 - 2015-02-04 04:16 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-11 08:53 - 2015-02-04 04:16 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-11 08:53 - 2015-02-04 04:16 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-11 08:53 - 2015-02-04 04:16 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-02-11 08:53 - 2015-02-04 04:13 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-11 08:53 - 2015-01-28 00:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-02-11 08:53 - 2015-01-14 06:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-11 08:53 - 2015-01-14 06:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-11 08:53 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 08:53 - 2015-01-12 04:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-11 08:53 - 2015-01-12 04:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-11 08:53 - 2015-01-12 03:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-11 08:53 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 08:53 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 08:53 - 2015-01-12 03:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-11 08:53 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-11 08:53 - 2015-01-12 03:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-11 08:53 - 2015-01-12 03:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-11 08:53 - 2015-01-12 03:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-11 08:53 - 2015-01-12 03:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-11 08:53 - 2015-01-12 03:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-11 08:53 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-11 08:53 - 2015-01-12 03:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-11 08:53 - 2015-01-12 03:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-11 08:53 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 08:53 - 2015-01-12 03:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-11 08:53 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-11 08:53 - 2015-01-12 03:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-11 08:53 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 08:53 - 2015-01-12 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-11 08:53 - 2015-01-12 03:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-11 08:53 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-11 08:53 - 2015-01-12 03:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-11 08:53 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-11 08:53 - 2015-01-12 03:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-11 08:53 - 2015-01-12 02:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-11 08:53 - 2015-01-12 02:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-11 08:53 - 2015-01-12 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-11 08:53 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 08:53 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-11 08:53 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 08:53 - 2015-01-12 02:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-11 08:53 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-11 08:53 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 08:53 - 2015-01-12 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-11 08:53 - 2015-01-12 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-11 08:53 - 2015-01-12 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-11 08:53 - 2015-01-12 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-11 08:53 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 08:53 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-11 08:53 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-11 08:53 - 2015-01-12 02:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-11 08:53 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-11 08:53 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 08:53 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-11 08:53 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-11 08:53 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-11 08:53 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-11 08:53 - 2015-01-10 07:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-11 08:53 - 2015-01-10 07:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-11 08:53 - 2015-01-10 07:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-11 08:53 - 2015-01-10 07:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-11 08:53 - 2015-01-10 07:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-11 08:53 - 2015-01-10 07:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-11 08:53 - 2015-01-10 07:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-11 08:53 - 2015-01-10 07:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-11 08:53 - 2015-01-10 07:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-11 08:53 - 2015-01-10 07:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-11 08:53 - 2015-01-10 07:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-11 08:53 - 2015-01-10 07:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-11 08:53 - 2015-01-10 07:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-11 08:53 - 2015-01-10 07:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-11 08:52 - 2015-01-15 09:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 08:52 - 2015-01-15 09:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-11 08:52 - 2015-01-15 09:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 08:52 - 2015-01-15 09:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-11 08:52 - 2015-01-15 09:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-11 08:52 - 2015-01-15 09:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-11 08:52 - 2015-01-15 09:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-11 08:52 - 2015-01-15 09:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-11 08:52 - 2015-01-15 09:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-11 08:52 - 2015-01-15 09:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-11 08:52 - 2015-01-15 09:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 08:52 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-11 08:52 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-11 08:52 - 2015-01-15 08:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-11 08:52 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-11 08:52 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-11 08:52 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-11 08:52 - 2015-01-15 05:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 08:52 - 2015-01-14 07:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 08:52 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-11 08:52 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-11 08:52 - 2015-01-13 04:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 08:52 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-11 08:52 - 2014-12-12 06:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-11 08:52 - 2014-12-12 06:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-11 08:52 - 2014-12-08 04:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 08:52 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-11 08:52 - 2014-11-26 04:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 08:52 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-11 08:52 - 2014-10-04 03:10 - 03722752 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-02-11 08:52 - 2014-10-04 02:42 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-02-11 08:52 - 2014-10-04 02:42 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2015-02-11 08:51 - 2015-01-14 07:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-11 08:51 - 2015-01-14 07:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-11 08:51 - 2015-01-14 07:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-11 08:51 - 2015-01-14 06:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-11 08:51 - 2015-01-09 03:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-06 11:37 - 2010-10-11 21:00 - 00000000 ____D () C:\Users\Schnagendorff
2015-03-06 11:34 - 2012-07-11 12:58 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-06 11:03 - 2010-08-06 20:09 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-06 11:03 - 2010-08-06 19:49 - 01066798 _____ () C:\Windows\WindowsUpdate.log
2015-03-06 09:49 - 2011-10-09 19:57 - 00001170 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-774983500-107182102-3582295664-1000UA.job
2015-03-06 08:50 - 2009-07-14 05:45 - 00018832 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-06 08:50 - 2009-07-14 05:45 - 00018832 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-06 08:33 - 2013-06-08 12:53 - 00000350 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job
2015-03-06 08:33 - 2013-06-03 11:44 - 00000350 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2015-03-06 08:33 - 2010-11-18 10:10 - 00000348 _____ () C:\Windows\Tasks\WinMaximizer-Schnagendorff-Startup.job
2015-03-06 08:33 - 2010-08-06 20:09 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-06 08:32 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-05 21:40 - 2011-10-09 19:57 - 00001148 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-774983500-107182102-3582295664-1000Core.job
2015-03-04 15:16 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing
2015-03-04 08:28 - 2014-01-15 13:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-03-04 08:27 - 2014-01-15 13:36 - 00000000 ____D () C:\ProgramData\Oracle
2015-03-04 08:27 - 2014-01-15 13:35 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-03-04 08:27 - 2014-01-15 13:35 - 00000000 ____D () C:\Program Files (x86)\Java
2015-03-02 23:40 - 2010-10-12 08:32 - 00000000 ____D () C:\Users\Schnagendorff\Desktop\Anwendungen
2015-03-02 23:37 - 2010-08-06 20:31 - 00001608 _____ () C:\Windows\system32\ServiceFilter.ini
2015-03-02 23:36 - 2009-07-14 05:45 - 00409144 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-02 23:11 - 2011-02-10 20:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2015-03-02 23:08 - 2010-10-11 21:00 - 00109696 _____ () C:\Users\Schnagendorff\AppData\Local\GDIPFONTCACHEV1.DAT
2015-03-02 23:06 - 2013-03-10 11:23 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-03-02 23:04 - 2013-03-10 11:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-03-02 23:04 - 2011-10-21 07:53 - 00000000 ____D () C:\ProgramData\Avira
2015-03-02 21:56 - 2010-08-06 20:31 - 00002254 _____ () C:\Windows\system32\AutoRunFilter.ini
2015-03-02 21:45 - 2009-08-04 10:51 - 00700134 _____ () C:\Windows\system32\perfh007.dat
2015-03-02 21:45 - 2009-08-04 10:51 - 00149984 _____ () C:\Windows\system32\perfc007.dat
2015-03-02 21:45 - 2009-07-14 06:13 - 01622300 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-02 21:41 - 2010-08-06 20:18 - 00000000 ____D () C:\Program Files (x86)\Intel
2015-03-02 09:50 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-02-25 13:10 - 2014-07-01 13:35 - 00000000 ____D () C:\ProgramData\eBay
2015-02-25 13:08 - 2015-01-21 19:06 - 00000000 ____D () C:\Users\Schnagendorff\AppData\Local\Citrix
2015-02-25 12:49 - 2013-03-09 20:46 - 00000000 ____D () C:\ProgramData\Lavasoft
2015-02-24 22:25 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2015-02-20 13:27 - 2011-04-10 12:24 - 00000000 ____D () C:\Users\Schnagendorff\Documents\Axel Praxis
2015-02-13 11:32 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-02-11 20:12 - 2014-12-15 12:41 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-11 20:12 - 2014-05-06 12:24 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-11 18:27 - 2011-04-11 09:21 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-11 18:27 - 2009-07-14 03:34 - 00000478 _____ () C:\Windows\win.ini
2015-02-11 18:23 - 2013-07-27 12:34 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-11 18:15 - 2010-10-12 08:19 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-04 20:34 - 2012-07-11 12:58 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-04 20:34 - 2012-04-15 15:01 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-04 20:34 - 2011-05-24 08:13 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-04 19:47 - 2010-08-06 20:09 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-04 19:47 - 2010-08-06 20:09 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

==================== Files in the root of some directories =======

2011-12-01 12:33 - 2011-12-01 12:33 - 0000000 _____ () C:\Users\Schnagendorff\AppData\Local\{7D926FC1-751A-4CAB-9431-B0CE41AE8D81}
2012-11-10 16:23 - 2012-11-10 16:23 - 0000057 _____ () C:\ProgramData\Ament.ini
2010-08-06 20:09 - 2009-12-24 13:38 - 0131368 _____ () C:\ProgramData\FullRemove.exe
2010-08-06 20:04 - 2010-08-06 20:05 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2010-08-06 20:04 - 2010-08-06 20:04 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log

Some content of TEMP:
====================
C:\Users\Schnagendorff\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-24 22:09

==================== End Of Log ============================
--- --- ---


Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-03-2015 01
Ran by Schnagendorff at 2015-03-06 11:41:43
Running from C:\Users\Schnagendorff\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{F4BF5F6B-F695-4762-AEB2-D095A4C34D89}) (Version: 1.5.17.25482 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.5.17.25482 - Alcor Micro Corp.) Hidden
Antivirus Pro (HKLM-x32\...\Avira AntiVir Desktop) (Version: 15.0.8.644 - Avira)
ASUS AI Recovery (HKLM-x32\...\{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}) (Version: 1.0.8 - ASUS)
ASUS AP Bank (HKLM-x32\...\ASUS AP Bank_is1) (Version: 1.0.0.0 - ASUSTEK)
ASUS FancyStart (HKLM-x32\...\{2B81872B-A054-48DA-BE3B-FA5C164C303A}) (Version: 1.0.8 - ASUSTeK Computer Inc.)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.20 - ASUS)
ASUS Live Update (HKLM-x32\...\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}) (Version: 2.5.9 - ASUS)
ASUS MultiFrame (HKLM-x32\...\{9D48531D-2135-49FC-BC29-ACCDA5396A76}) (Version: 1.0.0019 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{91EFE3A1-585E-4F66-B5F6-F118F56C4C47}) (Version: 1.1.27 - ASUS)
ASUS SmartLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0007 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0028 - ASUS)
ASUS USB2.0 UVC VGA WebCam (HKLM\...\ASUS USB2.0 UVC VGA WebCam) (Version: 5.8.53120.202 - Sonix)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.19 - asus)
ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 2.0.46.1429 - eCareme Technologies, Inc.)
ATI Catalyst Install Manager (HKLM\...\{80AB4395-42E3-D0B3-A310-6F0A6BD9709B}) (Version: 3.0.750.0 - ATI Technologies, Inc.)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0001 - ASUS)
Avira (HKLM-x32\...\{d9ed6dcf-6bfc-4fbb-802e-81dd5b767d6e}) (Version: 1.1.32.25147 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.32.25147 - Avira Operations & Co. KG) Hidden
Avira System Speedup 1.6 (HKLM-x32\...\Avira System Speedup_is1) (Version: 1.6 - 2000 - 2015 Avira Operations GmbH & Co. KG)
Boingo Wi-Fi (HKLM-x32\...\{B653A2EC-D816-4498-A4FD-651047AB9DC9}) (Version: 1.7.0048 - Boingo Wireless, Inc.)
Canon Inkjet Printer Driver Add-On Module (HKLM\...\CANONIJINBOXADDON100) (Version:  - )
ccc-core-static (x32 Version: 2009.1111.1543.28169 - ATI) Hidden
CD-LabelPrint (HKLM-x32\...\MediaNavigation.CDLabelPrint) (Version:  - )
Choice Guard (x32 Version: 1.2.87.0 - Microsoft Corporation) Hidden
Citrix Online Launcher (HKLM-x32\...\{AFB80939-4486-49D8-A04E-2B05C0F2DE39}) (Version: 1.0.252 - Citrix)
ControlDeck (HKLM-x32\...\{5B65EF64-1DFA-414A-8C94-7BB726158E21}) (Version: 1.0.5 - ASUS)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1908 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3602c - CyberLink Corp.)
DealPly (HKU\.DEFAULT\...\DealPly) (Version:  - ) <==== ATTENTION
Der Kleine Turnierplaner 6.7.3.1a (HKLM-x32\...\Der_Deploy_0) (Version: 6.7.3.1a - Der Kleine Turnierplaner)
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
ETDWare PS/2-x64 7.0.5.9_WHQL (HKLM\...\Elantech) (Version:  - )
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.5 - ASUS)
Game Park Console (HKLM-x32\...\{C9991C9B-0783-452E-8954-AB93E2AB3B80}_is1) (Version: 6.2.0.2 - Oberon Media, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version:  - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet Pro 8600 - Grundlegende Software für das Gerät (HKLM\...\{1241CE77-0B65-40A0-B893-02EA49E35332}) (Version: 25.0.619.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Hilfe (HKLM-x32\...\{B6F5C6D8-C443-4B55-932F-AE11B5743FC4}) (Version: 140.0.2.2 - Hewlett Packard)
HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.001 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6259.0 - IDT)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.2.50.1050 - Intel Corporation)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Junk Mail filter update (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
K_Series_ScreenSaver_EN (HKLM-x32\...\K_Series_ScreenSaver_EN) (Version:  - )
Konfigurator Eumex 400 (HKLM-x32\...\Konfigurator Eumex 400) (Version:  - )
Lexmark 7300 Series (HKLM\...\Lexmark 7300 Series) (Version:  - )
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 36.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 36.0 (x86 de)) (Version: 36.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 36.0 - Mozilla)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
MyFreeCodec (HKU\S-1-5-21-774983500-107182102-3582295664-1000\...\MyFreeCodec) (Version:  - )
Nitro Reader 3 (HKLM\...\{4756C731-B54E-451A-9AF1-86E8AB1BEBBB}) (Version: 3.5.6.5 - Nitro)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.5.0 - Frank Heindörfer, Philip Chinery)
Rechnungsvorlage V2.30  (ab Excel 2000) V2.30  (HKLM-x32\...\Rechnungsvorlage V2.30  (ab Excel 2000)) (Version: V2.30 - EuEx©  Eugen Brisch)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.3.3.12085_7 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.3.3.12085_7 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14083.17 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.14083.17 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
Search App by Ask (HKLM-x32\...\{4F524A2D-5350-4500-76A7-A758B70C1801}) (Version: 12.24.1.51 - APN, LLC) <==== ATTENTION
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Studie zur Verbesserung von HP Officejet Pro 8600 Produkten (HKLM\...\{4DF1691E-8012-4E7C-89CF-3F7B9146DA6E}) (Version: 25.0.619.0 - Hewlett-Packard Co.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.1.7.18 - Synaptics Incorporated)
syncables desktop SE (HKLM-x32\...\{BBED4F90-7AE5-40BF-AFB7-1B495692F4AB}) (Version: 5.5.615.9518 - syncables)
USB2.0 UVC VGA WebCam (HKLM\...\USB2.0 UVC VGA WebCam) (Version: 5.8.55133.208 - Sonix)
VLC media player 1.1.7 (HKLM-x32\...\VLC media player) (Version: 1.1.7 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{8C1E2925-14F8-45AA-B999-1E2A74BF5607}) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.29.0 - ASUS)
Wireless Console 3 (HKLM-x32\...\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}) (Version: 3.0.15 - ASUS)
Yahoo! Detect (HKLM-x32\...\YTdetect) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

02-03-2015 22:08:08 Windows Update
02-03-2015 23:07:04 Avira System Speedup 1.6
04-03-2015 09:08:15 Installed Microsoft Fix it 50362
04-03-2015 09:10:43 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {03E7FBCC-F8AA-4BB1-80F5-3D63C6AB4E07} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe [2007-11-30] ()
Task: {1082EA69-86E6-4888-8A89-1C0D21E405DD} - System32\Tasks\AviraSpeedup => C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup_ultimateprotectionsuite.exe [2015-01-30] (Avira Operations GmbH & Co. KG)
Task: {116CC517-63D6-4945-A731-40F10340EABD} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {2A5BC64C-ED0D-49D3-8339-0D8D851CFD19} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{B740A0E1-DC44-46F9-B40E-A31D64FD4913}.exe
Task: {3017258D-18A0-45B5-9BE4-31CB642A7BDF} - System32\Tasks\{72C5D31F-F8B3-4C41-A127-E6696DA96487} => pcalua.exe -a E:\Setup.exe -d E:\
Task: {310911A8-2141-4D2D-B122-924CEC1928D8} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-774983500-107182102-3582295664-1000UA => C:\Users\Schnagendorff\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
Task: {34143E3E-6588-47B7-8A76-DB9592B14039} - System32\Tasks\ASUSControlDeck => C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe [2009-11-24] ()
Task: {3C367ADD-9927-4939-91FF-C8FBE83DC866} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2009-07-23] (ATK)
Task: {4B9CED8F-A97F-45A4-8FBD-4104E647A9C4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {56D05305-8669-4A1C-859F-62C80EBB4A61} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2009-12-24] (ATK)
Task: {63557B4C-28C1-408D-ADCF-E2AAE5165F82} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => C:\PROGRA~2\AD-AWA~1\AdAwareLauncher.exe
Task: {6628963D-8A47-4A8A-BCFE-26A99C89061B} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2009-05-18] (ASUS)
Task: {87B011FD-C825-4E5B-9BDD-D48F08C16D1E} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2011-09-09] (Hewlett-Packard Co.)
Task: {8810ECCD-3BF8-4667-99D5-837126FE6B21} - System32\Tasks\WC3 => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2010-01-05] ()
Task: {90CBF86E-7CBA-4DC5-A1A5-65E1A27CF1F4} - System32\Tasks\WinMaximizer-Schnagendorff-Startup => C:\Program Files (x86)\WinMaximizer\WinMaximizer.exe
Task: {C5CCF2C3-878A-465C-9E17-55CCAD012CF2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-04] (Adobe Systems Incorporated)
Task: {D2C2E0C0-42E4-449B-A73F-65D697470C0A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {D8F13839-3313-4179-8B76-94536B433BB8} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-774983500-107182102-3582295664-1000Core => C:\Users\Schnagendorff\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
Task: {EAAC0014-DB6C-4752-9F2C-8F87F87402C6} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv => C:\Windows\TEMP\{A4CBAD87-9F74-4055-A55F-E6C19EAAAA4A}.exe
Task: {F1DB0D40-145A-44CD-8109-68A27C9BD307} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job => C:\Windows\TEMP\{A4CBAD87-9F74-4055-A55F-E6C19EAAAA4A}.exe <==== ATTENTION
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{B740A0E1-DC44-46F9-B40E-A31D64FD4913}.exe <==== ATTENTION
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-774983500-107182102-3582295664-1000Core.job => C:\Users\Schnagendorff\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-774983500-107182102-3582295664-1000UA.job => C:\Users\Schnagendorff\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\WinMaximizer-Schnagendorff-Startup.job => C:\Program Files (x86)\WinMaximizer\WinMaximizer.exe

==================== Loaded Modules (whitelisted) ==============

2010-03-16 02:48 - 2010-03-16 02:48 - 00148816 _____ () C:\Program Files (x86)\ASUS\ASUS WebStorage\EcaremeDLL.dll
2010-08-06 20:09 - 2010-08-06 20:09 - 00030032 _____ () C:\Windows\assembly\GAC_MSIL\SqliteShared\1.0.3726.20828__0d0f4b69e50e559b\SqliteShared.dll
2010-08-06 20:09 - 2010-08-06 20:09 - 00931840 _____ () C:\Windows\assembly\GAC_64\System.Data.SQLite\1.0.60.0__db937bc2d44ff139\System.Data.SQLite.dll
2010-08-06 20:31 - 2007-11-30 19:20 - 00051768 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
2009-11-24 21:45 - 2009-11-24 21:45 - 00053888 _____ () C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
2009-12-23 21:12 - 2009-12-23 21:12 - 00017920 _____ () C:\Program Files\P4G\DevMng.dll
2009-12-19 03:11 - 2009-12-19 03:11 - 00033280 _____ () C:\Program Files\P4G\OvrClk.dll
2008-10-01 07:02 - 2008-10-01 07:08 - 00011264 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2010-01-05 01:43 - 2010-01-05 01:43 - 01597440 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
2008-10-23 18:21 - 2008-10-23 18:21 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-08-06 20:23 - 2010-08-06 20:23 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2009-11-02 22:20 - 2009-11-02 22:20 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2009-11-02 22:23 - 2009-11-02 22:23 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2009-09-23 19:07 - 2009-09-23 19:07 - 00204800 _____ () C:\Program Files (x86)\asus\VirtualCamera\virtualCamera.ax
2015-02-20 09:18 - 2015-02-17 23:44 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\libglesv2.dll
2015-02-20 09:18 - 2015-02-17 23:44 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\libegl.dll
2015-02-20 09:18 - 2015-02-17 23:44 - 09171272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\pdf.dll
2015-02-20 09:18 - 2015-02-17 23:44 - 14965064 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-774983500-107182102-3582295664-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Schnagendorff\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: ApnUpdater => "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe
MSCONFIG\startupreg: Boingo Wi-Fi => "C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk"
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: KiesAirMessage => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
MSCONFIG\startupreg: KiesPDLR => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MSCONFIG\startupreg: KiesPreload => C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: SearchProtection => C:\ProgramData\Search Protection\_run.bat
MSCONFIG\startupreg: Sweetpacks Communicator => C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe

==================== Accounts: =============================

Administrator (S-1-5-21-774983500-107182102-3582295664-500 - Administrator - Disabled)
Gast (S-1-5-21-774983500-107182102-3582295664-501 - Limited - Disabled)
Schnagendorff (S-1-5-21-774983500-107182102-3582295664-1000 - Administrator - Enabled) => C:\Users\Schnagendorff

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/04/2015 03:18:37 PM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Fehler beim Verarbeiten von Sitzungsänderung. System.NullReferenceException: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
  bei Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription)
  bei System.ServiceProcess.ServiceBase.DeferredSessionChange(Int32 eventType, Int32 sessionId)

Error: (03/04/2015 03:18:37 PM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Fehler beim Verarbeiten von Sitzungsänderung. System.NullReferenceException: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
  bei Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription)
  bei System.ServiceProcess.ServiceBase.DeferredSessionChange(Int32 eventType, Int32 sessionId)

Error: (03/02/2015 10:34:09 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
Failed to Start the CVH service 1063

Error: (03/02/2015 09:36:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 36.0.0.5531, Zeitstempel: 0x54eb029a
Name des fehlerhaften Moduls: mozalloc.dll, Version: 36.0.0.5531, Zeitstempel: 0x54eaf3b7
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001e02
ID des fehlerhaften Prozesses: 0x1470
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (03/02/2015 09:41:46 AM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "F:\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)"

Error: (02/27/2015 10:37:46 AM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: Schnagendorff01)
Description: Die Anwendung oder der Dienst "Avira Echtzeit-Scanner" konnte nicht heruntergefahren werden.

Error: (02/27/2015 10:37:46 AM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: Schnagendorff01)
Description: Die Anwendung oder der Dienst "Avira Browser-Schutz" konnte nicht heruntergefahren werden.

Error: (02/24/2015 10:24:33 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "UCCAPI,processorArchitecture="x86",type="win32",version="2.0.0.0"1".
Die abhängige Assemblierung "UCCAPI,processorArchitecture="x86",type="win32",version="2.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (02/24/2015 10:24:32 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (02/24/2015 10:18:45 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "UCCAPI,processorArchitecture="x86",type="win32",version="2.0.0.0"1".
Die abhängige Assemblierung "UCCAPI,processorArchitecture="x86",type="win32",version="2.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".


System errors:
=============
Error: (03/06/2015 08:33:03 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Der Dienst "Net.Tcp-Listeneradapter" ist von folgendem Dienst abhängig: was. Dieser Dienst ist eventuell nicht installiert.

Error: (03/06/2015 08:33:03 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Der Dienst "Net.Pipe-Listeneradapter" ist von folgendem Dienst abhängig: was. Dieser Dienst ist eventuell nicht installiert.

Error: (03/06/2015 08:33:03 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Der Dienst "Net.Msmq-Listeneradapter" ist von folgendem Dienst abhängig: msmq. Dieser Dienst ist eventuell nicht installiert.

Error: (03/05/2015 00:20:11 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Avira Echtzeit-Scanner" wurde unerwartet beendet. Dies ist bereits 3 Mal passiert.

Error: (03/05/2015 00:19:49 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Avira Echtzeit-Scanner" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.

Error: (03/05/2015 00:19:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Avira Echtzeit-Scanner" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.

Error: (03/04/2015 03:16:59 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Der Dienst "Net.Tcp-Listeneradapter" ist von folgendem Dienst abhängig: was. Dieser Dienst ist eventuell nicht installiert.

Error: (03/04/2015 03:16:59 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Der Dienst "Net.Pipe-Listeneradapter" ist von folgendem Dienst abhängig: was. Dieser Dienst ist eventuell nicht installiert.

Error: (03/04/2015 03:16:59 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Der Dienst "Net.Msmq-Listeneradapter" ist von folgendem Dienst abhängig: msmq. Dieser Dienst ist eventuell nicht installiert.

Error: (03/04/2015 08:43:09 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Druckwarteschlange" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069


Microsoft Office Sessions:
=========================
Error: (03/04/2015 03:18:37 PM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Fehler beim Verarbeiten von Sitzungsänderung. System.NullReferenceException: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
  bei Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription)
  bei System.ServiceProcess.ServiceBase.DeferredSessionChange(Int32 eventType, Int32 sessionId)

Error: (03/04/2015 03:18:37 PM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Fehler beim Verarbeiten von Sitzungsänderung. System.NullReferenceException: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
  bei Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription)
  bei System.ServiceProcess.ServiceBase.DeferredSessionChange(Int32 eventType, Int32 sessionId)

Error: (03/02/2015 10:34:09 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Failed to Start the CVH service 1063

Error: (03/02/2015 09:36:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe36.0.0.553154eb029amozalloc.dll36.0.0.553154eaf3b78000000300001e02147001d05524234d792eC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dlldacdd38e-c11b-11e4-8d8e-20cf302ffb6d

Error: (03/02/2015 09:41:46 AM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: F:\Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)

Error: (02/27/2015 10:37:46 AM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: Schnagendorff01)
Description: 0avguard.exeAvira Echtzeit-Scanner030171708143003A005C00570069006E0064006F00770073005C0053007900730057004F005700360034005C006D00660063003100300030006400650075002E0064006C006C000000

Error: (02/27/2015 10:37:46 AM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: Schnagendorff01)
Description: 0avwebgrd.exeAvira Browser-Schutz0302621613020143003A005C00570069006E0064006F00770073005C0053007900730057004F005700360034005C006D00660063003100300030006400650075002E0064006C006C000000

Error: (02/24/2015 10:24:33 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: UCCAPI,processorArchitecture="x86",type="win32",version="2.0.0.0"c:\program files (x86)\windows live\messenger\wlcsdk.exe

Error: (02/24/2015 10:24:32 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (02/24/2015 10:18:45 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: UCCAPI,processorArchitecture="x86",type="win32",version="2.0.0.0"c:\program files (x86)\windows live\messenger\wlcsdk.exe


CodeIntegrity Errors:
===================================
  Date: 2013-04-14 08:52:30.909
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-04-14 08:52:30.744
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-04-14 08:52:27.560
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-04-14 08:52:27.341
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-04-14 08:52:25.103
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-04-14 08:52:24.852
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-04-14 08:52:22.445
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-04-14 08:52:22.274
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-04-14 08:52:20.059
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-04-14 08:52:19.887
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3 CPU M 350 @ 2.27GHz
Percentage of memory in use: 45%
Total physical RAM: 3948.54 MB
Available physical RAM: 2169.95 MB
Total Pagefile: 7895.27 MB
Available Pagefile: 5183.51 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:116.44 GB) (Free:45.12 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (DATA) (Fixed) (Total:329.79 GB) (Free:329.67 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: E0C5913D)
Partition 1: (Not Active) - (Size=19.5 GB) - (Type=1C)
Partition 2: (Active) - (Size=116.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=329.8 GB) - (Type=OF Extended)

==================== End Of Log ============================
Code:
Exportierte Ereignisse:

06.03.2015 11:37 [System-Scanner] Malware gefunden
      Die Datei 'C:\Users\Schnagendorff\Downloads\Avira RegCleaner -
      CHIP-Installer.exe'
      enthielt einen Virus oder unerwünschtes Programm 'PUA/DownloadSponsor.Gen'
      [riskware].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '1ba80302.qua'
      verschoben!

06.03.2015 11:36 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\Schnagendorff\Downloads\Avira RegCleaner -
      CHIP-Installer.exe'
      wurde ein Virus oder unerwünschtes Programm 'PUA/DownloadSponsor.Gen'
      [riskware] gefunden.
      Ausgeführte Aktion: Zugriff verweigern

06.03.2015 11:36 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\Schnagendorff\Downloads\Avira RegCleaner -
      CHIP-Installer.exe'
      wurde ein Virus oder unerwünschtes Programm 'PUA/DownloadSponsor.Gen'
      [riskware] gefunden.
      Ausgeführte Aktion: Zugriff verweigern

03.03.2015 11:57 [System-Scanner] Malware gefunden
      Die Datei
      'C:\AdwCleaner\Quarantine\C\Windows\SysWOW64\config\systemprofile\AppData\Roamin
      g\DealPly\UpdateProc\UpdateTask.exe.vir'
      enthielt einen Virus oder unerwünschtes Programm 'ADWARE/DealPly.Gen' [adware].
      Durchgeführte Aktion(en):
      Beim Versuch eine Sicherungskopie der Datei anzulegen ist ein Fehler
      aufgetreten und die Datei wurde nicht gelöscht. Fehlernummer: 26004.
      Die Quelldatei konnte nicht gefunden werden.
      Es wird versucht die Aktion mit Hilfe der ARK Library durchzuführen.
      Die Datei konnte nicht ins Quarantäneverzeichnis verschoben werden!
      Die Datei existiert nicht!

03.03.2015 11:56 [System-Scanner] Malware gefunden
      Die Datei
      'C:\Users\Schnagendorff\Downloads\MyPhoneExplorer_Setup_1.8.6_CB-DL-Manager.exe'
      enthielt einen Virus oder unerwünschtes Programm 'ADWARE/InstallCore.Gen'
      [adware].
      Durchgeführte Aktion(en):
      Beim Versuch eine Sicherungskopie der Datei anzulegen ist ein Fehler
      aufgetreten und die Datei wurde nicht gelöscht. Fehlernummer: 26004.
      Die Quelldatei konnte nicht gefunden werden.
      Es wird versucht die Aktion mit Hilfe der ARK Library durchzuführen.
      Die Datei konnte nicht ins Quarantäneverzeichnis verschoben werden!
      Die Datei existiert nicht!

03.03.2015 10:45 [System-Scanner] Malware gefunden
      Die Datei
      'C:\AdwCleaner\Quarantine\C\Windows\SysWOW64\config\systemprofile\AppData\Roamin
      g\DealPly\UpdateProc\UpdateTask.exe.vir'
      enthielt einen Virus oder unerwünschtes Programm 'ADWARE/DealPly.Gen' [adware].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '48ba0387.qua'
      verschoben!

03.03.2015 10:44 [System-Scanner] Malware gefunden
      Die Datei
      'C:\Users\Schnagendorff\Downloads\MyPhoneExplorer_Setup_1.8.6_CB-DL-Manager.exe'
      enthielt einen Virus oder unerwünschtes Programm 'ADWARE/InstallCore.Gen'
      [adware].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '50312c3d.qua'
      verschoben!

02.03.2015 23:34 [System-Scanner] Malware gefunden
      Die Datei 'C:\Users\Schnagendorff\Downloads\wz185gev-32_CB-DL-Manager.exe'
      enthielt einen Virus oder unerwünschtes Programm 'ADWARE/InstallCore.Gen'
      [adware].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '505475db.qua'
      verschoben!

02.03.2015 23:32 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\Schnagendorff\Downloads\wz185gev-32_CB-DL-Manager.exe'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/InstallCore.Gen' [adware]
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

schrauber 06.03.2015 12:37
Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.
Ich kann auf Arbeit keine Anhänge öffnen, danke.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

Schnagi 06.03.2015 12:42
Hallo Schrauber, habe es in meinem Beitrag editiert. Danke fürs erklären.

schrauber 06.03.2015 16:31
Lade Dir bitte von hier Revo Uninstaller Download Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
  • Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
  • Klicke auf Optionen und wähle als Sprache Deutsch.
  • Suche im Uninstallerfeld nach den Programmen:

    DealPly

    Search App by Ask


  • Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

 






Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Schnagi 07.03.2015 11:23
Hallo Schrauber,
dealply konnte ich nicht finden zum uninstall und habe das aber mit search by ask wie o.a. gemacht.
Auch eine Suche nach Dealply hat nicht ergeben.

combofix habe ich installiert und durchlaufen lassen. ist durch aber erstellt seit ca. 45min eine Logdatei. Ich habe nun das Gefühl, dass sich da nichts mehr tut?! Was mache ich, wenn der Zustand die nächsten Stunden so bleibt? Combofix hat nicht gemeckert und einen Neustart gemacht bevor es zu dieser Verzögerung kam. Ich habe weder Maus noch irgendetwas anderes bewegt. Es wird ja davor gewarnt ein anderes Programm zu starten solange der Combofix aktiv ist. Was mache ich also?

schrauber 07.03.2015 18:38
Wenn es immer noch läuft beenden und ein frisches FRST log posten.

Schnagi 08.03.2015 11:02
Es lief heute morgen immer noch. Also beendet und scan gestartet.
Ich hoffe das war das Richtige.


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-03-2015 01
Ran by Schnagendorff (administrator) on SCHNAGENDORFF01 on 08-03-2015 10:28:31
Running from C:\Users\Schnagendorff\Desktop
Loaded Profiles: Schnagendorff (Available profiles: Schnagendorff)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_38986e29a8b510a2\stacsv64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
() C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
(ATK) C:\Program Files\P4G\BatteryLife.exe
(ATK) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(ASUS) C:\Windows\AsScrPro.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup_ultimateprotectionsuite.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\perfhost.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Facebook Inc.) C:\Users\Schnagendorff\AppData\Local\Facebook\Update\FacebookUpdate.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [621440 2009-09-30] (ELAN Microelectronic Corp.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2009-11-27] (IDT, Inc.)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323584 2009-09-01] (AlcorMicro Co., Ltd.)
HKLM\...\Run: [snp2uvc] => C:\Windows\vsnp2uvc.exe [909824 2010-01-21] (Sonix Technology Co., Ltd.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2818800 2014-08-25] (Synaptics Incorporated)
HKLM-x32\...\Run: [UpdateLBPShortCut] => C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-11-11] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [6998656 2009-10-27] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [127792 2015-02-12] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [111928 2013-05-03] (Intel Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [704248 2015-03-05] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [ApnTBMon] => "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
HKU\S-1-5-18\...\RunOnce: [Del1054220420] => cmd.exe /Q /D /c del "C:\Windows\TEMP\0.del" <===== ATTENTION
HKU\S-1-5-18\...\RunOnce: [Del14217494] => cmd.exe /Q /D /c del "C:\Windows\TEMP\0.del" <===== ATTENTION
HKU\S-1-5-18\...\RunOnce: [Del196020638] => cmd.exe /Q /D /c del "C:\Windows\TEMP\0.del" <===== ATTENTION
HKU\S-1-5-18\...\RunOnce: [Del11550189] => cmd.exe /Q /D /c del "C:\Windows\TEMP\0.del" <===== ATTENTION
HKU\S-1-5-18\...\RunOnce: [Del100880838] => cmd.exe /Q /D /c del "C:\Windows\TEMP\0.del" <===== ATTENTION
HKU\S-1-5-18\...\RunOnce: [Del286916508] => cmd.exe /Q /D /c del "C:\Windows\TEMP\0.del" <===== ATTENTION
HKU\S-1-5-18\...\RunOnce: [Del357147612] => cmd.exe /Q /D /c del "C:\Windows\TEMP\0.del" <===== ATTENTION
HKU\S-1-5-18\...\RunOnce: [Del467723976] => cmd.exe /Q /D /c del "C:\Windows\TEMP\0.del" <===== ATTENTION
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\service\AsusWSShellExt64.dll (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\service\AsusWSShellExt64.dll (eCareme Technologies, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-774983500-107182102-3582295664-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:51390;https=127.0.0.1:51390
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-774983500-107182102-3582295664-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/?pc=COSP&ptag=D022115-A6B219395BABB4E59ADF&form=CONMHP&conlogo=CT3332005
HKU\S-1-5-21-774983500-107182102-3582295664-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-774983500-107182102-3582295664-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
SearchScopes: HKU\S-1-5-21-774983500-107182102-3582295664-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: Windows Live Family Safety Browser Helper Class -> {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} -> C:\Program Files\Windows Live\Family Safety\fssbho.dll [2008-12-08] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2010-08-06] (Google Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll [2010-08-06] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-04] (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2010-08-06] (Google Inc.)
BHO-x32: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll [2010-08-06] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Google Dictionary Compression sdch -> {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} -> C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2010-08-06] (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-04] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2010-08-06] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2010-08-06] (Google Inc.)
Toolbar: HKU\S-1-5-21-774983500-107182102-3582295664-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Schnagendorff\AppData\Roaming\Mozilla\Firefox\Profiles\e3y8gbvs.default
FF NewTab: hxxp://www.bing.com/?pc=COSP&ptag=D022115-A6B219395BABB4E59ADF&form=CONMHP&conlogo=CT3332005
FF DefaultSearchUrl: hxxp://securesearch.lavasoft.com/?source=f439e2c0&tbp=homepage&toolbarid=adawaretb&v=2_5&u=FF6138F0ADD1C3D1144DD7513B90F08B
FF SelectedSearchEngine: Bing
FF Homepage: https://www.google.de/
FF Keyword.URL:
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-04] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-04] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-04] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-04] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8051.1204 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2008-12-04] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll [2013-07-26] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-774983500-107182102-3582295664-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Schnagendorff\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-01-21] (Citrix Online)
FF Plugin HKU\S-1-5-21-774983500-107182102-3582295664-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Schnagendorff\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Extension: 20-20 3D Viewer - IKEA - C:\Users\Schnagendorff\AppData\Roaming\Mozilla\Firefox\Profiles\e3y8gbvs.default\Extensions\2020Player_IKEA@2020Technologies.com [2014-01-17]
FF Extension: Avira Browser Safety - C:\Users\Schnagendorff\AppData\Roaming\Mozilla\Firefox\Profiles\e3y8gbvs.default\Extensions\abs@avira.com [2015-02-25]
FF Extension: Lavasoft Search Plugin - C:\Users\Schnagendorff\AppData\Roaming\Mozilla\Firefox\Profiles\e3y8gbvs.default\Extensions\jid1-yZwVFzbsyfMrqQ@jetpack [2013-03-09]
FF Extension: GMX MailCheck - C:\Users\Schnagendorff\AppData\Roaming\Mozilla\Firefox\Profiles\e3y8gbvs.default\Extensions\toolbar@gmx.net [2015-02-27]
FF Extension: Zoom It - C:\Users\Schnagendorff\AppData\Roaming\Mozilla\Firefox\Profiles\e3y8gbvs.default\Extensions\{79e5e2aa-ce59-fdac-82a6-7bac7f83c4af} [2015-03-04]
FF Extension: Zoom It - C:\Users\Schnagendorff\AppData\Roaming\Mozilla\Firefox\Profiles\e3y8gbvs.default\Extensions\{942d977d-27a2-b922-0361-13155829595f} [2015-03-07]
FF Extension: DownloadHelper - C:\Users\Schnagendorff\AppData\Roaming\Mozilla\Firefox\Profiles\e3y8gbvs.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-05]
FF Extension: OLB - C:\Users\Schnagendorff\AppData\Roaming\Mozilla\Firefox\Profiles\e3y8gbvs.default\Extensions\{C752FF21-A8EF-468E-B507-5BBAFB84359D} [2014-08-26]
FF Extension: entrusted  - C:\Users\Schnagendorff\AppData\Roaming\Mozilla\Firefox\Profiles\e3y8gbvs.default\Extensions\{e44a1809-4d10-4ab8-b343-3326b64c7cdd} [2013-09-10]
FF Extension: Adblock Plus - C:\Users\Schnagendorff\AppData\Roaming\Mozilla\Firefox\Profiles\e3y8gbvs.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-25]
FF Extension: {e794c1e8-6f9e-4ddd-9918-bc7a784b7812} - C:\Users\Schnagendorff\AppData\Roaming\Mozilla\Firefox\Profiles\e3y8gbvs.default\Extensions\{e794c1e8-6f9e-4ddd-9918-bc7a784b7812}.xpi [2015-02-21]
FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2012-11-10]

Chrome:
=======
CHR DefaultSuggestURL: Default -> hxxp://ssmsp.ask.com/query?sstype=prefix&li=ff&q={searchTerms}
CHR Profile: C:\Users\Schnagendorff\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Schnagendorff\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-09]
CHR Extension: (Avira Browser Safety) - C:\Users\Schnagendorff\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-03-02]
CHR Extension: (Google Wallet) - C:\Users\Schnagendorff\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-09]
CHR HKLM\...\Chrome\Extension: [aaaaaiabcopkplhgaedhbloeejhhankf] -  [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [aaaaaiabcopkplhgaedhbloeejhhankf] -  [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [806192 2015-03-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2015-03-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2015-03-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [992048 2015-03-05] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [184056 2015-02-12] (Avira Operations GmbH & Co. KG)
S3 lxci_device; C:\Windows\system32\lxcicoms.exe [452608 2006-05-15] ( )
S3 lxci_device; C:\Windows\SysWOW64\lxcicoms.exe [537520 2007-02-01] ( )
S4 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-07-26] (Nitro PDF Software)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_38986e29a8b510a2\STacSV64.exe [243712 2009-11-27] (IDT, Inc.)
S4 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [191728 2014-08-25] (Synaptics Incorporated)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-03-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-03-05] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-11-24] (Avira Operations GmbH & Co. KG)
S3 AVMCOWAN; C:\Windows\System32\DRIVERS\AVMCOWAN.sys [105472 2006-12-08] (AVM GmbH) [File not signed]
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-03-05] (Avira Operations GmbH & Co. KG)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-03-20] () [File not signed]
S3 fxusbase; C:\Windows\System32\DRIVERS\fxusbase.sys [706560 2006-12-08] (AVM Berlin) [File not signed]
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-03-09] (GFI Software)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
S3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [31472 2014-08-25] (Synaptics Incorporated)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1800832 2010-09-07] (Sonix Technology Co., Ltd.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
U3 tmlwf; No ImagePath
U3 tmwfp; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-08 10:28 - 2015-03-08 10:28 - 00000000 ____D () C:\Users\Schnagendorff\Desktop\FRST-OlderVersion
2015-03-07 13:42 - 2015-03-07 13:50 - 00000000 ____D () C:\ComboFix
2015-03-07 10:46 - 2015-03-07 12:30 - 00001092 _____ () C:\Windows\PFRO.log
2015-03-07 10:38 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-03-07 10:38 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-03-07 10:38 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-03-07 10:38 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-03-07 10:38 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-03-07 10:38 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-03-07 10:38 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-03-07 10:38 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-03-07 10:34 - 2015-03-07 10:34 - 05612482 ____R (Swearware) C:\Users\Schnagendorff\Desktop\ComboFix.exe
2015-03-07 10:22 - 2015-03-07 10:22 - 00000841 _____ () C:\Users\Schnagendorff\Desktop\Run Hunter Mode.lnk
2015-03-07 10:19 - 2015-03-07 10:24 - 00000000 ____D () C:\Qoobox
2015-03-07 10:18 - 2015-03-07 10:51 - 00000000 ____D () C:\Windows\erdnt
2015-03-07 10:13 - 2015-03-07 10:13 - 00000000 ____D () C:\Program Files (x86)\AskPartnerNetwork
2015-03-07 10:10 - 2015-03-07 10:10 - 00000771 _____ () C:\Users\Schnagendorff\Desktop\Revo Uninstaller.lnk
2015-03-07 10:09 - 2015-03-07 10:09 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Schnagendorff\Downloads\revosetup95.exe
2015-03-06 12:36 - 2015-03-06 12:36 - 00007822 _____ () C:\Users\Schnagendorff\Downloads\Avira Ereignisse.txt
2015-03-06 12:22 - 2015-03-06 12:22 - 00007822 _____ () C:\Users\Schnagendorff\Desktop\Avira Ereignisse.txt
2015-03-06 12:01 - 2015-03-06 12:01 - 00003828 _____ () C:\Users\Schnagendorff\Desktop\Gmer.txt
2015-03-06 11:44 - 2015-03-06 11:44 - 00380416 _____ () C:\Users\Schnagendorff\Desktop\Gmer-19357.exe
2015-03-06 11:41 - 2015-03-06 11:42 - 00038546 _____ () C:\Users\Schnagendorff\Desktop\Addition.txt
2015-03-06 11:40 - 2015-03-08 10:28 - 00021051 _____ () C:\Users\Schnagendorff\Desktop\FRST.txt
2015-03-06 11:40 - 2015-03-08 10:28 - 00000000 ____D () C:\FRST
2015-03-06 11:39 - 2015-03-08 10:28 - 02094592 _____ (Farbar) C:\Users\Schnagendorff\Desktop\FRST64.exe
2015-03-06 11:37 - 2015-03-06 11:38 - 00000488 _____ () C:\Users\Schnagendorff\Desktop\defogger_disable.log
2015-03-06 11:37 - 2015-03-06 11:37 - 00000000 _____ () C:\Users\Schnagendorff\defogger_reenable
2015-03-06 11:36 - 2015-03-06 11:36 - 00050477 _____ () C:\Users\Schnagendorff\Downloads\Defogger (1).exe
2015-03-06 11:34 - 2015-03-06 11:34 - 00050477 _____ () C:\Users\Schnagendorff\Desktop\Defogger.exe
2015-03-06 10:06 - 2015-03-06 10:13 - 00000000 ____D () C:\Users\Schnagendorff\Desktop\Global Well
2015-03-04 15:16 - 2015-03-07 12:30 - 00000336 _____ () C:\Windows\setupact.log
2015-03-04 15:16 - 2015-03-04 15:16 - 00000000 _____ () C:\Windows\setuperr.log
2015-03-04 09:07 - 2015-03-04 09:08 - 00652800 _____ () C:\Users\Schnagendorff\Downloads\MicrosoftFixit50362.msi
2015-03-04 09:06 - 2015-03-04 09:06 - 00000420 _____ () C:\DelFix.txt
2015-03-04 08:32 - 2015-03-04 08:32 - 00000000 ____D () C:\Windows\Sun
2015-03-04 08:30 - 2015-01-09 04:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-03-04 08:30 - 2015-01-09 04:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-03-04 08:30 - 2015-01-09 04:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-03-04 08:30 - 2015-01-09 03:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2015-03-04 08:25 - 2015-03-04 08:25 - 00561576 _____ (Oracle Corporation) C:\Users\Schnagendorff\Downloads\chromeinstall-8u40.exe
2015-03-03 08:30 - 2015-03-03 08:30 - 00001121 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-03-03 08:29 - 2015-03-03 08:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-03 08:29 - 2015-03-03 08:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-02 23:45 - 2015-03-02 23:45 - 00243576 _____ () C:\Users\Schnagendorff\Downloads\Firefox Setup Stub 36.0.exe
2015-03-02 23:08 - 2015-03-04 08:57 - 00000000 ____D () C:\Users\Schnagendorff\AppData\Local\AviraSpeedup
2015-03-02 23:08 - 2015-03-02 23:08 - 00001283 _____ () C:\Users\Public\Desktop\Avira System Speedup.lnk
2015-03-02 23:08 - 2015-03-02 23:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AviraSpeedup
2015-03-02 23:06 - 2015-03-02 23:06 - 04568832 _____ (2000 - 2015 Avira Operations GmbH & Co. KG ) C:\Users\Schnagendorff\Downloads\avira_speedup_ultimateprotectionsuite.exe
2015-03-02 23:06 - 2015-03-02 23:06 - 00003368 _____ () C:\Windows\System32\Tasks\AviraSpeedup
2015-03-02 23:05 - 2015-03-02 23:05 - 00000000 ____D () C:\Users\Schnagendorff\AppData\Roaming\Avira
2015-03-02 23:04 - 2015-03-05 12:17 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-03-02 23:04 - 2015-03-05 12:17 - 00128536 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-03-02 23:04 - 2015-03-05 12:17 - 00044088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-03-02 23:04 - 2015-03-02 23:04 - 00002028 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2015-03-02 23:04 - 2014-11-24 10:23 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2015-03-02 23:00 - 2015-03-02 23:01 - 175605432 _____ () C:\Users\Schnagendorff\Downloads\avira_antivirus_pro_de.exe
2015-03-02 22:04 - 2015-03-02 22:04 - 04582672 _____ (Avira Operations & Co. KG) C:\Users\Schnagendorff\Downloads\avira_de_av_5881315009__ws.exe
2015-03-02 21:41 - 2015-03-02 21:41 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2015-03-02 21:39 - 2015-03-02 21:39 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
2015-03-02 21:39 - 2015-03-02 21:39 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01011.Wdf
2015-03-02 21:39 - 2015-03-02 21:39 - 00000000 ____D () C:\Program Files\Synaptics
2015-03-02 21:38 - 2014-08-25 17:22 - 00750320 _____ (Synaptics Incorporated) C:\Windows\system32\SynCOM.dll
2015-03-02 21:38 - 2014-08-25 17:22 - 00546032 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\SynTP.sys
2015-03-02 21:38 - 2014-08-25 17:22 - 00407280 _____ (Synaptics Incorporated) C:\Windows\SysWOW64\SynCom.dll
2015-03-02 21:38 - 2014-08-25 17:22 - 00255216 _____ (Synaptics Incorporated) C:\Windows\system32\SynTPAPI.dll
2015-03-02 21:38 - 2014-08-25 17:22 - 00208624 _____ (Synaptics Incorporated) C:\Windows\system32\SynTPCo20.dll
2015-03-02 21:38 - 2014-08-25 17:22 - 00031472 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\Smb_driver_Intel.sys
2015-03-02 21:38 - 2013-04-16 18:33 - 01795952 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01011.dll
2015-03-02 21:33 - 2015-03-02 21:50 - 00000000 ____D () C:\drivertemp
2015-03-02 21:15 - 2015-03-02 21:15 - 05777320 _____ (SuperEasy Software GmbH & Co. KG ) C:\Users\Schnagendorff\Downloads\supereasy_driver_updater_1.1.1_7870.exe
2015-03-02 21:15 - 2015-03-02 21:15 - 00000000 ____D () C:\Users\Schnagendorff\AppData\Roaming\Nitro PDF
2015-03-02 20:54 - 2015-03-02 20:54 - 00000000 ____D () C:\Users\Schnagendorff\AppData\Roaming\Chip Digital GmbH
2015-03-02 09:42 - 2015-03-02 09:42 - 00001169 _____ () C:\Users\Public\Desktop\Avira.lnk
2015-03-02 09:41 - 2015-03-02 09:41 - 04582672 _____ (Avira Operations & Co. KG) C:\Users\Schnagendorff\Downloads\avira_de_uppro_21353280_w9qz89wi8m2jo9ezvl6r_wd.exe
2015-03-02 09:41 - 2015-03-02 09:41 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-27 14:29 - 2015-02-27 14:29 - 00000000 _____ () C:\Users\Schnagendorff\Desktop\Neue Bitmap (2).bmp
2015-02-25 14:30 - 2015-01-09 00:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
2015-02-25 14:30 - 2015-01-09 00:43 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-02-25 09:28 - 2015-02-25 09:28 - 01494894 _____ () C:\Users\Schnagendorff\Desktop\Präsentation Yo-You-Effekt 2.pptx
2015-02-21 11:17 - 2015-02-21 11:17 - 00000000 ____D () C:\Users\Schnagendorff\AppData\Roaming\dlg
2015-02-21 11:15 - 2015-02-21 11:15 - 00000000 ____D () C:\Users\Schnagendorff\AppData\Roaming\Nitro
2015-02-21 11:15 - 2015-02-21 11:15 - 00000000 ____D () C:\Users\Schnagendorff\AppData\Roaming\FileOpen
2015-02-21 11:15 - 2015-02-21 11:15 - 00000000 ____D () C:\ProgramData\FileOpen
2015-02-21 11:14 - 2015-02-21 11:14 - 00002499 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nitro Reader 3.lnk
2015-02-21 11:14 - 2015-02-21 11:14 - 00002005 _____ () C:\Users\Public\Desktop\Nitro Reader.lnk
2015-02-21 11:14 - 2015-02-21 11:14 - 00000000 ____D () C:\ProgramData\Nitro
2015-02-21 11:14 - 2015-02-21 11:14 - 00000000 ____D () C:\Program Files\Common Files\Nitro
2015-02-21 11:14 - 2015-02-21 11:14 - 00000000 ____D () C:\Program Files (x86)\Nitro
2015-02-21 11:14 - 2013-07-26 06:57 - 00029712 _____ (Nitro PDF Software) C:\Windows\system32\nitrolocalmon2.dll
2015-02-21 11:14 - 2013-07-26 06:57 - 00017936 _____ (Nitro PDF Software) C:\Windows\system32\nitrolocalui2.dll
2015-02-21 11:09 - 2015-02-21 11:13 - 00000000 ____D () C:\Users\Schnagendorff\AppData\Roaming\Downloaded Installations
2015-02-21 11:08 - 2015-02-25 12:49 - 00002960 _____ () C:\Windows\SysWOW64\LavasoftTcpServiceOff.ini
2015-02-21 11:08 - 2015-02-25 12:49 - 00002960 _____ () C:\Windows\system32\LavasoftTcpServiceOff.ini
2015-02-21 11:08 - 2015-02-18 11:55 - 00372264 _____ (Lavasoft Limited) C:\Windows\system32\LavasoftTcpService64.dll
2015-02-21 11:08 - 2015-02-18 11:55 - 00326240 _____ (Lavasoft Limited) C:\Windows\SysWOW64\LavasoftTcpService.dll
2015-02-13 10:49 - 2015-01-23 05:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-13 10:49 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-13 10:49 - 2015-01-23 04:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-13 10:49 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-11 08:53 - 2015-02-04 04:16 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-11 08:53 - 2015-02-04 04:16 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-11 08:53 - 2015-02-04 04:16 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-11 08:53 - 2015-02-04 04:16 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-11 08:53 - 2015-02-04 04:16 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-11 08:53 - 2015-02-04 04:16 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-02-11 08:53 - 2015-02-04 04:13 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-11 08:53 - 2015-01-28 00:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-02-11 08:53 - 2015-01-14 06:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-11 08:53 - 2015-01-14 06:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-11 08:53 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 08:53 - 2015-01-12 04:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-11 08:53 - 2015-01-12 04:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-11 08:53 - 2015-01-12 03:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-11 08:53 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 08:53 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 08:53 - 2015-01-12 03:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-11 08:53 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-11 08:53 - 2015-01-12 03:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-11 08:53 - 2015-01-12 03:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-11 08:53 - 2015-01-12 03:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-11 08:53 - 2015-01-12 03:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-11 08:53 - 2015-01-12 03:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-11 08:53 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-11 08:53 - 2015-01-12 03:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-11 08:53 - 2015-01-12 03:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-11 08:53 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 08:53 - 2015-01-12 03:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-11 08:53 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-11 08:53 - 2015-01-12 03:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-11 08:53 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 08:53 - 2015-01-12 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-11 08:53 - 2015-01-12 03:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-11 08:53 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-11 08:53 - 2015-01-12 03:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-11 08:53 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-11 08:53 - 2015-01-12 03:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-11 08:53 - 2015-01-12 02:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-11 08:53 - 2015-01-12 02:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-11 08:53 - 2015-01-12 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-11 08:53 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 08:53 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-11 08:53 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 08:53 - 2015-01-12 02:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-11 08:53 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-11 08:53 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 08:53 - 2015-01-12 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-11 08:53 - 2015-01-12 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-11 08:53 - 2015-01-12 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-11 08:53 - 2015-01-12 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-11 08:53 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 08:53 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-11 08:53 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-11 08:53 - 2015-01-12 02:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-11 08:53 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-11 08:53 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 08:53 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-11 08:53 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-11 08:53 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-11 08:53 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-11 08:53 - 2015-01-10 07:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-11 08:53 - 2015-01-10 07:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-11 08:53 - 2015-01-10 07:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-11 08:53 - 2015-01-10 07:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-11 08:53 - 2015-01-10 07:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-11 08:53 - 2015-01-10 07:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-11 08:53 - 2015-01-10 07:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-11 08:53 - 2015-01-10 07:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-11 08:53 - 2015-01-10 07:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-11 08:53 - 2015-01-10 07:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-11 08:53 - 2015-01-10 07:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-11 08:53 - 2015-01-10 07:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-11 08:53 - 2015-01-10 07:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-11 08:53 - 2015-01-10 07:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-11 08:52 - 2015-01-15 09:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 08:52 - 2015-01-15 09:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-11 08:52 - 2015-01-15 09:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 08:52 - 2015-01-15 09:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-11 08:52 - 2015-01-15 09:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-11 08:52 - 2015-01-15 09:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-11 08:52 - 2015-01-15 09:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-11 08:52 - 2015-01-15 09:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-11 08:52 - 2015-01-15 09:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-11 08:52 - 2015-01-15 09:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-11 08:52 - 2015-01-15 09:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 08:52 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-11 08:52 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-11 08:52 - 2015-01-15 08:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-11 08:52 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-11 08:52 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-11 08:52 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-11 08:52 - 2015-01-15 05:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 08:52 - 2015-01-14 07:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 08:52 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-11 08:52 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-11 08:52 - 2015-01-13 04:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 08:52 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-11 08:52 - 2014-12-12 06:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-11 08:52 - 2014-12-12 06:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-11 08:52 - 2014-12-08 04:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 08:52 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-11 08:52 - 2014-11-26 04:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 08:52 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-11 08:52 - 2014-10-04 03:10 - 03722752 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-02-11 08:52 - 2014-10-04 02:42 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-02-11 08:52 - 2014-10-04 02:42 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2015-02-11 08:51 - 2015-01-14 07:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-11 08:51 - 2015-01-14 07:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-11 08:51 - 2015-01-14 07:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-11 08:51 - 2015-01-14 06:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-11 08:51 - 2015-01-09 03:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-08 10:25 - 2012-07-11 12:58 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-08 10:25 - 2011-10-09 19:57 - 00001170 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-774983500-107182102-3582295664-1000UA.job
2015-03-08 10:25 - 2010-08-06 20:09 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-08 10:25 - 2010-08-06 20:09 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-07 19:46 - 2011-10-09 19:57 - 00001148 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-774983500-107182102-3582295664-1000Core.job
2015-03-07 13:48 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-03-07 13:42 - 2010-08-06 19:49 - 01152233 _____ () C:\Windows\WindowsUpdate.log
2015-03-07 12:40 - 2009-07-14 05:45 - 00018832 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-07 12:40 - 2009-07-14 05:45 - 00018832 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-07 12:30 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-06 12:47 - 2010-10-12 08:04 - 00000000 ____D () C:\Users\Schnagendorff\AppData\Roaming\Adobe
2015-03-06 11:37 - 2010-10-11 21:00 - 00000000 ____D () C:\Users\Schnagendorff
2015-03-04 15:16 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing
2015-03-04 08:28 - 2014-01-15 13:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-03-04 08:27 - 2014-01-15 13:36 - 00000000 ____D () C:\ProgramData\Oracle
2015-03-04 08:27 - 2014-01-15 13:35 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-03-04 08:27 - 2014-01-15 13:35 - 00000000 ____D () C:\Program Files (x86)\Java
2015-03-02 23:40 - 2010-10-12 08:32 - 00000000 ____D () C:\Users\Schnagendorff\Desktop\Anwendungen
2015-03-02 23:37 - 2010-08-06 20:31 - 00001608 _____ () C:\Windows\system32\ServiceFilter.ini
2015-03-02 23:36 - 2009-07-14 05:45 - 00409144 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-02 23:11 - 2011-02-10 20:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2015-03-02 23:08 - 2010-10-11 21:00 - 00109696 _____ () C:\Users\Schnagendorff\AppData\Local\GDIPFONTCACHEV1.DAT
2015-03-02 23:06 - 2013-03-10 11:23 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-03-02 23:04 - 2013-03-10 11:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-03-02 23:04 - 2011-10-21 07:53 - 00000000 ____D () C:\ProgramData\Avira
2015-03-02 21:56 - 2010-08-06 20:31 - 00002254 _____ () C:\Windows\system32\AutoRunFilter.ini
2015-03-02 21:45 - 2009-08-04 10:51 - 00700134 _____ () C:\Windows\system32\perfh007.dat
2015-03-02 21:45 - 2009-08-04 10:51 - 00149984 _____ () C:\Windows\system32\perfc007.dat
2015-03-02 21:45 - 2009-07-14 06:13 - 01622300 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-02 21:41 - 2010-08-06 20:18 - 00000000 ____D () C:\Program Files (x86)\Intel
2015-03-02 09:50 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-02-25 13:10 - 2014-07-01 13:35 - 00000000 ____D () C:\ProgramData\eBay
2015-02-25 13:08 - 2015-01-21 19:06 - 00000000 ____D () C:\Users\Schnagendorff\AppData\Local\Citrix
2015-02-25 12:49 - 2013-03-09 20:46 - 00000000 ____D () C:\ProgramData\Lavasoft
2015-02-24 22:25 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2015-02-20 13:27 - 2011-04-10 12:24 - 00000000 ____D () C:\Users\Schnagendorff\Documents\Axel Praxis
2015-02-13 11:32 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-02-11 20:12 - 2014-12-15 12:41 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-11 20:12 - 2014-05-06 12:24 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-11 18:27 - 2011-04-11 09:21 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-11 18:27 - 2009-07-14 03:34 - 00000478 _____ () C:\Windows\win.ini
2015-02-11 18:23 - 2013-07-27 12:34 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-11 18:15 - 2010-10-12 08:19 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Files in the root of some directories =======

2011-12-01 12:33 - 2011-12-01 12:33 - 0000000 _____ () C:\Users\Schnagendorff\AppData\Local\{7D926FC1-751A-4CAB-9431-B0CE41AE8D81}
2012-11-10 16:23 - 2012-11-10 16:23 - 0000057 _____ () C:\ProgramData\Ament.ini
2010-08-06 20:09 - 2009-12-24 13:38 - 0131368 _____ () C:\ProgramData\FullRemove.exe
2010-08-06 20:04 - 2010-08-06 20:05 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2010-08-06 20:04 - 2010-08-06 20:04 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-24 22:09

==================== End Of Log ============================
--- --- ---

--- --- ---


Ach ja. Und wenn ich Dateien öffnen möchte erhalte ich die Fehlermeldung : Es wurde versucht, einem Registrierungsschlüssel einem unzulässigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
Programme kann ich dann als Administrator starten - Dateien lassen sich aber gar nicht öffnen.

schrauber 08.03.2015 19:00
Zitat:
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.
;).


Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

Schnagi 08.03.2015 20:45
Sorry - ich hatte den Rechner mehrfach neu gestartet aber die Fehlermeldung blieb. Hatte ich aber vergessen zu erwähnen.

Es geht los:

Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 08.03.2015
Suchlauf-Zeit: 19:46:43
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2014.11.20.06
Rootkit Datenbank: v2014.11.18.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Schnagendorff

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 323823
Verstrichene Zeit: 18 Min, 25 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 5
PUP.Optional.SearchApp.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\aaaaaiabcopkplhgaedhbloeejhhankf, In Quarantäne, [28de8db1710be25463bf1c27758ed62a],
PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}, In Quarantäne, [3ec82b13790394a295ccc3edd52f956b],
PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{cf2797aa-b7ec-e311-8ed9-005056c00008}, In Quarantäne, [ba4c8eb0c2ba5cda8cd4872983817d83],
PUP.Optional.SearchApp.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\aaaaaiabcopkplhgaedhbloeejhhankf, In Quarantäne, [5fa7d06e96e620162df573d0a75ceb15],
PUP.Optional.InstallBrain.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WNLT, Löschen bei Neustart, [6e9863db43393afcd75bade6cf3546ba],

Registrierungswerte: 1
PUP.Optional.InstallBrain.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WNLT|URL, Löschen bei Neustart, [6e9863db43393afcd75bade6cf3546ba],

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 2
PUP.Optional.Conduit.A, C:\Users\Schnagendorff\AppData\Local\TB\APISupport, In Quarantäne, [848254eae19bff371f7ad34d669d10f0],
PUP.Optional.Conduit.A, C:\Users\Schnagendorff\AppData\Local\TB\APISupport\MiniSP_1.0.4.9, In Quarantäne, [848254eae19bff371f7ad34d669d10f0],

Dateien: 11
Adware.ADON, C:\Users\Schnagendorff\Downloads\Setup_ClearProg_1.6.0_Final.exe, In Quarantäne, [d82ef747126ad16504a691c5ff062fd1],
PUP.Optional.SweetIM, C:\Users\Schnagendorff\Downloads\FlashPlayerSDM.exe, In Quarantäne, [5baba49abdbf023451469fd5b0553ec2],
PUP.Optional.RegCleanerPro, C:\Users\Schnagendorff\Downloads\rcpsetup_2005_file.net_ab_DE-iFFHint.exe, In Quarantäne, [e521ba841567d06680a1d05538c99b65],
PUP.Optional.ClientConnect, C:\Users\Schnagendorff\AppData\Local\TB\APISupport\APISupport.dll, In Quarantäne, [798d8ab4e09c43f36077eccdcd3403fd],
PUP.Optional.ClientConnect, C:\Users\Schnagendorff\AppData\Local\TB\APISupport\APISupport.old, In Quarantäne, [9274ed5198e485b13a9da613f40d758b],
PUP.Optional.SweetIM, C:\Windows\Installer\aff4041.msi, In Quarantäne, [21e577c734489e98aaed89eb1ee712ee],
PUP.Optional.SweetIM, C:\Windows\Installer\aff4048.msi, In Quarantäne, [fc0ac6781963bb7bafe84d278085748c],
PUP.Optional.SweetIM, C:\Windows\Installer\aff404f.msi, In Quarantäne, [947270ced6a659ddfd9a571d6b9a4db3],
PUP.Optional.Conduit.A, C:\Users\Schnagendorff\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_app.mam.vaccint.com_0.localstorage-journal, In Quarantäne, [907672cc304c9b9b8301d886877cd62a],
PUP.Optional.SearchProtect, C:\Windows\AppPatch\Custom\Custom64\{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb, In Quarantäne, [9472d66816669d99f76d565a51b3bc44],
PUP.Optional.Conduit.A, C:\Users\Schnagendorff\AppData\Local\TB\APISupport\MiniSP_1.0.4.9\MiniSP32.dll, In Quarantäne, [848254eae19bff371f7ad34d669d10f0],

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)

Code:
# AdwCleaner v4.111 - Bericht erstellt 08/03/2015 um 20:23:01
# Aktualisiert 18/02/2015 von Xplode
# Datenbank : 2015-03-05.1 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64)
# Benutzername : Schnagendorff - SCHNAGENDORFF01
# Gestarted von : C:\Users\Schnagendorff\Desktop\AdwCleaner_4.111.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Program Files (x86)\AskPartnerNetwork

***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnTbMon]
Schlüssel Gelöscht : HKCU\Software\AskPartnerNetwork
Schlüssel Gelöscht : HKLM\SOFTWARE\AskPartnerNetwork

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17631


-\\ Mozilla Firefox v36.0 (x86 de)

[e3y8gbvs.default\prefs.js] - Zeile Gelöscht : user_pref("browser.uiCustomization.state", "{\"placements\":{\"PanelUI-contents\":[\"edit-controls\",\"zoom-controls\",\"new-window-button\",\"privatebrowsing-button\",\"save-page-button\",\"print-but[...]

-\\ Google Chrome v40.0.2214.115


*************************

AdwCleaner[R0].txt - [1403 Bytes] - [08/03/2015 20:19:58]
AdwCleaner[S0].txt - [1274 Bytes] - [08/03/2015 20:23:01]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1333  Bytes] ##########

Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.3 (03.01.2015:1)
OS: Windows 7 Home Premium x64
Ran by Schnagendorff on 08.03.2015 at 20:28:40,42
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] "hkey_current_user\software\classes\typelib\{006ad7b2-968a-11de-88c9-5bde55d89593}"
Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\low rights\elevationpolicy\{a5aa24ea-11b8-4113-95ae-9ed71deaf12a}"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9"
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Schnagendorff\appdata\local\cre"
Successfully deleted: [Folder] "C:\Program Files (x86)\myfree codec"



~~~ FireFox

Successfully deleted: [Folder] C:\Users\Schnagendorff\AppData\Roaming\mozilla\firefox\profiles\e3y8gbvs.default\smartbar
Successfully deleted: [Folder] C:\Users\Schnagendorff\AppData\Roaming\mozilla\firefox\profiles\e3y8gbvs.default\extensions\staged
Successfully deleted: [Folder] C:\Users\Schnagendorff\AppData\Roaming\mozilla\firefox\profiles\e3y8gbvs.default\extensions\toolbar@gmx.net
Successfully deleted the following from C:\Users\Schnagendorff\AppData\Roaming\mozilla\firefox\profiles\e3y8gbvs.default\prefs.js

user_pref("CT3281675.1000082.isPlayDisplay", "true");
user_pref("CT3281675.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description\":\"California Rock - Rock\",\"url\":\"hxxp://www.feedlive.net/california.
user_pref("CT3281675.1000234.TWC_TMP_city", "MUENCHEN");
user_pref("CT3281675.1000234.TWC_TMP_country", "DE");
user_pref("CT3281675.1000234.TWC_country", "GERMANY");
user_pref("CT3281675.1000234.TWC_locId", "GMBY0074");
user_pref("CT3281675.1000234.TWC_location", "Muenchen, Germany");
user_pref("CT3281675.1000234.TWC_region", "DE");
user_pref("CT3281675.1000234.TWC_temp_dis", "c");
user_pref("CT3281675.1000234.TWC_wind_dis", "kmh");
user_pref("CT3281675.1000234.weatherData", "{\"icon\":\"11.png\",\"temperature\":\"11°C\",\"temperatureClear\":\"11°C\",\"highTemperature\":\"11°C\",\"lowTemperature\":\"5°C\"
user_pref("CT3281675.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT3281675.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT3281675.FirstTime", "true");
user_pref("CT3281675.FirstTimeFF3", "true");
user_pref("CT3281675.PG_ENABLE", "dHJ1ZQ==");
user_pref("CT3281675.UserID", "UN56712697771731479");
user_pref("CT3281675.addressBarTakeOverEnabledInHidden", "true");
user_pref("CT3281675.amazonNew_All.enc", "MjM0MzkxLDM3NTUxNTEsMzgxMTA5MSwzNzg3MDgxLDIwMTMwNjdoQUJ4YjQ0MFNRU2NaTXZvNzhZaEpRLDM4MDA1NzEsMzgxMTMwMSwyMzQ3MTEsMzgyODgzMSwzODI4ODExL
user_pref("CT3281675.appButtonDisablenull.enc", "MA==");
user_pref("CT3281675.autoDisableScopes", -1);
user_pref("CT3281675.browser.search.defaultthis.engineName", true);
user_pref("CT3281675.defaultSearch", "true");
user_pref("CT3281675.enableAlerts", "always");
user_pref("CT3281675.enableFix404ByUser", "FALSE");
user_pref("CT3281675.enableSearchFromAddressBar", "true");
user_pref("CT3281675.firstTimeDialogOpened", "true");
user_pref("CT3281675.fixPageNotFoundError", "true");
user_pref("CT3281675.fixPageNotFoundErrorByUser", "true");
user_pref("CT3281675.fixPageNotFoundErrorInHidden", "true");
user_pref("CT3281675.fixUrls", true);
user_pref("CT3281675.homepageuserchanged", true);
user_pref("CT3281675.hxxp___pinterest_aot_im.isEnabled.enc", "WQ==");
user_pref("CT3281675.isCheckedStartAsHidden", true);
user_pref("CT3281675.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT3281675.isFirstTimeToolbarLoading", "false");
user_pref("CT3281675.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
user_pref("CT3281675.keyword", true);
user_pref("CT3281675.lastVersion", "10.14.65.43");
user_pref("CT3281675.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
user_pref("CT3281675.migrateAppsAndComponents", true);
user_pref("CT3281675.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"about%3Aaddons\",\"EB_MAIN_FRAME_TITLE\":\"\",\"EB_SEARCH_TERM\":\"\",\"EB_TOOLBAR_SUB_DOMAIN\":\"hxxp:/
user_pref("CT3281675.openThankYouPage", "false");
user_pref("CT3281675.openUninstallPage", "true");
user_pref("CT3281675.price-gong.isManagedApp", "true");
user_pref("CT3281675.revertSettingsEnabled", "false");
user_pref("CT3281675.search.searchAppId", "130036105453116013");
user_pref("CT3281675.search.searchCount", "0");
user_pref("CT3281675.searchFromAddressBarEnabledByUser", "true");
user_pref("CT3281675.searchInNewTabEnabledByUser", "true");
user_pref("CT3281675.searchInNewTabEnabledInHidden", "true");
user_pref("CT3281675.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT3281675.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
user_pref("CT3281675.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
user_pref("CT3281675.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3281675\"}");
user_pref("CT3281675.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://entrusted.OurToolbar.com//xpi\"}");
user_pref("CT3281675.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"entrusted\"}");
user_pref("CT3281675.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT3281675.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1362857400344");
user_pref("CT3281675.serviceLayer_services_appsMetadata_lastUpdate", "1362857400286");
user_pref("CT3281675.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1362857400178");
user_pref("CT3281675.serviceLayer_services_location_lastUpdate", "1362857396373");
user_pref("CT3281675.serviceLayer_services_login_10.14.65.43_lastUpdate", "1363166442727");
user_pref("CT3281675.serviceLayer_services_menu_bfd1c71334f926ecd0bf043e0f822c7e_lastUpdate", "1362917736232");
user_pref("CT3281675.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1362857400236");
user_pref("CT3281675.serviceLayer_services_searchAPI_lastUpdate", "1362857396587");
user_pref("CT3281675.serviceLayer_services_serviceMap_lastUpdate", "1363104187049");
user_pref("CT3281675.serviceLayer_services_setupAPI_lastUpdate", "1362857398995");
user_pref("CT3281675.serviceLayer_services_toolbarContextMenu_lastUpdate", "1362857400124");
user_pref("CT3281675.serviceLayer_services_toolbarSettings_lastUpdate", "1363166442629");
user_pref("CT3281675.serviceLayer_services_translation_lastUpdate", "1363104187325");
user_pref("CT3281675.settingsINI", true);
user_pref("CT3281675.shouldFirstTimeDialog", "false");
user_pref("CT3281675.startPage", "true");
user_pref("CT3281675.toolbarBornServerTime", "9-3-2013");
user_pref("CT3281675.toolbarCurrentServerTime", "13-3-2013");
user_pref("CT3281675.toolbarDisabled", "true");
user_pref("CT3281675.twitter_v1.8.0_twitter_app_open_t_f.enc", "ZmFsc2U=");
user_pref("CT3281675_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1363167589404,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}
user_pref("browser.search.defaulturl", "hxxp://securesearch.lavasoft.com/?source=f439e2c0&tbp=homepage&toolbarid=adawaretb&v=2_5&u=FF6138F0ADD1C3D1144DD7513B90F08B");
Emptied folder: C:\Users\Schnagendorff\AppData\Roaming\mozilla\firefox\profiles\e3y8gbvs.default\minidumps [2098 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 08.03.2015 at 20:34:08,30
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-03-2015 03
Ran by Schnagendorff (administrator) on SCHNAGENDORFF01 on 08-03-2015 20:37:33
Running from C:\Users\Schnagendorff\Desktop
Loaded Profiles: Schnagendorff (Available profiles: Schnagendorff)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_38986e29a8b510a2\stacsv64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
() C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
() C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
(ATK) C:\Program Files\P4G\BatteryLife.exe
(ATK) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(ASUS) C:\Windows\AsScrPro.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(AlcorMicro Co., Ltd.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Sonix Technology Co., Ltd.) C:\Windows\vsnp2uvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup_ultimateprotectionsuite.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\perfhost.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Thisisu) C:\Users\Schnagendorff\Desktop\JRT.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [621440 2009-09-30] (ELAN Microelectronic Corp.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2009-11-27] (IDT, Inc.)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323584 2009-09-01] (AlcorMicro Co., Ltd.)
HKLM\...\Run: [snp2uvc] => C:\Windows\vsnp2uvc.exe [909824 2010-01-21] (Sonix Technology Co., Ltd.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2818800 2014-08-25] (Synaptics Incorporated)
HKLM-x32\...\Run: [UpdateLBPShortCut] => C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-11-11] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [6998656 2009-10-27] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [127792 2015-02-12] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [111928 2013-05-03] (Intel Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [704248 2015-03-05] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-18\...\RunOnce: [Del1054220420] => cmd.exe /Q /D /c del "C:\Windows\TEMP\0.del" <===== ATTENTION
HKU\S-1-5-18\...\RunOnce: [Del14217494] => cmd.exe /Q /D /c del "C:\Windows\TEMP\0.del" <===== ATTENTION
HKU\S-1-5-18\...\RunOnce: [Del196020638] => cmd.exe /Q /D /c del "C:\Windows\TEMP\0.del" <===== ATTENTION
HKU\S-1-5-18\...\RunOnce: [Del11550189] => cmd.exe /Q /D /c del "C:\Windows\TEMP\0.del" <===== ATTENTION
HKU\S-1-5-18\...\RunOnce: [Del100880838] => cmd.exe /Q /D /c del "C:\Windows\TEMP\0.del" <===== ATTENTION
HKU\S-1-5-18\...\RunOnce: [Del286916508] => cmd.exe /Q /D /c del "C:\Windows\TEMP\0.del" <===== ATTENTION
HKU\S-1-5-18\...\RunOnce: [Del357147612] => cmd.exe /Q /D /c del "C:\Windows\TEMP\0.del" <===== ATTENTION
HKU\S-1-5-18\...\RunOnce: [Del467723976] => cmd.exe /Q /D /c del "C:\Windows\TEMP\0.del" <===== ATTENTION
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\service\AsusWSShellExt64.dll (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\service\AsusWSShellExt64.dll (eCareme Technologies, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-774983500-107182102-3582295664-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:51390;https=127.0.0.1:51390
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-774983500-107182102-3582295664-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/?pc=COSP&ptag=D022115-A6B219395BABB4E59ADF&form=CONMHP&conlogo=CT3332005
HKU\S-1-5-21-774983500-107182102-3582295664-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-774983500-107182102-3582295664-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
SearchScopes: HKU\S-1-5-21-774983500-107182102-3582295664-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: Windows Live Family Safety Browser Helper Class -> {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} -> C:\Program Files\Windows Live\Family Safety\fssbho.dll [2008-12-08] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2010-08-06] (Google Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll [2010-08-06] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-04] (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2010-08-06] (Google Inc.)
BHO-x32: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll [2010-08-06] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Google Dictionary Compression sdch -> {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} -> C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2010-08-06] (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-04] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2010-08-06] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2010-08-06] (Google Inc.)
Toolbar: HKU\S-1-5-21-774983500-107182102-3582295664-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Schnagendorff\AppData\Roaming\Mozilla\Firefox\Profiles\e3y8gbvs.default
FF NewTab: hxxp://www.bing.com/?pc=COSP&ptag=D022115-A6B219395BABB4E59ADF&form=CONMHP&conlogo=CT3332005
FF SelectedSearchEngine: Bing
FF Homepage: https://www.google.de/
FF Keyword.URL:
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-04] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-04] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-04] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-04] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8051.1204 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2008-12-04] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll [2013-07-26] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-774983500-107182102-3582295664-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Schnagendorff\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-01-21] (Citrix Online)
FF Plugin HKU\S-1-5-21-774983500-107182102-3582295664-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Schnagendorff\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Extension: 20-20 3D Viewer - IKEA - C:\Users\Schnagendorff\AppData\Roaming\Mozilla\Firefox\Profiles\e3y8gbvs.default\Extensions\2020Player_IKEA@2020Technologies.com [2014-01-17]
FF Extension: Avira Browser Safety - C:\Users\Schnagendorff\AppData\Roaming\Mozilla\Firefox\Profiles\e3y8gbvs.default\Extensions\abs@avira.com [2015-02-25]
FF Extension: Lavasoft Search Plugin - C:\Users\Schnagendorff\AppData\Roaming\Mozilla\Firefox\Profiles\e3y8gbvs.default\Extensions\jid1-yZwVFzbsyfMrqQ@jetpack [2013-03-09]
FF Extension: Zoom It - C:\Users\Schnagendorff\AppData\Roaming\Mozilla\Firefox\Profiles\e3y8gbvs.default\Extensions\{79e5e2aa-ce59-fdac-82a6-7bac7f83c4af} [2015-03-04]
FF Extension: Zoom It - C:\Users\Schnagendorff\AppData\Roaming\Mozilla\Firefox\Profiles\e3y8gbvs.default\Extensions\{942d977d-27a2-b922-0361-13155829595f} [2015-03-07]
FF Extension: DownloadHelper - C:\Users\Schnagendorff\AppData\Roaming\Mozilla\Firefox\Profiles\e3y8gbvs.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-05]
FF Extension: OLB - C:\Users\Schnagendorff\AppData\Roaming\Mozilla\Firefox\Profiles\e3y8gbvs.default\Extensions\{C752FF21-A8EF-468E-B507-5BBAFB84359D} [2014-08-26]
FF Extension: entrusted  - C:\Users\Schnagendorff\AppData\Roaming\Mozilla\Firefox\Profiles\e3y8gbvs.default\Extensions\{e44a1809-4d10-4ab8-b343-3326b64c7cdd} [2013-09-10]
FF Extension: Adblock Plus - C:\Users\Schnagendorff\AppData\Roaming\Mozilla\Firefox\Profiles\e3y8gbvs.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-25]
FF Extension: {e794c1e8-6f9e-4ddd-9918-bc7a784b7812} - C:\Users\Schnagendorff\AppData\Roaming\Mozilla\Firefox\Profiles\e3y8gbvs.default\Extensions\{e794c1e8-6f9e-4ddd-9918-bc7a784b7812}.xpi [2015-02-21]
FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2012-11-10]

Chrome:
=======
CHR DefaultSuggestURL: Default -> hxxp://ssmsp.ask.com/query?sstype=prefix&li=ff&q={searchTerms}
CHR Profile: C:\Users\Schnagendorff\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Schnagendorff\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-09]
CHR Extension: (Avira Browser Safety) - C:\Users\Schnagendorff\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-03-02]
CHR Extension: (Google Wallet) - C:\Users\Schnagendorff\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-09]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [806192 2015-03-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2015-03-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2015-03-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [992048 2015-03-05] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [184056 2015-02-12] (Avira Operations GmbH & Co. KG)
S3 lxci_device; C:\Windows\system32\lxcicoms.exe [452608 2006-05-15] ( )
S3 lxci_device; C:\Windows\SysWOW64\lxcicoms.exe [537520 2007-02-01] ( )
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S4 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-07-26] (Nitro PDF Software)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_38986e29a8b510a2\STacSV64.exe [243712 2009-11-27] (IDT, Inc.)
S4 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [191728 2014-08-25] (Synaptics Incorporated)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-03-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-03-05] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-11-24] (Avira Operations GmbH & Co. KG)
S3 AVMCOWAN; C:\Windows\System32\DRIVERS\AVMCOWAN.sys [105472 2006-12-08] (AVM GmbH) [File not signed]
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-03-05] (Avira Operations GmbH & Co. KG)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-03-20] () [File not signed]
S3 fxusbase; C:\Windows\System32\DRIVERS\fxusbase.sys [706560 2006-12-08] (AVM Berlin) [File not signed]
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-03-09] (GFI Software)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-03-08] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
S3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [31472 2014-08-25] (Synaptics Incorporated)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1800832 2010-09-07] (Sonix Technology Co., Ltd.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
U3 tmlwf; No ImagePath
U3 tmwfp; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-08 20:37 - 2015-03-08 20:38 - 00022630 _____ () C:\Users\Schnagendorff\Desktop\FRST.txt
2015-03-08 20:37 - 2015-03-08 20:37 - 00000000 ____D () C:\Users\Schnagendorff\Desktop\FRST-OlderVersion
2015-03-08 20:34 - 2015-03-08 20:34 - 00008712 _____ () C:\Users\Schnagendorff\Desktop\JRT.txt
2015-03-08 20:27 - 2015-03-08 20:27 - 01388333 _____ (Thisisu) C:\Users\Schnagendorff\Desktop\JRT.exe
2015-03-08 20:26 - 2015-03-08 20:26 - 00001413 _____ () C:\Users\Schnagendorff\Desktop\AdwCleaner[S0].txt
2015-03-08 20:18 - 2015-03-08 20:23 - 00000000 ____D () C:\AdwCleaner
2015-03-08 20:18 - 2015-03-08 20:18 - 02126848 _____ () C:\Users\Schnagendorff\Desktop\AdwCleaner_4.111.exe
2015-03-08 20:17 - 2015-03-08 20:17 - 00003935 _____ () C:\Users\Schnagendorff\Desktop\mbam.txt
2015-03-08 20:13 - 2015-03-08 20:14 - 00000000 ____D () C:\Users\Schnagendorff\Desktop\Trojaner Board
2015-03-08 19:45 - 2015-03-08 20:26 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-08 19:45 - 2015-03-08 19:45 - 00001064 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-03-08 19:45 - 2015-03-08 19:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-08 19:45 - 2015-03-08 19:45 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-08 19:45 - 2015-03-08 19:45 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-03-08 19:45 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-08 19:45 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-08 19:45 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-08 19:41 - 2015-03-08 19:41 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Schnagendorff\Desktop\mbam-setup-2.0.4.1028.exe
2015-03-07 13:42 - 2015-03-07 13:50 - 00000000 ____D () C:\ComboFix
2015-03-07 10:46 - 2015-03-08 20:23 - 00005750 _____ () C:\Windows\PFRO.log
2015-03-07 10:38 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-03-07 10:38 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-03-07 10:38 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-03-07 10:38 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-03-07 10:38 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-03-07 10:38 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-03-07 10:38 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-03-07 10:38 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-03-07 10:34 - 2015-03-07 10:34 - 05612482 ____R (Swearware) C:\Users\Schnagendorff\Desktop\ComboFix.exe
2015-03-07 10:22 - 2015-03-07 10:22 - 00000841 _____ () C:\Users\Schnagendorff\Desktop\Run Hunter Mode.lnk
2015-03-07 10:19 - 2015-03-07 10:24 - 00000000 ____D () C:\Qoobox
2015-03-07 10:18 - 2015-03-07 10:51 - 00000000 ____D () C:\Windows\erdnt
2015-03-07 10:10 - 2015-03-07 10:10 - 00000771 _____ () C:\Users\Schnagendorff\Desktop\Revo Uninstaller.lnk
2015-03-07 10:09 - 2015-03-07 10:09 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Schnagendorff\Downloads\revosetup95.exe
2015-03-06 12:36 - 2015-03-06 12:36 - 00007822 _____ () C:\Users\Schnagendorff\Downloads\Avira Ereignisse.txt
2015-03-06 11:44 - 2015-03-06 11:44 - 00380416 _____ () C:\Users\Schnagendorff\Desktop\Gmer-19357.exe
2015-03-06 11:40 - 2015-03-08 20:37 - 00000000 ____D () C:\FRST
2015-03-06 11:39 - 2015-03-08 20:37 - 02095104 _____ (Farbar) C:\Users\Schnagendorff\Desktop\FRST64.exe
2015-03-06 11:37 - 2015-03-06 11:37 - 00000000 _____ () C:\Users\Schnagendorff\defogger_reenable
2015-03-06 11:36 - 2015-03-06 11:36 - 00050477 _____ () C:\Users\Schnagendorff\Downloads\Defogger (1).exe
2015-03-06 11:34 - 2015-03-06 11:34 - 00050477 _____ () C:\Users\Schnagendorff\Desktop\Defogger.exe
2015-03-06 10:06 - 2015-03-06 10:13 - 00000000 ____D () C:\Users\Schnagendorff\Desktop\Global Well
2015-03-04 15:16 - 2015-03-08 20:23 - 00000504 _____ () C:\Windows\setupact.log
2015-03-04 15:16 - 2015-03-04 15:16 - 00000000 _____ () C:\Windows\setuperr.log
2015-03-04 09:07 - 2015-03-04 09:08 - 00652800 _____ () C:\Users\Schnagendorff\Downloads\MicrosoftFixit50362.msi
2015-03-04 09:06 - 2015-03-04 09:06 - 00000420 _____ () C:\DelFix.txt
2015-03-04 08:32 - 2015-03-04 08:32 - 00000000 ____D () C:\Windows\Sun
2015-03-04 08:30 - 2015-01-09 04:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-03-04 08:30 - 2015-01-09 04:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-03-04 08:30 - 2015-01-09 04:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-03-04 08:30 - 2015-01-09 03:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2015-03-04 08:25 - 2015-03-04 08:25 - 00561576 _____ (Oracle Corporation) C:\Users\Schnagendorff\Downloads\chromeinstall-8u40.exe
2015-03-03 08:30 - 2015-03-03 08:30 - 00001121 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-03-03 08:29 - 2015-03-03 08:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-03 08:29 - 2015-03-03 08:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-02 23:45 - 2015-03-02 23:45 - 00243576 _____ () C:\Users\Schnagendorff\Downloads\Firefox Setup Stub 36.0.exe
2015-03-02 23:08 - 2015-03-04 08:57 - 00000000 ____D () C:\Users\Schnagendorff\AppData\Local\AviraSpeedup
2015-03-02 23:08 - 2015-03-02 23:08 - 00001283 _____ () C:\Users\Public\Desktop\Avira System Speedup.lnk
2015-03-02 23:08 - 2015-03-02 23:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AviraSpeedup
2015-03-02 23:06 - 2015-03-02 23:06 - 04568832 _____ (2000 - 2015 Avira Operations GmbH & Co. KG ) C:\Users\Schnagendorff\Downloads\avira_speedup_ultimateprotectionsuite.exe
2015-03-02 23:06 - 2015-03-02 23:06 - 00003368 _____ () C:\Windows\System32\Tasks\AviraSpeedup
2015-03-02 23:05 - 2015-03-02 23:05 - 00000000 ____D () C:\Users\Schnagendorff\AppData\Roaming\Avira
2015-03-02 23:04 - 2015-03-05 12:17 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-03-02 23:04 - 2015-03-05 12:17 - 00128536 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-03-02 23:04 - 2015-03-05 12:17 - 00044088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-03-02 23:04 - 2015-03-02 23:04 - 00002028 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2015-03-02 23:04 - 2014-11-24 10:23 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2015-03-02 23:00 - 2015-03-02 23:01 - 175605432 _____ () C:\Users\Schnagendorff\Downloads\avira_antivirus_pro_de.exe
2015-03-02 22:04 - 2015-03-02 22:04 - 04582672 _____ (Avira Operations & Co. KG) C:\Users\Schnagendorff\Downloads\avira_de_av_5881315009__ws.exe
2015-03-02 21:41 - 2015-03-02 21:41 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2015-03-02 21:39 - 2015-03-02 21:39 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
2015-03-02 21:39 - 2015-03-02 21:39 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01011.Wdf
2015-03-02 21:39 - 2015-03-02 21:39 - 00000000 ____D () C:\Program Files\Synaptics
2015-03-02 21:38 - 2014-08-25 17:22 - 00750320 _____ (Synaptics Incorporated) C:\Windows\system32\SynCOM.dll
2015-03-02 21:38 - 2014-08-25 17:22 - 00546032 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\SynTP.sys
2015-03-02 21:38 - 2014-08-25 17:22 - 00407280 _____ (Synaptics Incorporated) C:\Windows\SysWOW64\SynCom.dll
2015-03-02 21:38 - 2014-08-25 17:22 - 00255216 _____ (Synaptics Incorporated) C:\Windows\system32\SynTPAPI.dll
2015-03-02 21:38 - 2014-08-25 17:22 - 00208624 _____ (Synaptics Incorporated) C:\Windows\system32\SynTPCo20.dll
2015-03-02 21:38 - 2014-08-25 17:22 - 00031472 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\Smb_driver_Intel.sys
2015-03-02 21:38 - 2013-04-16 18:33 - 01795952 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01011.dll
2015-03-02 21:33 - 2015-03-02 21:50 - 00000000 ____D () C:\drivertemp
2015-03-02 21:15 - 2015-03-02 21:15 - 05777320 _____ (SuperEasy Software GmbH & Co. KG ) C:\Users\Schnagendorff\Downloads\supereasy_driver_updater_1.1.1_7870.exe
2015-03-02 21:15 - 2015-03-02 21:15 - 00000000 ____D () C:\Users\Schnagendorff\AppData\Roaming\Nitro PDF
2015-03-02 20:54 - 2015-03-02 20:54 - 00000000 ____D () C:\Users\Schnagendorff\AppData\Roaming\Chip Digital GmbH
2015-03-02 09:42 - 2015-03-02 09:42 - 00001169 _____ () C:\Users\Public\Desktop\Avira.lnk
2015-03-02 09:41 - 2015-03-02 09:41 - 04582672 _____ (Avira Operations & Co. KG) C:\Users\Schnagendorff\Downloads\avira_de_uppro_21353280_w9qz89wi8m2jo9ezvl6r_wd.exe
2015-03-02 09:41 - 2015-03-02 09:41 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-27 14:29 - 2015-02-27 14:29 - 00000000 _____ () C:\Users\Schnagendorff\Desktop\Neue Bitmap (2).bmp
2015-02-25 14:30 - 2015-01-09 00:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
2015-02-25 14:30 - 2015-01-09 00:43 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-02-25 09:28 - 2015-02-25 09:28 - 01494894 _____ () C:\Users\Schnagendorff\Desktop\Präsentation Yo-You-Effekt 2.pptx
2015-02-21 11:17 - 2015-02-21 11:17 - 00000000 ____D () C:\Users\Schnagendorff\AppData\Roaming\dlg
2015-02-21 11:15 - 2015-02-21 11:15 - 00000000 ____D () C:\Users\Schnagendorff\AppData\Roaming\Nitro
2015-02-21 11:15 - 2015-02-21 11:15 - 00000000 ____D () C:\Users\Schnagendorff\AppData\Roaming\FileOpen
2015-02-21 11:15 - 2015-02-21 11:15 - 00000000 ____D () C:\ProgramData\FileOpen
2015-02-21 11:14 - 2015-02-21 11:14 - 00002499 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nitro Reader 3.lnk
2015-02-21 11:14 - 2015-02-21 11:14 - 00002005 _____ () C:\Users\Public\Desktop\Nitro Reader.lnk
2015-02-21 11:14 - 2015-02-21 11:14 - 00000000 ____D () C:\ProgramData\Nitro
2015-02-21 11:14 - 2015-02-21 11:14 - 00000000 ____D () C:\Program Files\Common Files\Nitro
2015-02-21 11:14 - 2015-02-21 11:14 - 00000000 ____D () C:\Program Files (x86)\Nitro
2015-02-21 11:14 - 2013-07-26 06:57 - 00029712 _____ (Nitro PDF Software) C:\Windows\system32\nitrolocalmon2.dll
2015-02-21 11:14 - 2013-07-26 06:57 - 00017936 _____ (Nitro PDF Software) C:\Windows\system32\nitrolocalui2.dll
2015-02-21 11:09 - 2015-02-21 11:13 - 00000000 ____D () C:\Users\Schnagendorff\AppData\Roaming\Downloaded Installations
2015-02-21 11:08 - 2015-02-25 12:49 - 00002960 _____ () C:\Windows\SysWOW64\LavasoftTcpServiceOff.ini
2015-02-21 11:08 - 2015-02-25 12:49 - 00002960 _____ () C:\Windows\system32\LavasoftTcpServiceOff.ini
2015-02-21 11:08 - 2015-02-18 11:55 - 00372264 _____ (Lavasoft Limited) C:\Windows\system32\LavasoftTcpService64.dll
2015-02-21 11:08 - 2015-02-18 11:55 - 00326240 _____ (Lavasoft Limited) C:\Windows\SysWOW64\LavasoftTcpService.dll
2015-02-13 10:49 - 2015-01-23 05:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-13 10:49 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-13 10:49 - 2015-01-23 04:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-13 10:49 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-11 08:53 - 2015-02-04 04:16 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-11 08:53 - 2015-02-04 04:16 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-11 08:53 - 2015-02-04 04:16 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-11 08:53 - 2015-02-04 04:16 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-11 08:53 - 2015-02-04 04:16 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-11 08:53 - 2015-02-04 04:16 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-02-11 08:53 - 2015-02-04 04:13 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-11 08:53 - 2015-01-28 00:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-02-11 08:53 - 2015-01-14 06:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-11 08:53 - 2015-01-14 06:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-11 08:53 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 08:53 - 2015-01-12 04:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-11 08:53 - 2015-01-12 04:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-11 08:53 - 2015-01-12 03:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-11 08:53 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 08:53 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 08:53 - 2015-01-12 03:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-11 08:53 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-11 08:53 - 2015-01-12 03:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-11 08:53 - 2015-01-12 03:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-11 08:53 - 2015-01-12 03:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-11 08:53 - 2015-01-12 03:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-11 08:53 - 2015-01-12 03:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-11 08:53 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-11 08:53 - 2015-01-12 03:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-11 08:53 - 2015-01-12 03:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-11 08:53 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 08:53 - 2015-01-12 03:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-11 08:53 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-11 08:53 - 2015-01-12 03:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-11 08:53 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 08:53 - 2015-01-12 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-11 08:53 - 2015-01-12 03:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-11 08:53 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-11 08:53 - 2015-01-12 03:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-11 08:53 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-11 08:53 - 2015-01-12 03:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-11 08:53 - 2015-01-12 02:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-11 08:53 - 2015-01-12 02:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-11 08:53 - 2015-01-12 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-11 08:53 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 08:53 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-11 08:53 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 08:53 - 2015-01-12 02:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-11 08:53 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-11 08:53 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 08:53 - 2015-01-12 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-11 08:53 - 2015-01-12 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-11 08:53 - 2015-01-12 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-11 08:53 - 2015-01-12 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-11 08:53 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 08:53 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-11 08:53 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-11 08:53 - 2015-01-12 02:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-11 08:53 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-11 08:53 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 08:53 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-11 08:53 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-11 08:53 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-11 08:53 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-11 08:53 - 2015-01-10 07:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-11 08:53 - 2015-01-10 07:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-11 08:53 - 2015-01-10 07:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-11 08:53 - 2015-01-10 07:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-11 08:53 - 2015-01-10 07:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-11 08:53 - 2015-01-10 07:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-11 08:53 - 2015-01-10 07:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-11 08:53 - 2015-01-10 07:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-11 08:53 - 2015-01-10 07:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-11 08:53 - 2015-01-10 07:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-11 08:53 - 2015-01-10 07:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-11 08:53 - 2015-01-10 07:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-11 08:53 - 2015-01-10 07:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-11 08:53 - 2015-01-10 07:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-11 08:52 - 2015-01-15 09:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 08:52 - 2015-01-15 09:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-11 08:52 - 2015-01-15 09:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 08:52 - 2015-01-15 09:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-11 08:52 - 2015-01-15 09:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-11 08:52 - 2015-01-15 09:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-11 08:52 - 2015-01-15 09:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-11 08:52 - 2015-01-15 09:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-11 08:52 - 2015-01-15 09:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-11 08:52 - 2015-01-15 09:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-11 08:52 - 2015-01-15 09:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 08:52 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-11 08:52 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-11 08:52 - 2015-01-15 08:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-11 08:52 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-11 08:52 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-11 08:52 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-11 08:52 - 2015-01-15 05:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 08:52 - 2015-01-14 07:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 08:52 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-11 08:52 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-11 08:52 - 2015-01-13 04:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 08:52 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-11 08:52 - 2014-12-12 06:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-11 08:52 - 2014-12-12 06:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-11 08:52 - 2014-12-08 04:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 08:52 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-11 08:52 - 2014-11-26 04:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 08:52 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-11 08:52 - 2014-10-04 03:10 - 03722752 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-02-11 08:52 - 2014-10-04 02:42 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-02-11 08:52 - 2014-10-04 02:42 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2015-02-11 08:51 - 2015-01-14 07:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-11 08:51 - 2015-01-14 07:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-11 08:51 - 2015-01-14 07:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-11 08:51 - 2015-01-14 06:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-11 08:51 - 2015-01-09 03:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-08 20:37 - 2010-08-06 19:49 - 01201557 _____ () C:\Windows\WindowsUpdate.log
2015-03-08 20:34 - 2012-07-11 12:58 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-08 20:32 - 2009-07-14 05:45 - 00018832 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-08 20:32 - 2009-07-14 05:45 - 00018832 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-08 20:30 - 2009-08-04 10:51 - 00700134 _____ () C:\Windows\system32\perfh007.dat
2015-03-08 20:30 - 2009-08-04 10:51 - 00149984 _____ () C:\Windows\system32\perfc007.dat
2015-03-08 20:30 - 2009-07-14 06:13 - 01622300 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-08 20:24 - 2010-08-06 20:09 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-08 20:23 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-08 20:09 - 2010-08-06 20:31 - 00001634 _____ () C:\Windows\system32\ServiceFilter.ini
2015-03-08 20:07 - 2014-05-02 20:40 - 00000000 ____D () C:\Users\Schnagendorff\AppData\Local\TB
2015-03-08 19:53 - 2010-08-06 20:09 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-08 10:33 - 2011-10-09 19:57 - 00001148 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-774983500-107182102-3582295664-1000Core.job
2015-03-08 10:25 - 2011-10-09 19:57 - 00001170 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-774983500-107182102-3582295664-1000UA.job
2015-03-07 13:48 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-03-06 12:47 - 2010-10-12 08:04 - 00000000 ____D () C:\Users\Schnagendorff\AppData\Roaming\Adobe
2015-03-06 11:37 - 2010-10-11 21:00 - 00000000 ____D () C:\Users\Schnagendorff
2015-03-04 15:16 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing
2015-03-04 08:28 - 2014-01-15 13:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-03-04 08:27 - 2014-01-15 13:36 - 00000000 ____D () C:\ProgramData\Oracle
2015-03-04 08:27 - 2014-01-15 13:35 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-03-04 08:27 - 2014-01-15 13:35 - 00000000 ____D () C:\Program Files (x86)\Java
2015-03-02 23:40 - 2010-10-12 08:32 - 00000000 ____D () C:\Users\Schnagendorff\Desktop\Anwendungen
2015-03-02 23:36 - 2009-07-14 05:45 - 00409144 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-02 23:11 - 2011-02-10 20:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2015-03-02 23:08 - 2010-10-11 21:00 - 00109696 _____ () C:\Users\Schnagendorff\AppData\Local\GDIPFONTCACHEV1.DAT
2015-03-02 23:06 - 2013-03-10 11:23 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-03-02 23:04 - 2013-03-10 11:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-03-02 23:04 - 2011-10-21 07:53 - 00000000 ____D () C:\ProgramData\Avira
2015-03-02 21:56 - 2010-08-06 20:31 - 00002254 _____ () C:\Windows\system32\AutoRunFilter.ini
2015-03-02 21:41 - 2010-08-06 20:18 - 00000000 ____D () C:\Program Files (x86)\Intel
2015-03-02 09:50 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-02-25 13:10 - 2014-07-01 13:35 - 00000000 ____D () C:\ProgramData\eBay
2015-02-25 13:08 - 2015-01-21 19:06 - 00000000 ____D () C:\Users\Schnagendorff\AppData\Local\Citrix
2015-02-25 12:49 - 2013-03-09 20:46 - 00000000 ____D () C:\ProgramData\Lavasoft
2015-02-24 22:25 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2015-02-20 13:27 - 2011-04-10 12:24 - 00000000 ____D () C:\Users\Schnagendorff\Documents\Axel Praxis
2015-02-13 11:32 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-02-11 20:12 - 2014-12-15 12:41 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-11 20:12 - 2014-05-06 12:24 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-11 18:27 - 2011-04-11 09:21 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-11 18:27 - 2009-07-14 03:34 - 00000478 _____ () C:\Windows\win.ini
2015-02-11 18:23 - 2013-07-27 12:34 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-11 18:15 - 2010-10-12 08:19 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Files in the root of some directories =======

2011-12-01 12:33 - 2011-12-01 12:33 - 0000000 _____ () C:\Users\Schnagendorff\AppData\Local\{7D926FC1-751A-4CAB-9431-B0CE41AE8D81}
2012-11-10 16:23 - 2012-11-10 16:23 - 0000057 _____ () C:\ProgramData\Ament.ini
2010-08-06 20:09 - 2009-12-24 13:38 - 0131368 _____ () C:\ProgramData\FullRemove.exe
2010-08-06 20:04 - 2010-08-06 20:05 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2010-08-06 20:04 - 2010-08-06 20:04 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log

Some content of TEMP:
====================
C:\Users\Schnagendorff\AppData\Local\Temp\avgnt.exe
C:\Users\Schnagendorff\AppData\Local\Temp\Quarantine.exe
C:\Users\Schnagendorff\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-24 22:09

==================== End Of Log ============================
--- --- ---


Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-03-2015 03
Ran by Schnagendorff at 2015-03-08 20:38:37
Running from C:\Users\Schnagendorff\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{F4BF5F6B-F695-4762-AEB2-D095A4C34D89}) (Version: 1.5.17.25482 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.5.17.25482 - Alcor Micro Corp.) Hidden
Antivirus Pro (HKLM-x32\...\Avira AntiVir Desktop) (Version: 15.0.8.644 - Avira)
ASUS AI Recovery (HKLM-x32\...\{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}) (Version: 1.0.8 - ASUS)
ASUS AP Bank (HKLM-x32\...\ASUS AP Bank_is1) (Version: 1.0.0.0 - ASUSTEK)
ASUS FancyStart (HKLM-x32\...\{2B81872B-A054-48DA-BE3B-FA5C164C303A}) (Version: 1.0.8 - ASUSTeK Computer Inc.)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.20 - ASUS)
ASUS Live Update (HKLM-x32\...\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}) (Version: 2.5.9 - ASUS)
ASUS MultiFrame (HKLM-x32\...\{9D48531D-2135-49FC-BC29-ACCDA5396A76}) (Version: 1.0.0019 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{91EFE3A1-585E-4F66-B5F6-F118F56C4C47}) (Version: 1.1.27 - ASUS)
ASUS SmartLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0007 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0028 - ASUS)
ASUS USB2.0 UVC VGA WebCam (HKLM\...\ASUS USB2.0 UVC VGA WebCam) (Version: 5.8.53120.202 - Sonix)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.19 - asus)
ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 2.0.46.1429 - eCareme Technologies, Inc.)
ATI Catalyst Install Manager (HKLM\...\{80AB4395-42E3-D0B3-A310-6F0A6BD9709B}) (Version: 3.0.750.0 - ATI Technologies, Inc.)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0001 - ASUS)
Avira (HKLM-x32\...\{d9ed6dcf-6bfc-4fbb-802e-81dd5b767d6e}) (Version: 1.1.32.25147 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.32.25147 - Avira Operations & Co. KG) Hidden
Avira System Speedup 1.6 (HKLM-x32\...\Avira System Speedup_is1) (Version: 1.6 - 2000 - 2015 Avira Operations GmbH & Co. KG)
Boingo Wi-Fi (HKLM-x32\...\{B653A2EC-D816-4498-A4FD-651047AB9DC9}) (Version: 1.7.0048 - Boingo Wireless, Inc.)
Canon Inkjet Printer Driver Add-On Module (HKLM\...\CANONIJINBOXADDON100) (Version:  - )
ccc-core-static (x32 Version: 2009.1111.1543.28169 - ATI) Hidden
CD-LabelPrint (HKLM-x32\...\MediaNavigation.CDLabelPrint) (Version:  - )
Choice Guard (x32 Version: 1.2.87.0 - Microsoft Corporation) Hidden
Citrix Online Launcher (HKLM-x32\...\{AFB80939-4486-49D8-A04E-2B05C0F2DE39}) (Version: 1.0.252 - Citrix)
ControlDeck (HKLM-x32\...\{5B65EF64-1DFA-414A-8C94-7BB726158E21}) (Version: 1.0.5 - ASUS)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1908 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3602c - CyberLink Corp.)
Der Kleine Turnierplaner 6.7.3.1a (HKLM-x32\...\Der_Deploy_0) (Version: 6.7.3.1a - Der Kleine Turnierplaner)
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
ETDWare PS/2-x64 7.0.5.9_WHQL (HKLM\...\Elantech) (Version:  - )
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.5 - ASUS)
Game Park Console (HKLM-x32\...\{C9991C9B-0783-452E-8954-AB93E2AB3B80}_is1) (Version: 6.2.0.2 - Oberon Media, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version:  - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet Pro 8600 - Grundlegende Software für das Gerät (HKLM\...\{1241CE77-0B65-40A0-B893-02EA49E35332}) (Version: 25.0.619.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Hilfe (HKLM-x32\...\{B6F5C6D8-C443-4B55-932F-AE11B5743FC4}) (Version: 140.0.2.2 - Hewlett Packard)
HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.001 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6259.0 - IDT)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.2.50.1050 - Intel Corporation)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Junk Mail filter update (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
K_Series_ScreenSaver_EN (HKLM-x32\...\K_Series_ScreenSaver_EN) (Version:  - )
Konfigurator Eumex 400 (HKLM-x32\...\Konfigurator Eumex 400) (Version:  - )
Lexmark 7300 Series (HKLM\...\Lexmark 7300 Series) (Version:  - )
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 36.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 36.0 (x86 de)) (Version: 36.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 36.0 - Mozilla)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
MyFreeCodec (HKU\S-1-5-21-774983500-107182102-3582295664-1000\...\MyFreeCodec) (Version:  - )
Nitro Reader 3 (HKLM\...\{4756C731-B54E-451A-9AF1-86E8AB1BEBBB}) (Version: 3.5.6.5 - Nitro)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.5.0 - Frank Heindörfer, Philip Chinery)
Rechnungsvorlage V2.30  (ab Excel 2000) V2.30  (HKLM-x32\...\Rechnungsvorlage V2.30  (ab Excel 2000)) (Version: V2.30 - EuEx©  Eugen Brisch)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.3.3.12085_7 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.3.3.12085_7 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14083.17 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.14083.17 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Studie zur Verbesserung von HP Officejet Pro 8600 Produkten (HKLM\...\{4DF1691E-8012-4E7C-89CF-3F7B9146DA6E}) (Version: 25.0.619.0 - Hewlett-Packard Co.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.1.7.18 - Synaptics Incorporated)
syncables desktop SE (HKLM-x32\...\{BBED4F90-7AE5-40BF-AFB7-1B495692F4AB}) (Version: 5.5.615.9518 - syncables)
USB2.0 UVC VGA WebCam (HKLM\...\USB2.0 UVC VGA WebCam) (Version: 5.8.55133.208 - Sonix)
VLC media player 1.1.7 (HKLM-x32\...\VLC media player) (Version: 1.1.7 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{8C1E2925-14F8-45AA-B999-1E2A74BF5607}) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.29.0 - ASUS)
Wireless Console 3 (HKLM-x32\...\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}) (Version: 3.0.15 - ASUS)
Yahoo! Detect (HKLM-x32\...\YTdetect) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

02-03-2015 22:08:08 Windows Update
02-03-2015 23:07:04 Avira System Speedup 1.6
04-03-2015 09:08:15 Installed Microsoft Fix it 50362
04-03-2015 09:10:43 Windows Update
07-03-2015 10:12:55 Revo Uninstaller's restore point - Search App by Ask
07-03-2015 10:16:27 Revo Uninstaller's restore point - Search App by Ask

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2015-03-07 10:45 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {03E7FBCC-F8AA-4BB1-80F5-3D63C6AB4E07} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe [2007-11-30] ()
Task: {1082EA69-86E6-4888-8A89-1C0D21E405DD} - System32\Tasks\AviraSpeedup => C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup_ultimateprotectionsuite.exe [2015-01-30] (Avira Operations GmbH & Co. KG)
Task: {116CC517-63D6-4945-A731-40F10340EABD} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {3017258D-18A0-45B5-9BE4-31CB642A7BDF} - System32\Tasks\{72C5D31F-F8B3-4C41-A127-E6696DA96487} => pcalua.exe -a E:\Setup.exe -d E:\
Task: {310911A8-2141-4D2D-B122-924CEC1928D8} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-774983500-107182102-3582295664-1000UA => C:\Users\Schnagendorff\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
Task: {34143E3E-6588-47B7-8A76-DB9592B14039} - System32\Tasks\ASUSControlDeck => C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe [2009-11-24] ()
Task: {3C367ADD-9927-4939-91FF-C8FBE83DC866} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2009-07-23] (ATK)
Task: {4B9CED8F-A97F-45A4-8FBD-4104E647A9C4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {56D05305-8669-4A1C-859F-62C80EBB4A61} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2009-12-24] (ATK)
Task: {63557B4C-28C1-408D-ADCF-E2AAE5165F82} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => C:\PROGRA~2\AD-AWA~1\AdAwareLauncher.exe
Task: {6628963D-8A47-4A8A-BCFE-26A99C89061B} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2009-05-18] (ASUS)
Task: {87B011FD-C825-4E5B-9BDD-D48F08C16D1E} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2011-09-09] (Hewlett-Packard Co.)
Task: {8810ECCD-3BF8-4667-99D5-837126FE6B21} - System32\Tasks\WC3 => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2010-01-05] ()
Task: {C5CCF2C3-878A-465C-9E17-55CCAD012CF2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-04] (Adobe Systems Incorporated)
Task: {D2C2E0C0-42E4-449B-A73F-65D697470C0A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {D8F13839-3313-4179-8B76-94536B433BB8} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-774983500-107182102-3582295664-1000Core => C:\Users\Schnagendorff\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
Task: {F1DB0D40-145A-44CD-8109-68A27C9BD307} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-774983500-107182102-3582295664-1000Core.job => C:\Users\Schnagendorff\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-774983500-107182102-3582295664-1000UA.job => C:\Users\Schnagendorff\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2010-08-06 20:31 - 2007-11-30 19:20 - 00051768 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
2009-11-24 21:45 - 2009-11-24 21:45 - 00053888 _____ () C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
2009-12-23 21:12 - 2009-12-23 21:12 - 00017920 _____ () C:\Program Files\P4G\DevMng.dll
2009-12-19 03:11 - 2009-12-19 03:11 - 00033280 _____ () C:\Program Files\P4G\OvrClk.dll
2008-10-01 07:02 - 2008-10-01 07:08 - 00011264 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2010-01-05 01:43 - 2010-01-05 01:43 - 01597440 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
2010-03-16 02:48 - 2010-03-16 02:48 - 00148816 _____ () C:\Program Files (x86)\ASUS\ASUS WebStorage\EcaremeDLL.dll
2010-08-06 20:09 - 2010-08-06 20:09 - 00030032 _____ () C:\Windows\assembly\GAC_MSIL\SqliteShared\1.0.3726.20828__0d0f4b69e50e559b\SqliteShared.dll
2010-08-06 20:09 - 2010-08-06 20:09 - 00931840 _____ () C:\Windows\assembly\GAC_64\System.Data.SQLite\1.0.60.0__db937bc2d44ff139\System.Data.SQLite.dll
2008-10-23 18:21 - 2008-10-23 18:21 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-08-06 20:23 - 2010-08-06 20:23 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2009-11-02 22:20 - 2009-11-02 22:20 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2009-11-02 22:23 - 2009-11-02 22:23 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2015-02-20 09:18 - 2015-02-17 23:44 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\libglesv2.dll
2015-02-20 09:18 - 2015-02-17 23:44 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\libegl.dll
2015-02-20 09:18 - 2015-02-17 23:44 - 09171272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\pdf.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-774983500-107182102-3582295664-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Schnagendorff\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: ApnUpdater => "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe
MSCONFIG\startupreg: Boingo Wi-Fi => "C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk"
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: KiesAirMessage => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
MSCONFIG\startupreg: KiesPDLR => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MSCONFIG\startupreg: KiesPreload => C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: SearchProtection => C:\ProgramData\Search Protection\_run.bat
MSCONFIG\startupreg: Sweetpacks Communicator => C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe

==================== Accounts: =============================

Administrator (S-1-5-21-774983500-107182102-3582295664-500 - Administrator - Disabled)
Gast (S-1-5-21-774983500-107182102-3582295664-501 - Limited - Disabled)
Schnagendorff (S-1-5-21-774983500-107182102-3582295664-1000 - Administrator - Enabled) => C:\Users\Schnagendorff

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2015-03-07 12:29:22.876
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-03-07 12:29:22.763
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-03-07 12:29:22.648
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-03-07 12:29:22.525
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-03-07 10:45:04.644
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-03-07 10:45:04.520
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-04-14 08:52:30.909
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-04-14 08:52:30.744
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-04-14 08:52:27.560
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-04-14 08:52:27.341
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3 CPU M 350 @ 2.27GHz
Percentage of memory in use: 41%
Total physical RAM: 3948.54 MB
Available physical RAM: 2300.73 MB
Total Pagefile: 7895.27 MB
Available Pagefile: 5393.95 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:116.44 GB) (Free:43.8 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (DATA) (Fixed) (Total:329.79 GB) (Free:329.67 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: E0C5913D)
Partition 1: (Not Active) - (Size=19.5 GB) - (Type=1C)
Partition 2: (Active) - (Size=116.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=329.8 GB) - (Type=OF Extended)

==================== End Of Log ============================
Das wars denke ich. Ich hoffe ich hab nichts vergessen.

schrauber 09.03.2015 12:59

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

Schnagi 10.03.2015 10:45
So, erledigt.

Code:
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=d02e9d2cd99e32498c11d8c942dccf1e
# engine=22833
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-03-10 09:09:12
# local_time=2015-03-10 10:09:12 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 656142 177608402 0 0
# scanned=183432
# found=6
# cleaned=6
# scan_time=5836
sh=E66A5B7ED0A953E97CC6DE4C63572ABF80100FB2 ft=1 fh=aa70a0524dd7deff vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Schnagendorff\Downloads\7Zip920DE.exe"
sh=E8CD33623287C08C7CC3662A042E45522654BB30 ft=1 fh=7cd3b160b0dbd4bd vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Schnagendorff\Downloads\FreeYouTubeToMP3Converter37.exe"
sh=1447092BA29779C726829611180994E17718C412 ft=1 fh=23f22b72eb3a5b90 vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Schnagendorff\Downloads\PDFCreator-1_7_2_setup_offline.exe"
sh=7BA0A01D63E1511F6101A736D157C4D1F885EDEB ft=1 fh=1aba12d0f1f8efc7 vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Schnagendorff\Downloads\PDFCreator-2_0_0-setup.exe"
sh=566095531FD328C3054D52C571431D0305103E40 ft=1 fh=0e5c76553bbccf7f vn="Variante von Win32/Systweak.H evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Schnagendorff\Downloads\supereasy_driver_updater_1.1.1_7870.exe"
sh=41A2591144F9CD9AB1C02C6A218BB5BA7654643E ft=1 fh=1cba7093867ed45e vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Windows\AppPatch\AppPatch64\VCLdr64.dll"
Code:
Results of screen317's Security Check version 0.99.97 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop 
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````
 Java 8 Update 40 
 Java version 32-bit out of Date!
  Java 64-bit 8 Update 31 
 Adobe Flash Player 16.0.0.305 
 Adobe Reader XI 
 Mozilla Firefox (36.0)
 Google Chrome (40.0.2214.111)
 Google Chrome (40.0.2214.115)
````````Process Check: objlist.exe by Laurent```````` 
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbam.exe 
 Avira Antivir avgnt.exe
 Avira Antivir avguard.exe
 Malwarebytes Anti-Malware mbamscheduler.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-03-2015 03
Ran by Schnagendorff (administrator) on SCHNAGENDORFF01 on 10-03-2015 10:34:14
Running from C:\Users\Schnagendorff\Desktop
Loaded Profiles: Schnagendorff (Available profiles: Schnagendorff)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_38986e29a8b510a2\stacsv64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
() C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
() C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
(ATK) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ATK) C:\Program Files\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(ASUS) C:\Windows\AsScrPro.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup_ultimateprotectionsuite.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\perfhost.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(AlcorMicro Co., Ltd.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Sonix Technology Co., Ltd.) C:\Windows\vsnp2uvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [621440 2009-09-30] (ELAN Microelectronic Corp.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2009-11-27] (IDT, Inc.)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323584 2009-09-01] (AlcorMicro Co., Ltd.)
HKLM\...\Run: [snp2uvc] => C:\Windows\vsnp2uvc.exe [909824 2010-01-21] (Sonix Technology Co., Ltd.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2818800 2014-08-25] (Synaptics Incorporated)
HKLM-x32\...\Run: [UpdateLBPShortCut] => C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-11-11] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [6998656 2009-10-27] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [127792 2015-02-12] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [111928 2013-05-03] (Intel Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [704248 2015-03-05] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-18\...\RunOnce: [Del1054220420] => cmd.exe /Q /D /c del "C:\Windows\TEMP\0.del" <===== ATTENTION
HKU\S-1-5-18\...\RunOnce: [Del14217494] => cmd.exe /Q /D /c del "C:\Windows\TEMP\0.del" <===== ATTENTION
HKU\S-1-5-18\...\RunOnce: [Del196020638] => cmd.exe /Q /D /c del "C:\Windows\TEMP\0.del" <===== ATTENTION
HKU\S-1-5-18\...\RunOnce: [Del11550189] => cmd.exe /Q /D /c del "C:\Windows\TEMP\0.del" <===== ATTENTION
HKU\S-1-5-18\...\RunOnce: [Del100880838] => cmd.exe /Q /D /c del "C:\Windows\TEMP\0.del" <===== ATTENTION
HKU\S-1-5-18\...\RunOnce: [Del286916508] => cmd.exe /Q /D /c del "C:\Windows\TEMP\0.del" <===== ATTENTION
HKU\S-1-5-18\...\RunOnce: [Del357147612] => cmd.exe /Q /D /c del "C:\Windows\TEMP\0.del" <===== ATTENTION
HKU\S-1-5-18\...\RunOnce: [Del467723976] => cmd.exe /Q /D /c del "C:\Windows\TEMP\0.del" <===== ATTENTION
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\service\AsusWSShellExt64.dll (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\service\AsusWSShellExt64.dll (eCareme Technologies, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-774983500-107182102-3582295664-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:51390;https=127.0.0.1:51390
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-774983500-107182102-3582295664-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/?pc=COSP&ptag=D022115-A6B219395BABB4E59ADF&form=CONMHP&conlogo=CT3332005
HKU\S-1-5-21-774983500-107182102-3582295664-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-774983500-107182102-3582295664-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
SearchScopes: HKU\S-1-5-21-774983500-107182102-3582295664-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: Windows Live Family Safety Browser Helper Class -> {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} -> C:\Program Files\Windows Live\Family Safety\fssbho.dll [2008-12-08] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2010-08-06] (Google Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll [2010-08-06] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-04] (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2010-08-06] (Google Inc.)
BHO-x32: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll [2010-08-06] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Google Dictionary Compression sdch -> {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} -> C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2010-08-06] (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-04] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2010-08-06] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2010-08-06] (Google Inc.)
Toolbar: HKU\S-1-5-21-774983500-107182102-3582295664-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Schnagendorff\AppData\Roaming\Mozilla\Firefox\Profiles\e3y8gbvs.default
FF NewTab: hxxp://www.bing.com/?pc=COSP&ptag=D022115-A6B219395BABB4E59ADF&form=CONMHP&conlogo=CT3332005
FF SelectedSearchEngine: Bing
FF Homepage: https://www.google.de/
FF Keyword.URL:
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-04] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-04] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-04] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-04] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8051.1204 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2008-12-04] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll [2013-07-26] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-774983500-107182102-3582295664-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Schnagendorff\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-01-21] (Citrix Online)
FF Plugin HKU\S-1-5-21-774983500-107182102-3582295664-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Schnagendorff\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Extension: 20-20 3D Viewer - IKEA - C:\Users\Schnagendorff\AppData\Roaming\Mozilla\Firefox\Profiles\e3y8gbvs.default\Extensions\2020Player_IKEA@2020Technologies.com [2014-01-17]
FF Extension: Avira Browser Safety - C:\Users\Schnagendorff\AppData\Roaming\Mozilla\Firefox\Profiles\e3y8gbvs.default\Extensions\abs@avira.com [2015-02-25]
FF Extension: Lavasoft Search Plugin - C:\Users\Schnagendorff\AppData\Roaming\Mozilla\Firefox\Profiles\e3y8gbvs.default\Extensions\jid1-yZwVFzbsyfMrqQ@jetpack [2013-03-09]
FF Extension: Zoom It - C:\Users\Schnagendorff\AppData\Roaming\Mozilla\Firefox\Profiles\e3y8gbvs.default\Extensions\{79e5e2aa-ce59-fdac-82a6-7bac7f83c4af} [2015-03-04]
FF Extension: Zoom It - C:\Users\Schnagendorff\AppData\Roaming\Mozilla\Firefox\Profiles\e3y8gbvs.default\Extensions\{942d977d-27a2-b922-0361-13155829595f} [2015-03-07]
FF Extension: DownloadHelper - C:\Users\Schnagendorff\AppData\Roaming\Mozilla\Firefox\Profiles\e3y8gbvs.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-05]
FF Extension: OLB - C:\Users\Schnagendorff\AppData\Roaming\Mozilla\Firefox\Profiles\e3y8gbvs.default\Extensions\{C752FF21-A8EF-468E-B507-5BBAFB84359D} [2014-08-26]
FF Extension: Adblock Plus - C:\Users\Schnagendorff\AppData\Roaming\Mozilla\Firefox\Profiles\e3y8gbvs.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-25]
FF Extension: {e794c1e8-6f9e-4ddd-9918-bc7a784b7812} - C:\Users\Schnagendorff\AppData\Roaming\Mozilla\Firefox\Profiles\e3y8gbvs.default\Extensions\{e794c1e8-6f9e-4ddd-9918-bc7a784b7812}.xpi [2015-02-21]
FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2012-11-10]

Chrome:
=======
CHR DefaultSuggestURL: Default -> hxxp://ssmsp.ask.com/query?sstype=prefix&li=ff&q={searchTerms}
CHR Profile: C:\Users\Schnagendorff\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Schnagendorff\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-09]
CHR Extension: (Avira Browser Safety) - C:\Users\Schnagendorff\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-03-02]
CHR Extension: (Google Wallet) - C:\Users\Schnagendorff\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-09]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [806192 2015-03-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2015-03-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2015-03-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [992048 2015-03-05] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [184056 2015-02-12] (Avira Operations GmbH & Co. KG)
S3 lxci_device; C:\Windows\system32\lxcicoms.exe [452608 2006-05-15] ( )
S3 lxci_device; C:\Windows\SysWOW64\lxcicoms.exe [537520 2007-02-01] ( )
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S4 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-07-26] (Nitro PDF Software)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_38986e29a8b510a2\STacSV64.exe [243712 2009-11-27] (IDT, Inc.)
S4 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [191728 2014-08-25] (Synaptics Incorporated)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-03-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-03-05] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-11-24] (Avira Operations GmbH & Co. KG)
S3 AVMCOWAN; C:\Windows\System32\DRIVERS\AVMCOWAN.sys [105472 2006-12-08] (AVM GmbH) [File not signed]
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-03-05] (Avira Operations GmbH & Co. KG)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-03-20] () [File not signed]
S3 fxusbase; C:\Windows\System32\DRIVERS\fxusbase.sys [706560 2006-12-08] (AVM Berlin) [File not signed]
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-03-09] (GFI Software)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-03-10] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
S3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [31472 2014-08-25] (Synaptics Incorporated)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1800832 2010-09-07] (Sonix Technology Co., Ltd.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
U3 tmlwf; No ImagePath
U3 tmwfp; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-10 10:34 - 2015-03-10 10:34 - 00022298 _____ () C:\Users\Schnagendorff\Desktop\FRST.txt
2015-03-10 10:32 - 2015-03-10 10:32 - 00001040 _____ () C:\Users\Schnagendorff\Desktop\checkup.txt
2015-03-10 10:27 - 2015-03-10 10:27 - 00852604 _____ () C:\Users\Schnagendorff\Desktop\SecurityCheck.exe
2015-03-10 10:23 - 2015-03-10 10:24 - 00002114 _____ () C:\Users\Schnagendorff\Desktop\eset txt.txt
2015-03-10 10:22 - 2015-03-10 10:22 - 00000000 __SHD () C:\Users\Schnagendorff\AppData\Local\EmieBrowserModeList
2015-03-10 08:30 - 2015-03-10 08:30 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-03-10 08:27 - 2015-03-10 08:27 - 02347384 _____ (ESET) C:\Users\Schnagendorff\Desktop\esetsmartinstaller_deu.exe
2015-03-08 20:27 - 2015-03-08 20:27 - 01388333 _____ (Thisisu) C:\Users\Schnagendorff\Desktop\JRT.exe
2015-03-08 20:26 - 2015-03-08 20:26 - 00001413 _____ () C:\Users\Schnagendorff\Desktop\AdwCleaner[S0].txt
2015-03-08 20:18 - 2015-03-08 20:23 - 00000000 ____D () C:\AdwCleaner
2015-03-08 20:18 - 2015-03-08 20:18 - 02126848 _____ () C:\Users\Schnagendorff\Desktop\AdwCleaner_4.111.exe
2015-03-08 20:13 - 2015-03-09 09:23 - 00000000 ____D () C:\Users\Schnagendorff\Desktop\Trojaner Board
2015-03-08 19:45 - 2015-03-10 08:24 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-08 19:45 - 2015-03-08 19:45 - 00001064 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-03-08 19:45 - 2015-03-08 19:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-08 19:45 - 2015-03-08 19:45 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-08 19:45 - 2015-03-08 19:45 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-03-08 19:45 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-08 19:45 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-08 19:45 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-08 19:41 - 2015-03-08 19:41 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Schnagendorff\Desktop\mbam-setup-2.0.4.1028.exe
2015-03-07 13:42 - 2015-03-07 13:50 - 00000000 ____D () C:\ComboFix
2015-03-07 10:46 - 2015-03-10 08:21 - 00126658 _____ () C:\Windows\PFRO.log
2015-03-07 10:38 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-03-07 10:38 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-03-07 10:38 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-03-07 10:38 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-03-07 10:38 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-03-07 10:38 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-03-07 10:38 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-03-07 10:38 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-03-07 10:34 - 2015-03-07 10:34 - 05612482 ____R (Swearware) C:\Users\Schnagendorff\Desktop\ComboFix.exe
2015-03-07 10:22 - 2015-03-07 10:22 - 00000841 _____ () C:\Users\Schnagendorff\Desktop\Run Hunter Mode.lnk
2015-03-07 10:19 - 2015-03-07 10:24 - 00000000 ____D () C:\Qoobox
2015-03-07 10:18 - 2015-03-07 10:51 - 00000000 ____D () C:\Windows\erdnt
2015-03-07 10:10 - 2015-03-07 10:10 - 00000771 _____ () C:\Users\Schnagendorff\Desktop\Revo Uninstaller.lnk
2015-03-07 10:09 - 2015-03-07 10:09 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Schnagendorff\Downloads\revosetup95.exe
2015-03-06 12:36 - 2015-03-06 12:36 - 00007822 _____ () C:\Users\Schnagendorff\Downloads\Avira Ereignisse.txt
2015-03-06 11:44 - 2015-03-06 11:44 - 00380416 _____ () C:\Users\Schnagendorff\Desktop\Gmer-19357.exe
2015-03-06 11:40 - 2015-03-10 10:34 - 00000000 ____D () C:\FRST
2015-03-06 11:39 - 2015-03-08 20:37 - 02095104 _____ (Farbar) C:\Users\Schnagendorff\Desktop\FRST64.exe
2015-03-06 11:37 - 2015-03-06 11:37 - 00000000 _____ () C:\Users\Schnagendorff\defogger_reenable
2015-03-06 11:36 - 2015-03-06 11:36 - 00050477 _____ () C:\Users\Schnagendorff\Downloads\Defogger (1).exe
2015-03-06 11:34 - 2015-03-06 11:34 - 00050477 _____ () C:\Users\Schnagendorff\Desktop\Defogger.exe
2015-03-06 10:06 - 2015-03-06 10:13 - 00000000 ____D () C:\Users\Schnagendorff\Desktop\Global Well
2015-03-04 15:16 - 2015-03-10 08:22 - 00000560 _____ () C:\Windows\setupact.log
2015-03-04 15:16 - 2015-03-04 15:16 - 00000000 _____ () C:\Windows\setuperr.log
2015-03-04 09:07 - 2015-03-04 09:08 - 00652800 _____ () C:\Users\Schnagendorff\Downloads\MicrosoftFixit50362.msi
2015-03-04 09:06 - 2015-03-04 09:06 - 00000420 _____ () C:\DelFix.txt
2015-03-04 08:32 - 2015-03-04 08:32 - 00000000 ____D () C:\Windows\Sun
2015-03-04 08:30 - 2015-01-09 04:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-03-04 08:30 - 2015-01-09 04:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-03-04 08:30 - 2015-01-09 04:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-03-04 08:30 - 2015-01-09 03:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2015-03-04 08:25 - 2015-03-04 08:25 - 00561576 _____ (Oracle Corporation) C:\Users\Schnagendorff\Downloads\chromeinstall-8u40.exe
2015-03-03 08:30 - 2015-03-03 08:30 - 00001121 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-03-03 08:29 - 2015-03-03 08:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-03 08:29 - 2015-03-03 08:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-02 23:45 - 2015-03-02 23:45 - 00243576 _____ () C:\Users\Schnagendorff\Downloads\Firefox Setup Stub 36.0.exe
2015-03-02 23:08 - 2015-03-04 08:57 - 00000000 ____D () C:\Users\Schnagendorff\AppData\Local\AviraSpeedup
2015-03-02 23:08 - 2015-03-02 23:08 - 00001283 _____ () C:\Users\Public\Desktop\Avira System Speedup.lnk
2015-03-02 23:08 - 2015-03-02 23:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AviraSpeedup
2015-03-02 23:06 - 2015-03-02 23:06 - 04568832 _____ (2000 - 2015 Avira Operations GmbH & Co. KG ) C:\Users\Schnagendorff\Downloads\avira_speedup_ultimateprotectionsuite.exe
2015-03-02 23:06 - 2015-03-02 23:06 - 00003368 _____ () C:\Windows\System32\Tasks\AviraSpeedup
2015-03-02 23:05 - 2015-03-02 23:05 - 00000000 ____D () C:\Users\Schnagendorff\AppData\Roaming\Avira
2015-03-02 23:04 - 2015-03-05 12:17 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-03-02 23:04 - 2015-03-05 12:17 - 00128536 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-03-02 23:04 - 2015-03-05 12:17 - 00044088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-03-02 23:04 - 2015-03-02 23:04 - 00002028 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2015-03-02 23:04 - 2014-11-24 10:23 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2015-03-02 23:00 - 2015-03-02 23:01 - 175605432 _____ () C:\Users\Schnagendorff\Downloads\avira_antivirus_pro_de.exe
2015-03-02 22:04 - 2015-03-02 22:04 - 04582672 _____ (Avira Operations & Co. KG) C:\Users\Schnagendorff\Downloads\avira_de_av_5881315009__ws.exe
2015-03-02 21:41 - 2015-03-02 21:41 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2015-03-02 21:39 - 2015-03-02 21:39 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
2015-03-02 21:39 - 2015-03-02 21:39 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01011.Wdf
2015-03-02 21:39 - 2015-03-02 21:39 - 00000000 ____D () C:\Program Files\Synaptics
2015-03-02 21:38 - 2014-08-25 17:22 - 00750320 _____ (Synaptics Incorporated) C:\Windows\system32\SynCOM.dll
2015-03-02 21:38 - 2014-08-25 17:22 - 00546032 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\SynTP.sys
2015-03-02 21:38 - 2014-08-25 17:22 - 00407280 _____ (Synaptics Incorporated) C:\Windows\SysWOW64\SynCom.dll
2015-03-02 21:38 - 2014-08-25 17:22 - 00255216 _____ (Synaptics Incorporated) C:\Windows\system32\SynTPAPI.dll
2015-03-02 21:38 - 2014-08-25 17:22 - 00208624 _____ (Synaptics Incorporated) C:\Windows\system32\SynTPCo20.dll
2015-03-02 21:38 - 2014-08-25 17:22 - 00031472 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\Smb_driver_Intel.sys
2015-03-02 21:38 - 2013-04-16 18:33 - 01795952 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01011.dll
2015-03-02 21:33 - 2015-03-02 21:50 - 00000000 ____D () C:\drivertemp
2015-03-02 21:15 - 2015-03-02 21:15 - 00000000 ____D () C:\Users\Schnagendorff\AppData\Roaming\Nitro PDF
2015-03-02 20:54 - 2015-03-02 20:54 - 00000000 ____D () C:\Users\Schnagendorff\AppData\Roaming\Chip Digital GmbH
2015-03-02 09:42 - 2015-03-02 09:42 - 00001169 _____ () C:\Users\Public\Desktop\Avira.lnk
2015-03-02 09:41 - 2015-03-02 09:41 - 04582672 _____ (Avira Operations & Co. KG) C:\Users\Schnagendorff\Downloads\avira_de_uppro_21353280_w9qz89wi8m2jo9ezvl6r_wd.exe
2015-03-02 09:41 - 2015-03-02 09:41 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-27 14:29 - 2015-02-27 14:29 - 00000000 _____ () C:\Users\Schnagendorff\Desktop\Neue Bitmap (2).bmp
2015-02-25 14:30 - 2015-01-09 00:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
2015-02-25 14:30 - 2015-01-09 00:43 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-02-25 09:28 - 2015-02-25 09:28 - 01494894 _____ () C:\Users\Schnagendorff\Desktop\Präsentation Yo-You-Effekt 2.pptx
2015-02-21 11:17 - 2015-02-21 11:17 - 00000000 ____D () C:\Users\Schnagendorff\AppData\Roaming\dlg
2015-02-21 11:15 - 2015-02-21 11:15 - 00000000 ____D () C:\Users\Schnagendorff\AppData\Roaming\Nitro
2015-02-21 11:15 - 2015-02-21 11:15 - 00000000 ____D () C:\Users\Schnagendorff\AppData\Roaming\FileOpen
2015-02-21 11:15 - 2015-02-21 11:15 - 00000000 ____D () C:\ProgramData\FileOpen
2015-02-21 11:14 - 2015-02-21 11:14 - 00002499 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nitro Reader 3.lnk
2015-02-21 11:14 - 2015-02-21 11:14 - 00002005 _____ () C:\Users\Public\Desktop\Nitro Reader.lnk
2015-02-21 11:14 - 2015-02-21 11:14 - 00000000 ____D () C:\ProgramData\Nitro
2015-02-21 11:14 - 2015-02-21 11:14 - 00000000 ____D () C:\Program Files\Common Files\Nitro
2015-02-21 11:14 - 2015-02-21 11:14 - 00000000 ____D () C:\Program Files (x86)\Nitro
2015-02-21 11:14 - 2013-07-26 06:57 - 00029712 _____ (Nitro PDF Software) C:\Windows\system32\nitrolocalmon2.dll
2015-02-21 11:14 - 2013-07-26 06:57 - 00017936 _____ (Nitro PDF Software) C:\Windows\system32\nitrolocalui2.dll
2015-02-21 11:09 - 2015-02-21 11:13 - 00000000 ____D () C:\Users\Schnagendorff\AppData\Roaming\Downloaded Installations
2015-02-21 11:08 - 2015-02-25 12:49 - 00002960 _____ () C:\Windows\SysWOW64\LavasoftTcpServiceOff.ini
2015-02-21 11:08 - 2015-02-25 12:49 - 00002960 _____ () C:\Windows\system32\LavasoftTcpServiceOff.ini
2015-02-21 11:08 - 2015-02-18 11:55 - 00372264 _____ (Lavasoft Limited) C:\Windows\system32\LavasoftTcpService64.dll
2015-02-21 11:08 - 2015-02-18 11:55 - 00326240 _____ (Lavasoft Limited) C:\Windows\SysWOW64\LavasoftTcpService.dll
2015-02-13 10:49 - 2015-01-23 05:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-13 10:49 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-13 10:49 - 2015-01-23 04:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-13 10:49 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-11 08:53 - 2015-02-04 04:16 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-11 08:53 - 2015-02-04 04:16 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-11 08:53 - 2015-02-04 04:16 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-11 08:53 - 2015-02-04 04:16 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-11 08:53 - 2015-02-04 04:16 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-11 08:53 - 2015-02-04 04:16 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-02-11 08:53 - 2015-02-04 04:13 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-11 08:53 - 2015-01-28 00:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-02-11 08:53 - 2015-01-14 06:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-11 08:53 - 2015-01-14 06:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-11 08:53 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 08:53 - 2015-01-12 04:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-11 08:53 - 2015-01-12 04:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-11 08:53 - 2015-01-12 03:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-11 08:53 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 08:53 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 08:53 - 2015-01-12 03:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-11 08:53 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-11 08:53 - 2015-01-12 03:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-11 08:53 - 2015-01-12 03:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-11 08:53 - 2015-01-12 03:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-11 08:53 - 2015-01-12 03:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-11 08:53 - 2015-01-12 03:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-11 08:53 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-11 08:53 - 2015-01-12 03:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-11 08:53 - 2015-01-12 03:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-11 08:53 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 08:53 - 2015-01-12 03:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-11 08:53 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-11 08:53 - 2015-01-12 03:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-11 08:53 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 08:53 - 2015-01-12 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-11 08:53 - 2015-01-12 03:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-11 08:53 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-11 08:53 - 2015-01-12 03:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-11 08:53 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-11 08:53 - 2015-01-12 03:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-11 08:53 - 2015-01-12 02:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-11 08:53 - 2015-01-12 02:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-11 08:53 - 2015-01-12 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-11 08:53 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 08:53 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-11 08:53 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 08:53 - 2015-01-12 02:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-11 08:53 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-11 08:53 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 08:53 - 2015-01-12 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-11 08:53 - 2015-01-12 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-11 08:53 - 2015-01-12 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-11 08:53 - 2015-01-12 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-11 08:53 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 08:53 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-11 08:53 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-11 08:53 - 2015-01-12 02:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-11 08:53 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-11 08:53 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 08:53 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-11 08:53 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-11 08:53 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-11 08:53 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-11 08:53 - 2015-01-10 07:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-11 08:53 - 2015-01-10 07:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-11 08:53 - 2015-01-10 07:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-11 08:53 - 2015-01-10 07:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-11 08:53 - 2015-01-10 07:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-11 08:53 - 2015-01-10 07:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-11 08:53 - 2015-01-10 07:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-11 08:53 - 2015-01-10 07:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-11 08:53 - 2015-01-10 07:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-11 08:53 - 2015-01-10 07:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-11 08:53 - 2015-01-10 07:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-11 08:53 - 2015-01-10 07:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-11 08:53 - 2015-01-10 07:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-11 08:53 - 2015-01-10 07:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-11 08:52 - 2015-01-15 09:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 08:52 - 2015-01-15 09:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-11 08:52 - 2015-01-15 09:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 08:52 - 2015-01-15 09:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-11 08:52 - 2015-01-15 09:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-11 08:52 - 2015-01-15 09:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-11 08:52 - 2015-01-15 09:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-11 08:52 - 2015-01-15 09:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-11 08:52 - 2015-01-15 09:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-11 08:52 - 2015-01-15 09:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-11 08:52 - 2015-01-15 09:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 08:52 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-11 08:52 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-11 08:52 - 2015-01-15 08:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-11 08:52 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-11 08:52 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-11 08:52 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-11 08:52 - 2015-01-15 05:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 08:52 - 2015-01-14 07:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 08:52 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-11 08:52 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-11 08:52 - 2015-01-13 04:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 08:52 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-11 08:52 - 2014-12-12 06:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-11 08:52 - 2014-12-12 06:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-11 08:52 - 2014-12-08 04:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 08:52 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-11 08:52 - 2014-11-26 04:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 08:52 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-11 08:52 - 2014-10-04 03:10 - 03722752 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-02-11 08:52 - 2014-10-04 02:42 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-02-11 08:52 - 2014-10-04 02:42 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2015-02-11 08:51 - 2015-01-14 07:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-11 08:51 - 2015-01-14 07:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-11 08:51 - 2015-01-14 07:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-11 08:51 - 2015-01-14 06:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-11 08:51 - 2015-01-09 03:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-10 10:34 - 2012-07-11 12:58 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-10 10:34 - 2010-08-06 19:49 - 01278830 _____ () C:\Windows\WindowsUpdate.log
2015-03-10 09:52 - 2010-08-06 20:09 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-10 09:49 - 2011-10-09 19:57 - 00001170 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-774983500-107182102-3582295664-1000UA.job
2015-03-10 08:30 - 2009-07-14 05:45 - 00018832 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-10 08:30 - 2009-07-14 05:45 - 00018832 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-10 08:22 - 2010-08-06 20:09 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-10 08:22 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-09 18:38 - 2011-10-09 19:57 - 00001148 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-774983500-107182102-3582295664-1000Core.job
2015-03-08 21:50 - 2010-10-11 20:52 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2015-03-08 20:30 - 2009-08-04 10:51 - 00700134 _____ () C:\Windows\system32\perfh007.dat
2015-03-08 20:30 - 2009-08-04 10:51 - 00149984 _____ () C:\Windows\system32\perfc007.dat
2015-03-08 20:30 - 2009-07-14 06:13 - 01622300 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-08 20:09 - 2010-08-06 20:31 - 00001634 _____ () C:\Windows\system32\ServiceFilter.ini
2015-03-08 20:07 - 2014-05-02 20:40 - 00000000 ____D () C:\Users\Schnagendorff\AppData\Local\TB
2015-03-07 13:48 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-03-06 12:47 - 2010-10-12 08:04 - 00000000 ____D () C:\Users\Schnagendorff\AppData\Roaming\Adobe
2015-03-06 11:37 - 2010-10-11 21:00 - 00000000 ____D () C:\Users\Schnagendorff
2015-03-04 15:16 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing
2015-03-04 08:28 - 2014-01-15 13:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-03-04 08:27 - 2014-01-15 13:36 - 00000000 ____D () C:\ProgramData\Oracle
2015-03-04 08:27 - 2014-01-15 13:35 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-03-04 08:27 - 2014-01-15 13:35 - 00000000 ____D () C:\Program Files (x86)\Java
2015-03-02 23:40 - 2010-10-12 08:32 - 00000000 ____D () C:\Users\Schnagendorff\Desktop\Anwendungen
2015-03-02 23:36 - 2009-07-14 05:45 - 00409144 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-02 23:11 - 2011-02-10 20:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2015-03-02 23:08 - 2010-10-11 21:00 - 00109696 _____ () C:\Users\Schnagendorff\AppData\Local\GDIPFONTCACHEV1.DAT
2015-03-02 23:06 - 2013-03-10 11:23 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-03-02 23:04 - 2013-03-10 11:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-03-02 23:04 - 2011-10-21 07:53 - 00000000 ____D () C:\ProgramData\Avira
2015-03-02 21:56 - 2010-08-06 20:31 - 00002254 _____ () C:\Windows\system32\AutoRunFilter.ini
2015-03-02 21:41 - 2010-08-06 20:18 - 00000000 ____D () C:\Program Files (x86)\Intel
2015-03-02 09:50 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-02-25 13:10 - 2014-07-01 13:35 - 00000000 ____D () C:\ProgramData\eBay
2015-02-25 13:08 - 2015-01-21 19:06 - 00000000 ____D () C:\Users\Schnagendorff\AppData\Local\Citrix
2015-02-25 12:49 - 2013-03-09 20:46 - 00000000 ____D () C:\ProgramData\Lavasoft
2015-02-24 22:25 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2015-02-20 13:27 - 2011-04-10 12:24 - 00000000 ____D () C:\Users\Schnagendorff\Documents\Axel Praxis
2015-02-13 11:32 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-02-11 20:12 - 2014-12-15 12:41 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-11 20:12 - 2014-05-06 12:24 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-11 18:27 - 2011-04-11 09:21 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-11 18:27 - 2009-07-14 03:34 - 00000478 _____ () C:\Windows\win.ini
2015-02-11 18:23 - 2013-07-27 12:34 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-11 18:15 - 2010-10-12 08:19 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Files in the root of some directories =======

2011-12-01 12:33 - 2011-12-01 12:33 - 0000000 _____ () C:\Users\Schnagendorff\AppData\Local\{7D926FC1-751A-4CAB-9431-B0CE41AE8D81}
2012-11-10 16:23 - 2012-11-10 16:23 - 0000057 _____ () C:\ProgramData\Ament.ini
2010-08-06 20:09 - 2009-12-24 13:38 - 0131368 _____ () C:\ProgramData\FullRemove.exe
2010-08-06 20:04 - 2010-08-06 20:05 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2010-08-06 20:04 - 2010-08-06 20:04 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log

Some content of TEMP:
====================
C:\Users\Schnagendorff\AppData\Local\Temp\avgnt.exe
C:\Users\Schnagendorff\AppData\Local\Temp\Quarantine.exe
C:\Users\Schnagendorff\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-24 22:09

==================== End Of Log ============================
--- --- ---


Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-03-2015 03
Ran by Schnagendorff at 2015-03-10 10:35:24
Running from C:\Users\Schnagendorff\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{F4BF5F6B-F695-4762-AEB2-D095A4C34D89}) (Version: 1.5.17.25482 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.5.17.25482 - Alcor Micro Corp.) Hidden
Antivirus Pro (HKLM-x32\...\Avira AntiVir Desktop) (Version: 15.0.8.644 - Avira)
ASUS AI Recovery (HKLM-x32\...\{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}) (Version: 1.0.8 - ASUS)
ASUS AP Bank (HKLM-x32\...\ASUS AP Bank_is1) (Version: 1.0.0.0 - ASUSTEK)
ASUS FancyStart (HKLM-x32\...\{2B81872B-A054-48DA-BE3B-FA5C164C303A}) (Version: 1.0.8 - ASUSTeK Computer Inc.)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.20 - ASUS)
ASUS Live Update (HKLM-x32\...\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}) (Version: 2.5.9 - ASUS)
ASUS MultiFrame (HKLM-x32\...\{9D48531D-2135-49FC-BC29-ACCDA5396A76}) (Version: 1.0.0019 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{91EFE3A1-585E-4F66-B5F6-F118F56C4C47}) (Version: 1.1.27 - ASUS)
ASUS SmartLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0007 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0028 - ASUS)
ASUS USB2.0 UVC VGA WebCam (HKLM\...\ASUS USB2.0 UVC VGA WebCam) (Version: 5.8.53120.202 - Sonix)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.19 - asus)
ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 2.0.46.1429 - eCareme Technologies, Inc.)
ATI Catalyst Install Manager (HKLM\...\{80AB4395-42E3-D0B3-A310-6F0A6BD9709B}) (Version: 3.0.750.0 - ATI Technologies, Inc.)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0001 - ASUS)
Avira (HKLM-x32\...\{d9ed6dcf-6bfc-4fbb-802e-81dd5b767d6e}) (Version: 1.1.32.25147 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.32.25147 - Avira Operations & Co. KG) Hidden
Avira System Speedup 1.6 (HKLM-x32\...\Avira System Speedup_is1) (Version: 1.6 - 2000 - 2015 Avira Operations GmbH & Co. KG)
Boingo Wi-Fi (HKLM-x32\...\{B653A2EC-D816-4498-A4FD-651047AB9DC9}) (Version: 1.7.0048 - Boingo Wireless, Inc.)
Canon Inkjet Printer Driver Add-On Module (HKLM\...\CANONIJINBOXADDON100) (Version:  - )
ccc-core-static (x32 Version: 2009.1111.1543.28169 - ATI) Hidden
CD-LabelPrint (HKLM-x32\...\MediaNavigation.CDLabelPrint) (Version:  - )
Choice Guard (x32 Version: 1.2.87.0 - Microsoft Corporation) Hidden
Citrix Online Launcher (HKLM-x32\...\{AFB80939-4486-49D8-A04E-2B05C0F2DE39}) (Version: 1.0.252 - Citrix)
ControlDeck (HKLM-x32\...\{5B65EF64-1DFA-414A-8C94-7BB726158E21}) (Version: 1.0.5 - ASUS)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1908 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3602c - CyberLink Corp.)
Der Kleine Turnierplaner 6.7.3.1a (HKLM-x32\...\Der_Deploy_0) (Version: 6.7.3.1a - Der Kleine Turnierplaner)
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
ETDWare PS/2-x64 7.0.5.9_WHQL (HKLM\...\Elantech) (Version:  - )
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.5 - ASUS)
Game Park Console (HKLM-x32\...\{C9991C9B-0783-452E-8954-AB93E2AB3B80}_is1) (Version: 6.2.0.2 - Oberon Media, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version:  - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet Pro 8600 - Grundlegende Software für das Gerät (HKLM\...\{1241CE77-0B65-40A0-B893-02EA49E35332}) (Version: 25.0.619.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Hilfe (HKLM-x32\...\{B6F5C6D8-C443-4B55-932F-AE11B5743FC4}) (Version: 140.0.2.2 - Hewlett Packard)
HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.001 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6259.0 - IDT)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.2.50.1050 - Intel Corporation)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Junk Mail filter update (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
K_Series_ScreenSaver_EN (HKLM-x32\...\K_Series_ScreenSaver_EN) (Version:  - )
Konfigurator Eumex 400 (HKLM-x32\...\Konfigurator Eumex 400) (Version:  - )
Lexmark 7300 Series (HKLM\...\Lexmark 7300 Series) (Version:  - )
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 36.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 36.0 (x86 de)) (Version: 36.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 36.0 - Mozilla)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
MyFreeCodec (HKU\S-1-5-21-774983500-107182102-3582295664-1000\...\MyFreeCodec) (Version:  - )
Nitro Reader 3 (HKLM\...\{4756C731-B54E-451A-9AF1-86E8AB1BEBBB}) (Version: 3.5.6.5 - Nitro)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.5.0 - Frank Heindörfer, Philip Chinery)
Rechnungsvorlage V2.30  (ab Excel 2000) V2.30  (HKLM-x32\...\Rechnungsvorlage V2.30  (ab Excel 2000)) (Version: V2.30 - EuEx©  Eugen Brisch)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.3.3.12085_7 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.3.3.12085_7 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14083.17 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.14083.17 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Studie zur Verbesserung von HP Officejet Pro 8600 Produkten (HKLM\...\{4DF1691E-8012-4E7C-89CF-3F7B9146DA6E}) (Version: 25.0.619.0 - Hewlett-Packard Co.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.1.7.18 - Synaptics Incorporated)
syncables desktop SE (HKLM-x32\...\{BBED4F90-7AE5-40BF-AFB7-1B495692F4AB}) (Version: 5.5.615.9518 - syncables)
USB2.0 UVC VGA WebCam (HKLM\...\USB2.0 UVC VGA WebCam) (Version: 5.8.55133.208 - Sonix)
VLC media player 1.1.7 (HKLM-x32\...\VLC media player) (Version: 1.1.7 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{8C1E2925-14F8-45AA-B999-1E2A74BF5607}) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.29.0 - ASUS)
Wireless Console 3 (HKLM-x32\...\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}) (Version: 3.0.15 - ASUS)
Yahoo! Detect (HKLM-x32\...\YTdetect) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

02-03-2015 22:08:08 Windows Update
02-03-2015 23:07:04 Avira System Speedup 1.6
04-03-2015 09:08:15 Installed Microsoft Fix it 50362
04-03-2015 09:10:43 Windows Update
07-03-2015 10:12:55 Revo Uninstaller's restore point - Search App by Ask
07-03-2015 10:16:27 Revo Uninstaller's restore point - Search App by Ask

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2015-03-07 10:45 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {03E7FBCC-F8AA-4BB1-80F5-3D63C6AB4E07} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe [2007-11-30] ()
Task: {1082EA69-86E6-4888-8A89-1C0D21E405DD} - System32\Tasks\AviraSpeedup => C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup_ultimateprotectionsuite.exe [2015-01-30] (Avira Operations GmbH & Co. KG)
Task: {116CC517-63D6-4945-A731-40F10340EABD} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {3017258D-18A0-45B5-9BE4-31CB642A7BDF} - System32\Tasks\{72C5D31F-F8B3-4C41-A127-E6696DA96487} => pcalua.exe -a E:\Setup.exe -d E:\
Task: {310911A8-2141-4D2D-B122-924CEC1928D8} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-774983500-107182102-3582295664-1000UA => C:\Users\Schnagendorff\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
Task: {34143E3E-6588-47B7-8A76-DB9592B14039} - System32\Tasks\ASUSControlDeck => C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe [2009-11-24] ()
Task: {3C367ADD-9927-4939-91FF-C8FBE83DC866} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2009-07-23] (ATK)
Task: {4B9CED8F-A97F-45A4-8FBD-4104E647A9C4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {56D05305-8669-4A1C-859F-62C80EBB4A61} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2009-12-24] (ATK)
Task: {63557B4C-28C1-408D-ADCF-E2AAE5165F82} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => C:\PROGRA~2\AD-AWA~1\AdAwareLauncher.exe
Task: {6628963D-8A47-4A8A-BCFE-26A99C89061B} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2009-05-18] (ASUS)
Task: {87B011FD-C825-4E5B-9BDD-D48F08C16D1E} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2011-09-09] (Hewlett-Packard Co.)
Task: {8810ECCD-3BF8-4667-99D5-837126FE6B21} - System32\Tasks\WC3 => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2010-01-05] ()
Task: {9F026004-897E-45EF-991E-8423737BDCAB} - System32\Tasks\Games\UpdateCheck_S-1-5-21-774983500-107182102-3582295664-1000
Task: {C5CCF2C3-878A-465C-9E17-55CCAD012CF2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-04] (Adobe Systems Incorporated)
Task: {D2C2E0C0-42E4-449B-A73F-65D697470C0A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {D8F13839-3313-4179-8B76-94536B433BB8} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-774983500-107182102-3582295664-1000Core => C:\Users\Schnagendorff\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
Task: {F1DB0D40-145A-44CD-8109-68A27C9BD307} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-774983500-107182102-3582295664-1000Core.job => C:\Users\Schnagendorff\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-774983500-107182102-3582295664-1000UA.job => C:\Users\Schnagendorff\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2010-08-06 20:31 - 2007-11-30 19:20 - 00051768 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
2009-11-24 21:45 - 2009-11-24 21:45 - 00053888 _____ () C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
2010-03-16 02:48 - 2010-03-16 02:48 - 00148816 _____ () C:\Program Files (x86)\ASUS\ASUS WebStorage\EcaremeDLL.dll
2010-08-06 20:09 - 2010-08-06 20:09 - 00030032 _____ () C:\Windows\assembly\GAC_MSIL\SqliteShared\1.0.3726.20828__0d0f4b69e50e559b\SqliteShared.dll
2010-08-06 20:09 - 2010-08-06 20:09 - 00931840 _____ () C:\Windows\assembly\GAC_64\System.Data.SQLite\1.0.60.0__db937bc2d44ff139\System.Data.SQLite.dll
2008-10-01 07:02 - 2008-10-01 07:08 - 00011264 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2009-12-23 21:12 - 2009-12-23 21:12 - 00017920 _____ () C:\Program Files\P4G\DevMng.dll
2009-12-19 03:11 - 2009-12-19 03:11 - 00033280 _____ () C:\Program Files\P4G\OvrClk.dll
2010-01-05 01:43 - 2010-01-05 01:43 - 01597440 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
2008-10-23 18:21 - 2008-10-23 18:21 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-08-06 20:23 - 2010-08-06 20:23 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2009-11-02 22:20 - 2009-11-02 22:20 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2009-11-02 22:23 - 2009-11-02 22:23 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2015-02-20 09:18 - 2015-02-17 23:44 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\libglesv2.dll
2015-02-20 09:18 - 2015-02-17 23:44 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\libegl.dll
2015-02-20 09:18 - 2015-02-17 23:44 - 09171272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\pdf.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-774983500-107182102-3582295664-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Schnagendorff\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: Media is not connected to internet.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: ApnUpdater => "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe
MSCONFIG\startupreg: Boingo Wi-Fi => "C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk"
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: KiesAirMessage => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
MSCONFIG\startupreg: KiesPDLR => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MSCONFIG\startupreg: KiesPreload => C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: SearchProtection => C:\ProgramData\Search Protection\_run.bat
MSCONFIG\startupreg: Sweetpacks Communicator => C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe

==================== Accounts: =============================

Administrator (S-1-5-21-774983500-107182102-3582295664-500 - Administrator - Disabled)
Gast (S-1-5-21-774983500-107182102-3582295664-501 - Limited - Disabled)
Schnagendorff (S-1-5-21-774983500-107182102-3582295664-1000 - Administrator - Enabled) => C:\Users\Schnagendorff

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/10/2015 10:23:18 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (03/10/2015 08:30:19 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (03/10/2015 08:30:15 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (03/10/2015 08:27:13 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.


System errors:
=============
Error: (03/10/2015 09:55:36 AM) (Source: ACPI) (EventID: 10) (User: )
Description: ACPI: ACPI-BIOS versucht, in einen ungültigen PCI-Operationsbereich (0x4) zu schreiben. Wenden Sie sich an den Systemhersteller, um technische Unterstützung zu erhalten.

Error: (03/10/2015 09:55:36 AM) (Source: ACPI) (EventID: 10) (User: )
Description: ACPI: ACPI-BIOS versucht, in einen ungültigen PCI-Operationsbereich (0x4) zu schreiben. Wenden Sie sich an den Systemhersteller, um technische Unterstützung zu erhalten.

Error: (03/10/2015 09:38:17 AM) (Source: ACPI) (EventID: 10) (User: )
Description: ACPI: ACPI-BIOS versucht, in einen ungültigen PCI-Operationsbereich (0x4) zu schreiben. Wenden Sie sich an den Systemhersteller, um technische Unterstützung zu erhalten.

Error: (03/10/2015 09:38:17 AM) (Source: ACPI) (EventID: 10) (User: )
Description: ACPI: ACPI-BIOS versucht, in einen ungültigen PCI-Operationsbereich (0x4) zu schreiben. Wenden Sie sich an den Systemhersteller, um technische Unterstützung zu erhalten.

Error: (03/10/2015 08:22:22 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Der Dienst "Net.Tcp-Listeneradapter" ist von folgendem Dienst abhängig: was. Dieser Dienst ist eventuell nicht installiert.

Error: (03/10/2015 08:22:22 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Der Dienst "Net.Pipe-Listeneradapter" ist von folgendem Dienst abhängig: was. Dieser Dienst ist eventuell nicht installiert.

Error: (03/10/2015 08:22:22 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Der Dienst "Net.Msmq-Listeneradapter" ist von folgendem Dienst abhängig: msmq. Dieser Dienst ist eventuell nicht installiert.

Error: (03/10/2015 08:19:47 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (03/10/2015 01:46:53 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (03/08/2015 09:44:35 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}


Microsoft Office Sessions:
=========================
Error: (03/10/2015 10:23:18 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (03/10/2015 08:30:19 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Schnagendorff\Desktop\esetsmartinstaller_deu.exe

Error: (03/10/2015 08:30:15 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Schnagendorff\Desktop\esetsmartinstaller_deu.exe

Error: (03/10/2015 08:27:13 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Schnagendorff\Desktop\esetsmartinstaller_deu.exe


CodeIntegrity Errors:
===================================
  Date: 2015-03-07 12:29:22.876
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-03-07 12:29:22.763
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-03-07 12:29:22.648
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-03-07 12:29:22.525
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-03-07 10:45:04.644
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-03-07 10:45:04.520
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-04-14 08:52:30.909
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-04-14 08:52:30.744
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-04-14 08:52:27.560
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-04-14 08:52:27.341
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3 CPU M 350 @ 2.27GHz
Percentage of memory in use: 49%
Total physical RAM: 3948.54 MB
Available physical RAM: 1978.91 MB
Total Pagefile: 7895.27 MB
Available Pagefile: 5214.45 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:116.44 GB) (Free:42.75 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (DATA) (Fixed) (Total:329.79 GB) (Free:329.67 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: E0C5913D)
Partition 1: (Not Active) - (Size=19.5 GB) - (Type=1C)
Partition 2: (Active) - (Size=116.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=329.8 GB) - (Type=OF Extended)

==================== End Of Log ============================
Und jetzt der Check mit Firefox........ 90% der aufploppenden Fenster sind weg - eines der nervigsten ist aber noch da. Ich habe einen GMX Account und dieses Fenster macht sich genau über die Anmeldefenster wo man Benutzername und Passwort eingibt auf. Wenn ich schnell genug bin kann ich ganz schnell alles eingeben - aber nerven tut es
:-( Aber alle Fenster die ringsherum aufgingen sind schon mal weg :-)

schrauber 10.03.2015 19:49
Java updaten.

Revo Uninstaller - Download - Filepony
damit Firefox deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren.

Dann:
https://support.mozilla.org/de/kb/fi...einfach-loesen




Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
C:\Users\Schnagendorff\Downloads\7Zip920DE.exe

C:\Users\Schnagendorff\Downloads\FreeYouTubeToMP3Converter37.exe

C:\Users\Schnagendorff\Downloads\PDFCreator-1_7_2_setup_offline.exe

C:\Users\Schnagendorff\Downloads\PDFCreator-2_0_0-setup.exe

C:\Users\Schnagendorff\Downloads\supereasy_driver_updater_1.1.1_7870.exe

C:\Windows\AppPatch\AppPatch64\VCLdr64.dll
HKU\S-1-5-18\...\RunOnce: [Del1054220420] => cmd.exe /Q /D /c del "C:\Windows\TEMP\0.del" <===== ATTENTION
HKU\S-1-5-18\...\RunOnce: [Del14217494] => cmd.exe /Q /D /c del "C:\Windows\TEMP\0.del" <===== ATTENTION
HKU\S-1-5-18\...\RunOnce: [Del196020638] => cmd.exe /Q /D /c del "C:\Windows\TEMP\0.del" <===== ATTENTION
HKU\S-1-5-18\...\RunOnce: [Del11550189] => cmd.exe /Q /D /c del "C:\Windows\TEMP\0.del" <===== ATTENTION
HKU\S-1-5-18\...\RunOnce: [Del100880838] => cmd.exe /Q /D /c del "C:\Windows\TEMP\0.del" <===== ATTENTION
HKU\S-1-5-18\...\RunOnce: [Del286916508] => cmd.exe /Q /D /c del "C:\Windows\TEMP\0.del" <===== ATTENTION
HKU\S-1-5-18\...\RunOnce: [Del357147612] => cmd.exe /Q /D /c del "C:\Windows\TEMP\0.del" <===== ATTENTION
HKU\S-1-5-18\...\RunOnce: [Del467723976] => cmd.exe /Q /D /c del "C:\Windows\TEMP\0.del" <===== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
RemoveProxy:
Emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.





Frisches FRST log bitte.

Schnagi 11.03.2015 09:25
oops - ich hatte die gleichen Logs nochmal gepostet - gibt gleich die neuen. Sorry.

Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-03-2015 03
Ran by Schnagendorff at 2015-03-11 09:06:57 Run:1
Running from C:\Users\Schnagendorff\Desktop
Loaded Profiles: Schnagendorff (Available profiles: Schnagendorff)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\Users\Schnagendorff\Downloads\7Zip920DE.exe

C:\Users\Schnagendorff\Downloads\FreeYouTubeToMP3Converter37.exe

C:\Users\Schnagendorff\Downloads\PDFCreator-1_7_2_setup_offline.exe

C:\Users\Schnagendorff\Downloads\PDFCreator-2_0_0-setup.exe

C:\Users\Schnagendorff\Downloads\supereasy_driver_updater_1.1.1_7870.exe

C:\Windows\AppPatch\AppPatch64\VCLdr64.dll
HKU\S-1-5-18\...\RunOnce: [Del1054220420] => cmd.exe /Q /D /c del "C:\Windows\TEMP\0.del" <===== ATTENTION
HKU\S-1-5-18\...\RunOnce: [Del14217494] => cmd.exe /Q /D /c del "C:\Windows\TEMP\0.del" <===== ATTENTION
HKU\S-1-5-18\...\RunOnce: [Del196020638] => cmd.exe /Q /D /c del "C:\Windows\TEMP\0.del" <===== ATTENTION
HKU\S-1-5-18\...\RunOnce: [Del11550189] => cmd.exe /Q /D /c del "C:\Windows\TEMP\0.del" <===== ATTENTION
HKU\S-1-5-18\...\RunOnce: [Del100880838] => cmd.exe /Q /D /c del "C:\Windows\TEMP\0.del" <===== ATTENTION
HKU\S-1-5-18\...\RunOnce: [Del286916508] => cmd.exe /Q /D /c del "C:\Windows\TEMP\0.del" <===== ATTENTION
HKU\S-1-5-18\...\RunOnce: [Del357147612] => cmd.exe /Q /D /c del "C:\Windows\TEMP\0.del" <===== ATTENTION
HKU\S-1-5-18\...\RunOnce: [Del467723976] => cmd.exe /Q /D /c del "C:\Windows\TEMP\0.del" <===== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
RemoveProxy:
Emptytemp:
       
*****************

"C:\Users\Schnagendorff\Downloads\7Zip920DE.exe" => File/Directory not found.
"C:\Users\Schnagendorff\Downloads\FreeYouTubeToMP3Converter37.exe" => File/Directory not found.
"C:\Users\Schnagendorff\Downloads\PDFCreator-1_7_2_setup_offline.exe" => File/Directory not found.
"C:\Users\Schnagendorff\Downloads\PDFCreator-2_0_0-setup.exe" => File/Directory not found.
"C:\Users\Schnagendorff\Downloads\supereasy_driver_updater_1.1.1_7870.exe" => File/Directory not found.
"C:\Windows\AppPatch\AppPatch64\VCLdr64.dll" => File/Directory not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Del1054220420 => value deleted successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Del14217494 => value deleted successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Del196020638 => value deleted successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Del11550189 => value deleted successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Del100880838 => value deleted successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Del286916508 => value deleted successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Del357147612 => value deleted successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Del467723976 => value deleted successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.

========= RemoveProxy: =========

"HKU\S-1-5-21-774983500-107182102-3582295664-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value not found.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value not found.
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value not found.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value not found.
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value not found.
HKU\S-1-5-21-774983500-107182102-3582295664-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value not found.
HKU\S-1-5-21-774983500-107182102-3582295664-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.
HKU\S-1-5-21-774983500-107182102-3582295664-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.


========= End of RemoveProxy: =========

EmptyTemp: => Removed 767 MB temporary data.


The system needed a reboot.

==== End of Fixlog 09:07:14 ====
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-03-2015 03
Ran by Schnagendorff at 2015-03-11 09:20:35
Running from C:\Users\Schnagendorff\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{F4BF5F6B-F695-4762-AEB2-D095A4C34D89}) (Version: 1.5.17.25482 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.5.17.25482 - Alcor Micro Corp.) Hidden
Antivirus Pro (HKLM-x32\...\Avira AntiVir Desktop) (Version: 15.0.8.644 - Avira)
ASUS AI Recovery (HKLM-x32\...\{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}) (Version: 1.0.8 - ASUS)
ASUS AP Bank (HKLM-x32\...\ASUS AP Bank_is1) (Version: 1.0.0.0 - ASUSTEK)
ASUS FancyStart (HKLM-x32\...\{2B81872B-A054-48DA-BE3B-FA5C164C303A}) (Version: 1.0.8 - ASUSTeK Computer Inc.)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.20 - ASUS)
ASUS Live Update (HKLM-x32\...\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}) (Version: 2.5.9 - ASUS)
ASUS MultiFrame (HKLM-x32\...\{9D48531D-2135-49FC-BC29-ACCDA5396A76}) (Version: 1.0.0019 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{91EFE3A1-585E-4F66-B5F6-F118F56C4C47}) (Version: 1.1.27 - ASUS)
ASUS SmartLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0007 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0028 - ASUS)
ASUS USB2.0 UVC VGA WebCam (HKLM\...\ASUS USB2.0 UVC VGA WebCam) (Version: 5.8.53120.202 - Sonix)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.19 - asus)
ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 2.0.46.1429 - eCareme Technologies, Inc.)
ATI Catalyst Install Manager (HKLM\...\{80AB4395-42E3-D0B3-A310-6F0A6BD9709B}) (Version: 3.0.750.0 - ATI Technologies, Inc.)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0001 - ASUS)
Avira (HKLM-x32\...\{d9ed6dcf-6bfc-4fbb-802e-81dd5b767d6e}) (Version: 1.1.32.25147 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.32.25147 - Avira Operations & Co. KG) Hidden
Avira System Speedup 1.6 (HKLM-x32\...\Avira System Speedup_is1) (Version: 1.6 - 2000 - 2015 Avira Operations GmbH & Co. KG)
Boingo Wi-Fi (HKLM-x32\...\{B653A2EC-D816-4498-A4FD-651047AB9DC9}) (Version: 1.7.0048 - Boingo Wireless, Inc.)
Canon Inkjet Printer Driver Add-On Module (HKLM\...\CANONIJINBOXADDON100) (Version:  - )
ccc-core-static (x32 Version: 2009.1111.1543.28169 - ATI) Hidden
CD-LabelPrint (HKLM-x32\...\MediaNavigation.CDLabelPrint) (Version:  - )
Choice Guard (x32 Version: 1.2.87.0 - Microsoft Corporation) Hidden
Citrix Online Launcher (HKLM-x32\...\{AFB80939-4486-49D8-A04E-2B05C0F2DE39}) (Version: 1.0.252 - Citrix)
ControlDeck (HKLM-x32\...\{5B65EF64-1DFA-414A-8C94-7BB726158E21}) (Version: 1.0.5 - ASUS)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1908 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3602c - CyberLink Corp.)
Der Kleine Turnierplaner 6.7.3.1a (HKLM-x32\...\Der_Deploy_0) (Version: 6.7.3.1a - Der Kleine Turnierplaner)
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
ETDWare PS/2-x64 7.0.5.9_WHQL (HKLM\...\Elantech) (Version:  - )
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.5 - ASUS)
Game Park Console (HKLM-x32\...\{C9991C9B-0783-452E-8954-AB93E2AB3B80}_is1) (Version: 6.2.0.2 - Oberon Media, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version:  - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet Pro 8600 - Grundlegende Software für das Gerät (HKLM\...\{1241CE77-0B65-40A0-B893-02EA49E35332}) (Version: 25.0.619.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Hilfe (HKLM-x32\...\{B6F5C6D8-C443-4B55-932F-AE11B5743FC4}) (Version: 140.0.2.2 - Hewlett Packard)
HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.001 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6259.0 - IDT)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.2.50.1050 - Intel Corporation)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Junk Mail filter update (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
K_Series_ScreenSaver_EN (HKLM-x32\...\K_Series_ScreenSaver_EN) (Version:  - )
Konfigurator Eumex 400 (HKLM-x32\...\Konfigurator Eumex 400) (Version:  - )
Lexmark 7300 Series (HKLM\...\Lexmark 7300 Series) (Version:  - )
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 36.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 36.0.1 (x86 de)) (Version: 36.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 36.0.1 - Mozilla)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
MyFreeCodec (HKU\S-1-5-21-774983500-107182102-3582295664-1000\...\MyFreeCodec) (Version:  - )
Nitro Reader 3 (HKLM\...\{4756C731-B54E-451A-9AF1-86E8AB1BEBBB}) (Version: 3.5.6.5 - Nitro)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.5.0 - Frank Heindörfer, Philip Chinery)
Rechnungsvorlage V2.30  (ab Excel 2000) V2.30  (HKLM-x32\...\Rechnungsvorlage V2.30  (ab Excel 2000)) (Version: V2.30 - EuEx©  Eugen Brisch)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.3.3.12085_7 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.3.3.12085_7 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14083.17 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.14083.17 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Studie zur Verbesserung von HP Officejet Pro 8600 Produkten (HKLM\...\{4DF1691E-8012-4E7C-89CF-3F7B9146DA6E}) (Version: 25.0.619.0 - Hewlett-Packard Co.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.1.7.18 - Synaptics Incorporated)
syncables desktop SE (HKLM-x32\...\{BBED4F90-7AE5-40BF-AFB7-1B495692F4AB}) (Version: 5.5.615.9518 - syncables)
USB2.0 UVC VGA WebCam (HKLM\...\USB2.0 UVC VGA WebCam) (Version: 5.8.55133.208 - Sonix)
VLC media player 1.1.7 (HKLM-x32\...\VLC media player) (Version: 1.1.7 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{8C1E2925-14F8-45AA-B999-1E2A74BF5607}) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.29.0 - ASUS)
Wireless Console 3 (HKLM-x32\...\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}) (Version: 3.0.15 - ASUS)
Yahoo! Detect (HKLM-x32\...\YTdetect) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

04-03-2015 09:08:15 Installed Microsoft Fix it 50362
04-03-2015 09:10:43 Windows Update
07-03-2015 10:12:55 Revo Uninstaller's restore point - Search App by Ask
07-03-2015 10:16:27 Revo Uninstaller's restore point - Search App by Ask
11-03-2015 08:50:56 Revo Uninstaller's restore point - Mozilla Firefox 36.0 (x86 de)

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2015-03-07 10:45 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {03E7FBCC-F8AA-4BB1-80F5-3D63C6AB4E07} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe [2007-11-30] ()
Task: {1082EA69-86E6-4888-8A89-1C0D21E405DD} - System32\Tasks\AviraSpeedup => C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup_ultimateprotectionsuite.exe [2015-01-30] (Avira Operations GmbH & Co. KG)
Task: {116CC517-63D6-4945-A731-40F10340EABD} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {3017258D-18A0-45B5-9BE4-31CB642A7BDF} - System32\Tasks\{72C5D31F-F8B3-4C41-A127-E6696DA96487} => pcalua.exe -a E:\Setup.exe -d E:\
Task: {310911A8-2141-4D2D-B122-924CEC1928D8} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-774983500-107182102-3582295664-1000UA => C:\Users\Schnagendorff\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
Task: {34143E3E-6588-47B7-8A76-DB9592B14039} - System32\Tasks\ASUSControlDeck => C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe [2009-11-24] ()
Task: {3C367ADD-9927-4939-91FF-C8FBE83DC866} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2009-07-23] (ATK)
Task: {4B9CED8F-A97F-45A4-8FBD-4104E647A9C4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {56D05305-8669-4A1C-859F-62C80EBB4A61} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2009-12-24] (ATK)
Task: {63557B4C-28C1-408D-ADCF-E2AAE5165F82} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => C:\PROGRA~2\AD-AWA~1\AdAwareLauncher.exe
Task: {6628963D-8A47-4A8A-BCFE-26A99C89061B} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2009-05-18] (ASUS)
Task: {87B011FD-C825-4E5B-9BDD-D48F08C16D1E} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2011-09-09] (Hewlett-Packard Co.)
Task: {8810ECCD-3BF8-4667-99D5-837126FE6B21} - System32\Tasks\WC3 => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2010-01-05] ()
Task: {9F026004-897E-45EF-991E-8423737BDCAB} - System32\Tasks\Games\UpdateCheck_S-1-5-21-774983500-107182102-3582295664-1000
Task: {C5CCF2C3-878A-465C-9E17-55CCAD012CF2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-04] (Adobe Systems Incorporated)
Task: {D2C2E0C0-42E4-449B-A73F-65D697470C0A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {D8F13839-3313-4179-8B76-94536B433BB8} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-774983500-107182102-3582295664-1000Core => C:\Users\Schnagendorff\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
Task: {F1DB0D40-145A-44CD-8109-68A27C9BD307} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-774983500-107182102-3582295664-1000Core.job => C:\Users\Schnagendorff\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-774983500-107182102-3582295664-1000UA.job => C:\Users\Schnagendorff\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2010-08-06 20:31 - 2007-11-30 19:20 - 00051768 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
2009-11-24 21:45 - 2009-11-24 21:45 - 00053888 _____ () C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
2008-10-01 07:02 - 2008-10-01 07:08 - 00011264 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2009-12-23 21:12 - 2009-12-23 21:12 - 00017920 _____ () C:\Program Files\P4G\DevMng.dll
2009-12-19 03:11 - 2009-12-19 03:11 - 00033280 _____ () C:\Program Files\P4G\OvrClk.dll
2010-01-05 01:43 - 2010-01-05 01:43 - 01597440 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
2008-10-23 18:21 - 2008-10-23 18:21 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-08-06 20:23 - 2010-08-06 20:23 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2015-03-11 09:10 - 2015-03-11 09:17 - 177491672 _____ () C:\ProgramData\Avira\My Avira\Temp\avira_antivirus_pro_de.exe
2009-11-02 22:20 - 2009-11-02 22:20 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2009-11-02 22:23 - 2009-11-02 22:23 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2015-02-20 09:18 - 2015-02-17 23:44 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\libglesv2.dll
2015-02-20 09:18 - 2015-02-17 23:44 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\libegl.dll
2015-02-20 09:18 - 2015-02-17 23:44 - 09171272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\pdf.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-774983500-107182102-3582295664-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Schnagendorff\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: ApnUpdater => "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe
MSCONFIG\startupreg: Boingo Wi-Fi => "C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk"
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: KiesAirMessage => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
MSCONFIG\startupreg: KiesPDLR => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MSCONFIG\startupreg: KiesPreload => C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: SearchProtection => C:\ProgramData\Search Protection\_run.bat
MSCONFIG\startupreg: Sweetpacks Communicator => C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe

==================== Accounts: =============================

Administrator (S-1-5-21-774983500-107182102-3582295664-500 - Administrator - Disabled)
Gast (S-1-5-21-774983500-107182102-3582295664-501 - Limited - Disabled)
Schnagendorff (S-1-5-21-774983500-107182102-3582295664-1000 - Administrator - Enabled) => C:\Users\Schnagendorff

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/10/2015 10:23:18 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (03/10/2015 08:30:19 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (03/10/2015 08:30:15 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (03/10/2015 08:27:13 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.


System errors:
=============
Error: (03/11/2015 09:09:17 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Der Dienst "Net.Tcp-Listeneradapter" ist von folgendem Dienst abhängig: was. Dieser Dienst ist eventuell nicht installiert.

Error: (03/11/2015 09:09:17 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Der Dienst "Net.Pipe-Listeneradapter" ist von folgendem Dienst abhängig: was. Dieser Dienst ist eventuell nicht installiert.

Error: (03/11/2015 09:09:17 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Der Dienst "Net.Msmq-Listeneradapter" ist von folgendem Dienst abhängig: msmq. Dieser Dienst ist eventuell nicht installiert.

Error: (03/10/2015 09:55:36 AM) (Source: ACPI) (EventID: 10) (User: )
Description: ACPI: ACPI-BIOS versucht, in einen ungültigen PCI-Operationsbereich (0x4) zu schreiben. Wenden Sie sich an den Systemhersteller, um technische Unterstützung zu erhalten.

Error: (03/10/2015 09:55:36 AM) (Source: ACPI) (EventID: 10) (User: )
Description: ACPI: ACPI-BIOS versucht, in einen ungültigen PCI-Operationsbereich (0x4) zu schreiben. Wenden Sie sich an den Systemhersteller, um technische Unterstützung zu erhalten.

Error: (03/10/2015 09:38:17 AM) (Source: ACPI) (EventID: 10) (User: )
Description: ACPI: ACPI-BIOS versucht, in einen ungültigen PCI-Operationsbereich (0x4) zu schreiben. Wenden Sie sich an den Systemhersteller, um technische Unterstützung zu erhalten.

Error: (03/10/2015 09:38:17 AM) (Source: ACPI) (EventID: 10) (User: )
Description: ACPI: ACPI-BIOS versucht, in einen ungültigen PCI-Operationsbereich (0x4) zu schreiben. Wenden Sie sich an den Systemhersteller, um technische Unterstützung zu erhalten.

Error: (03/10/2015 08:22:22 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Der Dienst "Net.Tcp-Listeneradapter" ist von folgendem Dienst abhängig: was. Dieser Dienst ist eventuell nicht installiert.

Error: (03/10/2015 08:22:22 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Der Dienst "Net.Pipe-Listeneradapter" ist von folgendem Dienst abhängig: was. Dieser Dienst ist eventuell nicht installiert.

Error: (03/10/2015 08:22:22 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Der Dienst "Net.Msmq-Listeneradapter" ist von folgendem Dienst abhängig: msmq. Dieser Dienst ist eventuell nicht installiert.


Microsoft Office Sessions:
=========================
Error: (03/10/2015 10:23:18 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (03/10/2015 08:30:19 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Schnagendorff\Desktop\esetsmartinstaller_deu.exe

Error: (03/10/2015 08:30:15 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Schnagendorff\Desktop\esetsmartinstaller_deu.exe

Error: (03/10/2015 08:27:13 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Schnagendorff\Desktop\esetsmartinstaller_deu.exe


CodeIntegrity Errors:
===================================
  Date: 2015-03-07 12:29:22.876
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-03-07 12:29:22.763
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-03-07 12:29:22.648
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-03-07 12:29:22.525
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-03-07 10:45:04.644
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-03-07 10:45:04.520
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-04-14 08:52:30.909
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-04-14 08:52:30.744
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-04-14 08:52:27.560
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-04-14 08:52:27.341
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3 CPU M 350 @ 2.27GHz
Percentage of memory in use: 70%
Total physical RAM: 3948.54 MB
Available physical RAM: 1172.21 MB
Total Pagefile: 7895.27 MB
Available Pagefile: 4799.55 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:116.44 GB) (Free:45.11 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (DATA) (Fixed) (Total:329.79 GB) (Free:329.67 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: E0C5913D)
Partition 1: (Not Active) - (Size=19.5 GB) - (Type=1C)
Partition 2: (Active) - (Size=116.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=329.8 GB) - (Type=OF Extended)

==================== End Of Log ============================

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-03-2015 03
Ran by Schnagendorff (administrator) on SCHNAGENDORFF01 on 11-03-2015 09:14:47
Running from C:\Users\Schnagendorff\Desktop
Loaded Profiles: Schnagendorff (Available profiles: Schnagendorff)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_38986e29a8b510a2\stacsv64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
() C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
() C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
(ATK) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ATK) C:\Program Files\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(ASUS) C:\Windows\AsScrPro.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup_ultimateprotectionsuite.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(AlcorMicro Co., Ltd.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Sonix Technology Co., Ltd.) C:\Windows\vsnp2uvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\perfhost.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\ProgramData\Avira\My Avira\Temp\avira_antivirus_pro_de.exe
(Avira Operations GmbH & Co. KG) C:\Windows\temp\RarSFX0\presetup.exe
(Avira Operations GmbH & Co. KG) C:\Windows\temp\RarSFX0\setup.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\update.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [621440 2009-09-30] (ELAN Microelectronic Corp.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2009-11-27] (IDT, Inc.)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323584 2009-09-01] (AlcorMicro Co., Ltd.)
HKLM\...\Run: [snp2uvc] => C:\Windows\vsnp2uvc.exe [909824 2010-01-21] (Sonix Technology Co., Ltd.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2818800 2014-08-25] (Synaptics Incorporated)
HKLM-x32\...\Run: [UpdateLBPShortCut] => C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-11-11] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [6998656 2009-10-27] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [127792 2015-02-12] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [111928 2013-05-03] (Intel Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [704248 2015-03-05] (Avira Operations GmbH & Co. KG)
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\service\AsusWSShellExt64.dll (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\service\AsusWSShellExt64.dll (eCareme Technologies, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-774983500-107182102-3582295664-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/?pc=COSP&ptag=D022115-A6B219395BABB4E59ADF&form=CONMHP&conlogo=CT3332005
HKU\S-1-5-21-774983500-107182102-3582295664-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-774983500-107182102-3582295664-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
SearchScopes: HKU\S-1-5-21-774983500-107182102-3582295664-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: Windows Live Family Safety Browser Helper Class -> {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} -> C:\Program Files\Windows Live\Family Safety\fssbho.dll [2008-12-08] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2010-08-06] (Google Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll [2010-08-06] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-04] (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2010-08-06] (Google Inc.)
BHO-x32: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll [2010-08-06] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Google Dictionary Compression sdch -> {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} -> C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2010-08-06] (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-04] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2010-08-06] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2010-08-06] (Google Inc.)
Toolbar: HKU\S-1-5-21-774983500-107182102-3582295664-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Schnagendorff\AppData\Roaming\Mozilla\Firefox\Profiles\fmfkh8ka.default-1426061020058
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-04] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-04] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-04] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-04] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8051.1204 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2008-12-04] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll [2013-07-26] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-774983500-107182102-3582295664-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Schnagendorff\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-01-21] (Citrix Online)
FF Plugin HKU\S-1-5-21-774983500-107182102-3582295664-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Schnagendorff\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)

Chrome:
=======
CHR DefaultSuggestURL: Default -> hxxp://ssmsp.ask.com/query?sstype=prefix&li=ff&q={searchTerms}
CHR Profile: C:\Users\Schnagendorff\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Schnagendorff\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-09]
CHR Extension: (Avira Browser Safety) - C:\Users\Schnagendorff\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-03-02]
CHR Extension: (Google Wallet) - C:\Users\Schnagendorff\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-09]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [806192 2015-03-05] (Avira Operations GmbH & Co. KG)
S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2015-03-05] (Avira Operations GmbH & Co. KG)
U2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2015-03-05] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [992048 2015-03-05] (Avira Operations GmbH & Co. KG)
S2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [184056 2015-02-12] (Avira Operations GmbH & Co. KG)
S3 lxci_device; C:\Windows\system32\lxcicoms.exe [452608 2006-05-15] ( )
S3 lxci_device; C:\Windows\SysWOW64\lxcicoms.exe [537520 2007-02-01] ( )
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S4 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-07-26] (Nitro PDF Software)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_38986e29a8b510a2\STacSV64.exe [243712 2009-11-27] (IDT, Inc.)
S4 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [191728 2014-08-25] (Synaptics Incorporated)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-03-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-03-05] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-11-24] (Avira Operations GmbH & Co. KG)
S3 AVMCOWAN; C:\Windows\System32\DRIVERS\AVMCOWAN.sys [105472 2006-12-08] (AVM GmbH) [File not signed]
S2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-03-05] (Avira Operations GmbH & Co. KG)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-03-20] () [File not signed]
S3 fxusbase; C:\Windows\System32\DRIVERS\fxusbase.sys [706560 2006-12-08] (AVM Berlin) [File not signed]
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-03-09] (GFI Software)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-03-11] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
S3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [31472 2014-08-25] (Synaptics Incorporated)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1800832 2010-09-07] (Sonix Technology Co., Ltd.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
U3 tmlwf; No ImagePath
U3 tmwfp; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-11 09:14 - 2015-03-11 09:17 - 00018948 _____ () C:\Users\Schnagendorff\Desktop\FRST.txt
2015-03-11 09:03 - 2015-03-11 09:03 - 00000000 ____D () C:\Users\Schnagendorff\Desktop\Alte Firefox-Daten
2015-03-11 08:59 - 2015-03-11 08:59 - 00001121 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-03-11 08:59 - 2015-03-11 08:59 - 00001109 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-03-11 08:59 - 2015-03-11 08:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-11 08:59 - 2015-03-11 08:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-11 08:58 - 2015-03-11 08:58 - 00243528 _____ () C:\Users\Schnagendorff\Desktop\Firefox Setup Stub 36.0.1.exe
2015-03-11 08:46 - 2015-03-11 08:47 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Schnagendorff\Desktop\revosetup95.exe
2015-03-10 10:27 - 2015-03-10 10:27 - 00852604 _____ () C:\Users\Schnagendorff\Desktop\SecurityCheck.exe
2015-03-10 10:22 - 2015-03-10 10:22 - 00000000 __SHD () C:\Users\Schnagendorff\AppData\Local\EmieBrowserModeList
2015-03-10 08:27 - 2015-03-10 08:27 - 02347384 _____ (ESET) C:\Users\Schnagendorff\Desktop\esetsmartinstaller_deu.exe
2015-03-08 20:27 - 2015-03-08 20:27 - 01388333 _____ (Thisisu) C:\Users\Schnagendorff\Desktop\JRT.exe
2015-03-08 20:18 - 2015-03-08 20:23 - 00000000 ____D () C:\AdwCleaner
2015-03-08 20:18 - 2015-03-08 20:18 - 02126848 _____ () C:\Users\Schnagendorff\Desktop\AdwCleaner_4.111.exe
2015-03-08 20:13 - 2015-03-11 08:47 - 00000000 ____D () C:\Users\Schnagendorff\Desktop\Trojaner Board
2015-03-08 19:45 - 2015-03-11 09:12 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-08 19:45 - 2015-03-08 19:45 - 00001064 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-03-08 19:45 - 2015-03-08 19:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-08 19:45 - 2015-03-08 19:45 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-08 19:45 - 2015-03-08 19:45 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-03-08 19:45 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-08 19:45 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-08 19:45 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-08 19:41 - 2015-03-08 19:41 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Schnagendorff\Desktop\mbam-setup-2.0.4.1028.exe
2015-03-07 13:42 - 2015-03-07 13:50 - 00000000 ____D () C:\ComboFix
2015-03-07 10:46 - 2015-03-11 09:08 - 00127950 _____ () C:\Windows\PFRO.log
2015-03-07 10:38 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-03-07 10:38 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-03-07 10:38 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-03-07 10:38 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-03-07 10:38 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-03-07 10:38 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-03-07 10:38 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-03-07 10:38 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-03-07 10:34 - 2015-03-07 10:34 - 05612482 ____R (Swearware) C:\Users\Schnagendorff\Desktop\ComboFix.exe
2015-03-07 10:22 - 2015-03-07 10:22 - 00000841 _____ () C:\Users\Schnagendorff\Desktop\Run Hunter Mode.lnk
2015-03-07 10:19 - 2015-03-07 10:24 - 00000000 ____D () C:\Qoobox
2015-03-07 10:18 - 2015-03-07 10:51 - 00000000 ____D () C:\Windows\erdnt
2015-03-07 10:10 - 2015-03-11 08:48 - 00000771 _____ () C:\Users\Schnagendorff\Desktop\Revo Uninstaller.lnk
2015-03-07 10:09 - 2015-03-07 10:09 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Schnagendorff\Downloads\revosetup95.exe
2015-03-06 12:36 - 2015-03-06 12:36 - 00007822 _____ () C:\Users\Schnagendorff\Downloads\Avira Ereignisse.txt
2015-03-06 11:44 - 2015-03-06 11:44 - 00380416 _____ () C:\Users\Schnagendorff\Desktop\Gmer-19357.exe
2015-03-06 11:40 - 2015-03-11 09:14 - 00000000 ____D () C:\FRST
2015-03-06 11:39 - 2015-03-08 20:37 - 02095104 _____ (Farbar) C:\Users\Schnagendorff\Desktop\FRST64.exe
2015-03-06 11:37 - 2015-03-06 11:37 - 00000000 _____ () C:\Users\Schnagendorff\defogger_reenable
2015-03-06 11:36 - 2015-03-06 11:36 - 00050477 _____ () C:\Users\Schnagendorff\Downloads\Defogger (1).exe
2015-03-06 11:34 - 2015-03-06 11:34 - 00050477 _____ () C:\Users\Schnagendorff\Desktop\Defogger.exe
2015-03-06 10:06 - 2015-03-06 10:13 - 00000000 ____D () C:\Users\Schnagendorff\Desktop\Global Well
2015-03-04 15:16 - 2015-03-11 09:09 - 00000616 _____ () C:\Windows\setupact.log
2015-03-04 15:16 - 2015-03-04 15:16 - 00000000 _____ () C:\Windows\setuperr.log
2015-03-04 09:07 - 2015-03-04 09:08 - 00652800 _____ () C:\Users\Schnagendorff\Downloads\MicrosoftFixit50362.msi
2015-03-04 09:06 - 2015-03-04 09:06 - 00000420 _____ () C:\DelFix.txt
2015-03-04 08:32 - 2015-03-04 08:32 - 00000000 ____D () C:\Windows\Sun
2015-03-04 08:30 - 2015-01-09 04:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-03-04 08:30 - 2015-01-09 04:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-03-04 08:30 - 2015-01-09 04:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-03-04 08:30 - 2015-01-09 03:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2015-03-04 08:25 - 2015-03-04 08:25 - 00561576 _____ (Oracle Corporation) C:\Users\Schnagendorff\Downloads\chromeinstall-8u40.exe
2015-03-02 23:45 - 2015-03-02 23:45 - 00243576 _____ () C:\Users\Schnagendorff\Downloads\Firefox Setup Stub 36.0.exe
2015-03-02 23:08 - 2015-03-04 08:57 - 00000000 ____D () C:\Users\Schnagendorff\AppData\Local\AviraSpeedup
2015-03-02 23:08 - 2015-03-02 23:08 - 00001283 _____ () C:\Users\Public\Desktop\Avira System Speedup.lnk
2015-03-02 23:08 - 2015-03-02 23:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AviraSpeedup
2015-03-02 23:06 - 2015-03-02 23:06 - 04568832 _____ (2000 - 2015 Avira Operations GmbH & Co. KG ) C:\Users\Schnagendorff\Downloads\avira_speedup_ultimateprotectionsuite.exe
2015-03-02 23:06 - 2015-03-02 23:06 - 00003368 _____ () C:\Windows\System32\Tasks\AviraSpeedup
2015-03-02 23:05 - 2015-03-02 23:05 - 00000000 ____D () C:\Users\Schnagendorff\AppData\Roaming\Avira
2015-03-02 23:04 - 2015-03-11 09:14 - 00001956 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2015-03-02 23:04 - 2015-03-05 12:17 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-03-02 23:04 - 2015-03-05 12:17 - 00128536 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-03-02 23:04 - 2015-03-05 12:17 - 00044088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-03-02 23:04 - 2014-11-24 10:23 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2015-03-02 23:00 - 2015-03-02 23:01 - 175605432 _____ () C:\Users\Schnagendorff\Downloads\avira_antivirus_pro_de.exe
2015-03-02 22:04 - 2015-03-02 22:04 - 04582672 _____ (Avira Operations & Co. KG) C:\Users\Schnagendorff\Downloads\avira_de_av_5881315009__ws.exe
2015-03-02 21:41 - 2015-03-02 21:41 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2015-03-02 21:39 - 2015-03-02 21:39 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
2015-03-02 21:39 - 2015-03-02 21:39 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01011.Wdf
2015-03-02 21:39 - 2015-03-02 21:39 - 00000000 ____D () C:\Program Files\Synaptics
2015-03-02 21:38 - 2014-08-25 17:22 - 00750320 _____ (Synaptics Incorporated) C:\Windows\system32\SynCOM.dll
2015-03-02 21:38 - 2014-08-25 17:22 - 00546032 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\SynTP.sys
2015-03-02 21:38 - 2014-08-25 17:22 - 00407280 _____ (Synaptics Incorporated) C:\Windows\SysWOW64\SynCom.dll
2015-03-02 21:38 - 2014-08-25 17:22 - 00255216 _____ (Synaptics Incorporated) C:\Windows\system32\SynTPAPI.dll
2015-03-02 21:38 - 2014-08-25 17:22 - 00208624 _____ (Synaptics Incorporated) C:\Windows\system32\SynTPCo20.dll
2015-03-02 21:38 - 2014-08-25 17:22 - 00031472 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\Smb_driver_Intel.sys
2015-03-02 21:38 - 2013-04-16 18:33 - 01795952 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01011.dll
2015-03-02 21:33 - 2015-03-02 21:50 - 00000000 ____D () C:\drivertemp
2015-03-02 21:15 - 2015-03-02 21:15 - 00000000 ____D () C:\Users\Schnagendorff\AppData\Roaming\Nitro PDF
2015-03-02 20:54 - 2015-03-02 20:54 - 00000000 ____D () C:\Users\Schnagendorff\AppData\Roaming\Chip Digital GmbH
2015-03-02 09:42 - 2015-03-02 09:42 - 00001169 _____ () C:\Users\Public\Desktop\Avira.lnk
2015-03-02 09:41 - 2015-03-02 09:41 - 04582672 _____ (Avira Operations & Co. KG) C:\Users\Schnagendorff\Downloads\avira_de_uppro_21353280_w9qz89wi8m2jo9ezvl6r_wd.exe
2015-03-02 09:41 - 2015-03-02 09:41 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-27 14:29 - 2015-02-27 14:29 - 00000000 _____ () C:\Users\Schnagendorff\Desktop\Neue Bitmap (2).bmp
2015-02-25 14:30 - 2015-01-09 00:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
2015-02-25 14:30 - 2015-01-09 00:43 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-02-25 09:28 - 2015-02-25 09:28 - 01494894 _____ () C:\Users\Schnagendorff\Desktop\Präsentation Yo-You-Effekt 2.pptx
2015-02-21 11:17 - 2015-02-21 11:17 - 00000000 ____D () C:\Users\Schnagendorff\AppData\Roaming\dlg
2015-02-21 11:15 - 2015-02-21 11:15 - 00000000 ____D () C:\Users\Schnagendorff\AppData\Roaming\Nitro
2015-02-21 11:15 - 2015-02-21 11:15 - 00000000 ____D () C:\Users\Schnagendorff\AppData\Roaming\FileOpen
2015-02-21 11:15 - 2015-02-21 11:15 - 00000000 ____D () C:\ProgramData\FileOpen
2015-02-21 11:14 - 2015-02-21 11:14 - 00002499 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nitro Reader 3.lnk
2015-02-21 11:14 - 2015-02-21 11:14 - 00002005 _____ () C:\Users\Public\Desktop\Nitro Reader.lnk
2015-02-21 11:14 - 2015-02-21 11:14 - 00000000 ____D () C:\ProgramData\Nitro
2015-02-21 11:14 - 2015-02-21 11:14 - 00000000 ____D () C:\Program Files\Common Files\Nitro
2015-02-21 11:14 - 2015-02-21 11:14 - 00000000 ____D () C:\Program Files (x86)\Nitro
2015-02-21 11:14 - 2013-07-26 06:57 - 00029712 _____ (Nitro PDF Software) C:\Windows\system32\nitrolocalmon2.dll
2015-02-21 11:14 - 2013-07-26 06:57 - 00017936 _____ (Nitro PDF Software) C:\Windows\system32\nitrolocalui2.dll
2015-02-21 11:09 - 2015-02-21 11:13 - 00000000 ____D () C:\Users\Schnagendorff\AppData\Roaming\Downloaded Installations
2015-02-21 11:08 - 2015-02-25 12:49 - 00002960 _____ () C:\Windows\SysWOW64\LavasoftTcpServiceOff.ini
2015-02-21 11:08 - 2015-02-25 12:49 - 00002960 _____ () C:\Windows\system32\LavasoftTcpServiceOff.ini
2015-02-21 11:08 - 2015-02-18 11:55 - 00372264 _____ (Lavasoft Limited) C:\Windows\system32\LavasoftTcpService64.dll
2015-02-21 11:08 - 2015-02-18 11:55 - 00326240 _____ (Lavasoft Limited) C:\Windows\SysWOW64\LavasoftTcpService.dll
2015-02-13 10:49 - 2015-01-23 05:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-13 10:49 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-13 10:49 - 2015-01-23 04:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-13 10:49 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-11 08:53 - 2015-02-04 04:16 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-11 08:53 - 2015-02-04 04:16 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-11 08:53 - 2015-02-04 04:16 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-11 08:53 - 2015-02-04 04:16 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-11 08:53 - 2015-02-04 04:16 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-11 08:53 - 2015-02-04 04:16 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-02-11 08:53 - 2015-02-04 04:13 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-11 08:53 - 2015-01-28 00:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-02-11 08:53 - 2015-01-14 06:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-11 08:53 - 2015-01-14 06:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-11 08:53 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 08:53 - 2015-01-12 04:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-11 08:53 - 2015-01-12 04:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-11 08:53 - 2015-01-12 03:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-11 08:53 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 08:53 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 08:53 - 2015-01-12 03:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-11 08:53 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-11 08:53 - 2015-01-12 03:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-11 08:53 - 2015-01-12 03:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-11 08:53 - 2015-01-12 03:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-11 08:53 - 2015-01-12 03:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-11 08:53 - 2015-01-12 03:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-11 08:53 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-11 08:53 - 2015-01-12 03:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-11 08:53 - 2015-01-12 03:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-11 08:53 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 08:53 - 2015-01-12 03:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-11 08:53 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-11 08:53 - 2015-01-12 03:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-11 08:53 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 08:53 - 2015-01-12 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-11 08:53 - 2015-01-12 03:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-11 08:53 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-11 08:53 - 2015-01-12 03:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-11 08:53 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-11 08:53 - 2015-01-12 03:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-11 08:53 - 2015-01-12 02:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-11 08:53 - 2015-01-12 02:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-11 08:53 - 2015-01-12 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-11 08:53 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 08:53 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-11 08:53 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 08:53 - 2015-01-12 02:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-11 08:53 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-11 08:53 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 08:53 - 2015-01-12 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-11 08:53 - 2015-01-12 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-11 08:53 - 2015-01-12 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-11 08:53 - 2015-01-12 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-11 08:53 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 08:53 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-11 08:53 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-11 08:53 - 2015-01-12 02:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-11 08:53 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-11 08:53 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 08:53 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-11 08:53 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-11 08:53 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-11 08:53 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-11 08:53 - 2015-01-10 07:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-11 08:53 - 2015-01-10 07:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-11 08:53 - 2015-01-10 07:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-11 08:53 - 2015-01-10 07:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-11 08:53 - 2015-01-10 07:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-11 08:53 - 2015-01-10 07:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-11 08:53 - 2015-01-10 07:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-11 08:53 - 2015-01-10 07:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-11 08:53 - 2015-01-10 07:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-11 08:53 - 2015-01-10 07:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-11 08:53 - 2015-01-10 07:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-11 08:53 - 2015-01-10 07:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-11 08:53 - 2015-01-10 07:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-11 08:53 - 2015-01-10 07:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-11 08:52 - 2015-01-15 09:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 08:52 - 2015-01-15 09:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-11 08:52 - 2015-01-15 09:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 08:52 - 2015-01-15 09:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-11 08:52 - 2015-01-15 09:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-11 08:52 - 2015-01-15 09:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-11 08:52 - 2015-01-15 09:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-11 08:52 - 2015-01-15 09:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-11 08:52 - 2015-01-15 09:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-11 08:52 - 2015-01-15 09:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-11 08:52 - 2015-01-15 09:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 08:52 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-11 08:52 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-11 08:52 - 2015-01-15 08:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-11 08:52 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-11 08:52 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-11 08:52 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-11 08:52 - 2015-01-15 05:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 08:52 - 2015-01-14 07:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 08:52 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-11 08:52 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-11 08:52 - 2015-01-13 04:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 08:52 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-11 08:52 - 2014-12-12 06:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-11 08:52 - 2014-12-12 06:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-11 08:52 - 2014-12-08 04:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 08:52 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-11 08:52 - 2014-11-26 04:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 08:52 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-11 08:52 - 2014-10-04 03:10 - 03722752 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-02-11 08:52 - 2014-10-04 02:42 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-02-11 08:52 - 2014-10-04 02:42 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2015-02-11 08:51 - 2015-01-14 07:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-11 08:51 - 2015-01-14 07:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-11 08:51 - 2015-01-14 07:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-11 08:51 - 2015-01-14 06:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-11 08:51 - 2015-01-09 03:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-11 09:14 - 2013-03-10 11:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-03-11 09:14 - 2010-08-06 19:49 - 01602493 _____ () C:\Windows\WindowsUpdate.log
2015-03-11 09:09 - 2010-08-06 20:09 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-11 09:09 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-11 09:08 - 2009-07-14 05:45 - 00018832 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-11 09:08 - 2009-07-14 05:45 - 00018832 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-11 08:52 - 2010-08-06 20:09 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-11 08:34 - 2012-07-11 12:58 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-11 08:18 - 2011-10-09 19:57 - 00001170 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-774983500-107182102-3582295664-1000UA.job
2015-03-11 08:18 - 2011-10-09 19:57 - 00001148 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-774983500-107182102-3582295664-1000Core.job
2015-03-08 21:50 - 2010-10-11 20:52 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2015-03-08 20:30 - 2009-08-04 10:51 - 00700134 _____ () C:\Windows\system32\perfh007.dat
2015-03-08 20:30 - 2009-08-04 10:51 - 00149984 _____ () C:\Windows\system32\perfc007.dat
2015-03-08 20:30 - 2009-07-14 06:13 - 01622300 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-08 20:09 - 2010-08-06 20:31 - 00001634 _____ () C:\Windows\system32\ServiceFilter.ini
2015-03-08 20:07 - 2014-05-02 20:40 - 00000000 ____D () C:\Users\Schnagendorff\AppData\Local\TB
2015-03-07 13:48 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-03-06 12:47 - 2010-10-12 08:04 - 00000000 ____D () C:\Users\Schnagendorff\AppData\Roaming\Adobe
2015-03-06 11:37 - 2010-10-11 21:00 - 00000000 ____D () C:\Users\Schnagendorff
2015-03-04 15:16 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing
2015-03-04 08:28 - 2014-01-15 13:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-03-04 08:27 - 2014-01-15 13:36 - 00000000 ____D () C:\ProgramData\Oracle
2015-03-04 08:27 - 2014-01-15 13:35 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-03-04 08:27 - 2014-01-15 13:35 - 00000000 ____D () C:\Program Files (x86)\Java
2015-03-02 23:40 - 2010-10-12 08:32 - 00000000 ____D () C:\Users\Schnagendorff\Desktop\Anwendungen
2015-03-02 23:36 - 2009-07-14 05:45 - 00409144 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-02 23:11 - 2011-02-10 20:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2015-03-02 23:08 - 2010-10-11 21:00 - 00109696 _____ () C:\Users\Schnagendorff\AppData\Local\GDIPFONTCACHEV1.DAT
2015-03-02 23:06 - 2013-03-10 11:23 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-03-02 23:04 - 2011-10-21 07:53 - 00000000 ____D () C:\ProgramData\Avira
2015-03-02 21:56 - 2010-08-06 20:31 - 00002254 _____ () C:\Windows\system32\AutoRunFilter.ini
2015-03-02 21:41 - 2010-08-06 20:18 - 00000000 ____D () C:\Program Files (x86)\Intel
2015-03-02 09:50 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-02-25 13:10 - 2014-07-01 13:35 - 00000000 ____D () C:\ProgramData\eBay
2015-02-25 13:08 - 2015-01-21 19:06 - 00000000 ____D () C:\Users\Schnagendorff\AppData\Local\Citrix
2015-02-25 12:49 - 2013-03-09 20:46 - 00000000 ____D () C:\ProgramData\Lavasoft
2015-02-24 22:25 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2015-02-20 13:27 - 2011-04-10 12:24 - 00000000 ____D () C:\Users\Schnagendorff\Documents\Axel Praxis
2015-02-13 11:32 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-02-11 20:12 - 2014-12-15 12:41 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-11 20:12 - 2014-05-06 12:24 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-11 18:27 - 2011-04-11 09:21 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-11 18:27 - 2009-07-14 03:34 - 00000478 _____ () C:\Windows\win.ini
2015-02-11 18:23 - 2013-07-27 12:34 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-11 18:15 - 2010-10-12 08:19 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Files in the root of some directories =======

2011-12-01 12:33 - 2011-12-01 12:33 - 0000000 _____ () C:\Users\Schnagendorff\AppData\Local\{7D926FC1-751A-4CAB-9431-B0CE41AE8D81}
2012-11-10 16:23 - 2012-11-10 16:23 - 0000057 _____ () C:\ProgramData\Ament.ini
2010-08-06 20:09 - 2009-12-24 13:38 - 0131368 _____ () C:\ProgramData\FullRemove.exe
2010-08-06 20:04 - 2010-08-06 20:05 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2010-08-06 20:04 - 2010-08-06 20:04 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log

Some content of TEMP:
====================
C:\Users\Schnagendorff\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-24 22:09

==================== End Of Log ============================
--- --- ---

--- --- ---

schrauber 11.03.2015 18:14
noch Probleme? :)

Schnagi 11.03.2015 19:32
Es sieht alles ganz gut aus... der Rechner ist jetzt etwas langsam geworden - aber evtl. können ja auch einige Programme wieder runter?

Ich kann aber Firefox wieder benutzen :-D

Vielen vielen Dank!


Alle Zeitangaben in WEZ +1. Es ist jetzt 05:17 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131