Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   db22.exe festgestellt. Virus lässt sich nicht entfernen. (https://www.trojaner-board.de/162841-db22-exe-festgestellt-virus-laesst-entfernen.html)

mero4711 16.01.2015 14:20
db22.exe festgestellt. Virus lässt sich nicht entfernen.
 
AntiVir hat Virus db22.exe festgellt. Der Rechner arbeitet nur noch sehr langsam. Zwischendurch werden unkontrolliert Musik und Audiobeiträge gespielt. Internet Ladezeiten sind extrem lang.

Warlord711 16.01.2015 14:30
Hallo mero4711

:hallo:

Mein Name ist Timo und ich werde Dir bei deinem Problem behilflich sein.
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Hier findest du die Anleitung für Hilfesuchende
  • Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
  • Nur Scans durchführen zu denen Du von einem Helfer aufgefordert wirst.
  • Bitte kein Crossposting ( posten in mehreren Foren).
  • Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
  • Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
  • Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf.

Hinweis:
Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist immer der sicherste Weg.

Wir arbeiten hier alle freiwillig und meist auch nur in unserer Freizeit. Daher kann es bei Antworten zu Verzögerungen kommen.
Solltest du innerhalb 48 Std keine Antwort von mir erhalten, dann schreib mit eine PM
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis ich oder jemand vom Team sagt, dass Du clean bist.


Führe sämtliche Tools mit administrativen Rechten aus, Vista, Win7,Win8 User mit Rechtsklick "als Administrator starten".

Bitte die Logs über den Fund hier posten:

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Cursor zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307


Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


mero4711 16.01.2015 14:59
#
FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-01-2015 01
Ran by mero (administrator) on MERO-PC on 16-01-2015 14:52:30
Running from C:\Users\mero\Downloads
Loaded Profiles: mero (Available profiles: mero & Tix)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe
() C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe
() C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
(AVM GmbH) C:\Program Files (x86)\FRITZ!Powerline\PowerlineService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(ASUSTeK Computer Inc.) C:\Windows\SysWOW64\AsHookDevice.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
() C:\Program Files\004\rqpbhevlkc64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
() C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Users\mero\AppData\Local\Amazon Music\Amazon Music Helper.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Dropbox, Inc.) C:\Users\mero\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Spigot Inc) C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings64.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\FRITZWLANMini.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
() C:\Users\mero\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
() C:\Users\mero\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe
() C:\Users\mero\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
() C:\Users\mero\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
() C:\Users\mero\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
() C:\Users\mero\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
() C:\Users\mero\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
() C:\Users\mero\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
() C:\Users\mero\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
() C:\Users\mero\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11613288 2010-11-19] (Realtek Semiconductor)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2010-11-16] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RunAIShell] => C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe [232064 2009-12-23] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [976320 2009-12-03] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SearchSettings] => C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe [1404736 2014-05-26] (Spigot, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM-x32\...\Run: [AVMWlanClient] => C:\Program Files (x86)\avmwlanstick\FRITZWLANMini.exe [933888 2012-08-21] (AVM Berlin)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [449168 2012-03-26] (CANON INC.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-11-24] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-1549066735-246946951-1000381425-1000\...\Run: [Amazon Music] => C:\Users\mero\AppData\Local\Amazon Music\Amazon Music Helper.exe [6281024 2014-10-15] ()
HKU\S-1-5-21-1549066735-246946951-1000381425-1000\...\MountPoints2: {41839cab-13c9-11e1-a3db-f46d04e0f9c9} - G:\pushinst.exe
HKU\S-1-5-21-1549066735-246946951-1000381425-1000\...\MountPoints2: {b41c7023-64b8-11e4-9480-f46d04e0f9c9} - G:\pushinst.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\mero\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\mero\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1549066735-246946951-1000381425-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: HKU\S-1-5-21-1549066735-246946951-1000381425-1000 - pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\9.3\pdfforgeToolbarIE64.dll No File
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP08&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP08&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1549066735-246946951-1000381425-1000 -> DefaultScope {EBC79BE0-4FFF-4681-A0CF-1779313B8125} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1549066735-246946951-1000381425-1000 -> {EBC79BE0-4FFF-4681-A0CF-1779313B8125} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexbho.dll (CANON INC.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: PodcastBHO Class -> {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} -> C:\Program Files (x86)\Common Files\doubleTwist\IEPodcastPlugin.dll (doubleTwist Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: No Name -> {B922D405-6D13-4A2B-AE89-08A030DA4402} ->  No File
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM - pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\9.3\pdfforgeToolbarIE64.dll No File
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKU\S-1-5-21-1549066735-246946951-1000381425-1000 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll (CANON INC.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\mero\AppData\Roaming\Mozilla\Firefox\Profiles\69uv4zk8.default-1382554676965
FF NewTab: chrome://quick_start/content/index.html
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: PDF Architect 2 -> C:\Program Files (x86)\PDF Architect 2\np-previewer.dll (pdfforge GmbH)
FF Plugin HKU\S-1-5-21-1549066735-246946951-1000381425-1000: @doubletwist.com/NPPodcast -> C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll (doubleTwist Corporation)
FF SearchPlugin: C:\Users\mero\AppData\Roaming\Mozilla\Firefox\Profiles\69uv4zk8.default-1382554676965\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\mero\AppData\Roaming\Mozilla\Firefox\Profiles\69uv4zk8.default-1382554676965\searchplugins\google-maps.xml
FF Extension: 20-20 3D Viewer - IKEA - C:\Users\mero\AppData\Roaming\Mozilla\Firefox\Profiles\69uv4zk8.default-1382554676965\Extensions\2020Player_IKEA@2020Technologies.com [2014-09-03]
FF Extension: Fast Start - C:\Users\mero\AppData\Roaming\Mozilla\Firefox\Profiles\69uv4zk8.default-1382554676965\Extensions\faststartff@gmail.com [2014-07-14]
FF Extension: Cliqz Beta - C:\Users\mero\AppData\Roaming\Mozilla\Firefox\Profiles\69uv4zk8.default-1382554676965\Extensions\cliqz@cliqz.com.xpi [2014-09-05]
FF Extension: PAYBACK Internet Assistent fuer Firefox - C:\Users\mero\AppData\Roaming\Mozilla\Firefox\Profiles\69uv4zk8.default-1382554676965\Extensions\toolbar-ff@payback.de.xpi [2014-12-01]
FF HKU\S-1-5-21-1549066735-246946951-1000381425-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
FF HKU\S-1-5-21-1549066735-246946951-1000381425-1000\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\mero\AppData\Roaming\Mozilla\Firefox\Profiles\69uv4zk8.default-1382554676965\extensions\cliqz@cliqz.com

Chrome:
=======
CHR Profile: C:\Users\mero\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\mero\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-23]
CHR Extension: (Google Docs) - C:\Users\mero\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-23]
CHR Extension: (Google Drive) - C:\Users\mero\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-23]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\mero\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-01]
CHR Extension: (YouTube) - C:\Users\mero\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-23]
CHR Extension: (Google-Suche) - C:\Users\mero\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-23]
CHR Extension: (Google Tabellen) - C:\Users\mero\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-23]
CHR Extension: (Avira Browserschutz) - C:\Users\mero\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-01-14]
CHR Extension: (Google Wallet) - C:\Users\mero\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-23]
CHR Extension: (Google Mail) - C:\Users\mero\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-23]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - No Path
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [918144 2010-11-03] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe [915584 2010-12-02] ()
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [586880 2010-10-21] ()
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG)
R2 AVMPowerlineService; C:\Program Files (x86)\FRITZ!Powerline\PowerlineService.exe [126976 2013-11-27] (AVM GmbH) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-15] (Hewlett-Packard) [File not signed]
S3 PDF Architect 2; C:\Program Files (x86)\PDF Architect 2\ws.exe [1716264 2014-04-30] (pdfforge GmbH)
S3 pdfforge CrashHandler; C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe [861736 2014-04-30] (pdfforge GmbH)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-15] (Hewlett-Packard) [File not signed]
R2 rqpbhevlkc64; C:\Program Files\004\rqpbhevlkc64.exe [709120 2014-07-11] () [File not signed]
R2 UsbClientService; C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [248736 2014-02-25] ()
R2 Verifies and fixes application compatibility issues; C:\Users\mero\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe [91304 2015-01-12] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 asahci64; C:\Windows\System32\drivers\asahci64.sys [36448 2011-01-30] (Asmedia Technology)
R2 ASInsHelp; C:\Windows\SysWow64\drivers\AsInsHelp64.sys [11832 2008-01-04] ()
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-11-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-11-24] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-11-24] (Avira Operations GmbH & Co. KG)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2012-04-25] (AVM Berlin)
R3 fwlanusb5; C:\Windows\System32\DRIVERS\fwlanusb5.sys [982784 2012-08-21] (AVM GmbH)
S3 fwlanusbn; C:\Windows\System32\DRIVERS\fwlanusbn.sys [714368 2010-10-25] (AVM GmbH)
R1 netfilter64; C:\Windows\System32\drivers\netfilter64.sys [46376 2014-07-08] (NetFilterSDK.com)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-16 14:05 - 2015-01-16 14:06 - 00036512 _____ () C:\Users\mero\Downloads\Addition.txt
2015-01-16 14:01 - 2015-01-16 14:52 - 00024459 _____ () C:\Users\mero\Downloads\FRST.txt
2015-01-16 14:01 - 2015-01-16 14:52 - 00000000 ____D () C:\FRST
2015-01-16 14:00 - 2015-01-16 14:00 - 02125312 _____ (Farbar) C:\Users\mero\Downloads\FRST64.exe
2015-01-14 06:02 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 06:02 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 06:02 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 06:02 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 06:02 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 06:02 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 06:02 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 06:02 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 06:02 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 06:02 - 2014-12-11 18:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 06:02 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 06:02 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 06:02 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-13 15:47 - 2015-01-13 15:47 - 00001141 _____ () C:\Users\Public\Desktop\Avira.lnk
2015-01-13 15:40 - 2015-01-13 15:38 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-01-13 15:38 - 2015-01-13 15:38 - 00000000 ____D () C:\Users\mero\AppData\Roaming\Avira
2015-01-13 15:36 - 2015-01-13 15:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-01-13 15:36 - 2015-01-13 15:36 - 00002070 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2015-01-13 15:35 - 2015-01-13 15:46 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-01-13 15:35 - 2015-01-13 15:39 - 00000000 ____D () C:\ProgramData\Avira
2015-01-13 15:35 - 2014-11-24 10:23 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-01-13 15:35 - 2014-11-24 10:23 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-01-13 15:35 - 2014-11-24 10:23 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2015-01-13 15:31 - 2015-01-13 16:02 - 00003064 _____ () C:\Windows\system32\TmInstall.log
2015-01-13 15:31 - 2015-01-13 15:31 - 00004280 _____ () C:\Windows\SysWOW64\TmInstall.log
2015-01-13 15:21 - 2015-01-13 15:22 - 154051656 _____ () C:\Users\mero\Downloads\avira_free_antivirus468_de.exe
2015-01-13 12:11 - 2015-01-16 14:51 - 00000112 _____ () C:\ProgramData\OeSOSc67S.dat
2015-01-08 08:25 - 2015-01-13 15:47 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-08 08:24 - 2015-01-16 12:50 - 00000000 ____D () C:\Users\mero\AppData\Roaming\Compatibility Verifier
2015-01-08 07:51 - 2015-01-08 07:52 - 01054912 _____ (Adobe) C:\Users\mero\Downloads\install_flashplayer16x32au_mssa_aaa_aih.exe
2014-12-19 14:21 - 2015-01-15 15:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-12-18 08:09 - 2014-12-13 06:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-18 08:09 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-16 14:19 - 2011-11-20 23:39 - 01574864 _____ () C:\Windows\WindowsUpdate.log
2015-01-16 14:12 - 2012-03-29 17:21 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-16 14:07 - 2012-10-17 10:02 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-16 12:54 - 2009-07-14 05:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-16 12:54 - 2009-07-14 05:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-16 12:48 - 2014-02-26 22:54 - 00000000 ___RD () C:\Users\mero\Dropbox
2015-01-16 12:48 - 2014-02-26 22:52 - 00000000 ____D () C:\Users\mero\AppData\Roaming\Dropbox
2015-01-16 12:46 - 2012-10-17 10:02 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-16 12:45 - 2012-05-27 10:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-16 12:45 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-16 12:45 - 2009-07-14 05:51 - 00097349 _____ () C:\Windows\setupact.log
2015-01-14 15:12 - 2012-03-29 17:21 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-14 15:12 - 2012-03-29 17:21 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-14 15:12 - 2011-11-21 00:41 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-14 09:52 - 2010-11-21 04:47 - 00669572 _____ () C:\Windows\PFRO.log
2015-01-13 19:12 - 2011-05-06 23:14 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-01-13 19:11 - 2011-05-06 23:25 - 00000000 ____D () C:\Windows\System32\Tasks\ASUS
2015-01-13 19:11 - 2011-05-06 23:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2015-01-13 15:58 - 2014-07-11 11:42 - 00000000 ____D () C:\Program Files\A6ADCE5D-859A-4E7E-B0B2-D07F8AB9237E
2015-01-13 15:58 - 2014-07-11 11:42 - 00000000 ____D () C:\Program Files (x86)\A6ADCE5D-859A-4E7E-B0B2-D07F8AB9237E
2015-01-13 15:30 - 2011-05-06 23:41 - 00000000 ____D () C:\ProgramData\Trend Micro
2015-01-08 07:58 - 2011-11-23 11:55 - 00000000 ____D () C:\Users\mero\AppData\Local\Adobe
2015-01-07 12:35 - 2014-07-11 11:42 - 00000000 ____D () C:\Program Files\CouponDownloader
2015-01-06 04:36 - 2010-11-21 04:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-12-30 11:46 - 2011-12-06 11:59 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-30 11:45 - 2014-12-05 11:15 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-12-22 16:11 - 2011-11-21 00:11 - 00000000 ____D () C:\Users\mero\AppData\Local\Thunderbird

Files to move or delete:
====================
C:\ProgramData\OeSOSc67S.dat


Some content of TEMP:
====================
C:\Users\mero\AppData\Local\Temp\7z.dll
C:\Users\mero\AppData\Local\Temp\7z.exe
C:\Users\mero\AppData\Local\Temp\avgnt.exe
C:\Users\mero\AppData\Local\Temp\contentDATs.exe
C:\Users\mero\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjjirrw.dll
C:\Users\mero\AppData\Local\Temp\dtkill.exe
C:\Users\mero\AppData\Local\Temp\Executor.exe
C:\Users\mero\AppData\Local\Temp\MSETUP4.EXE
C:\Users\mero\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\mero\AppData\Local\Temp\_is195.exe
C:\Users\mero\AppData\Local\Temp\_is3B9.exe
C:\Users\Tix\AppData\Local\Temp\contentDATs.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-14 00:32

==================== End Of Log ============================
--- --- ---
#FRST Additions Logfile:
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-01-2015 01
Ran by mero at 2015-01-16 14:52:52
Running from C:\Users\mero\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 1.2.0 - Hewlett-Packard) Hidden
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY)
ABBYY FineReader 9.0 Sprint (x32 Version: 9.01.513.58212 - ABBYY) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Reader X MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.0.0 - Adobe Systems Incorporated)
AI Manager (HKLM-x32\...\{4AF95DE2-B54D-4C3F-9494-FD3B558E2C2D}) (Version: 1.09.06 - ASUSTeK Computer Inc.)
Amazon Music (HKU\S-1-5-21-1549066735-246946951-1000381425-1000\...\Amazon Amazon Music) (Version: 3.4.0.628 - Amazon Services LLC)
Amazon Music Importer (HKLM-x32\...\com.amazon.music.uploader) (Version: 3.0.0 - Amazon Services LLC)
Amazon Music Importer (x32 Version: 3.0.0 - Amazon Services LLC) Hidden
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.10.0.0 - Asmedia Technology)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 1.1.9.000 - Asmedia Technology)
ASUS Backup Wizard (HKLM-x32\...\{124C9BD0-8C52-40AB-8238-0605703B1C28}) (Version: 1.00.10 - ASUSTeK Computer Inc.)
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.4.628 - ASUSTEK)
Avira (HKLM-x32\...\{e7c7c227-b742-4878-9425-f09bbf9951db}) (Version: 1.1.27.25527 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.27.25527 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
AVM FRITZ!WLAN (HKLM-x32\...\AVMWLANCLI) (Version: 1.2.0.0 - AVM Berlin)
Bing Bar (HKLM-x32\...\{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}) (Version: 7.0.610.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.4.1.0 - Canon Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - ‪Canon Inc.‬)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - ‪Canon Inc.‬)
Canon MG4200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG4200_series) (Version: 1.02 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 2.1.0 - Canon Inc.)
Cliqz (HKLM-x32\...\{5A0C0737-6AFE-4DC6-A8B4-6DFE509ACD75}_is1) (Version: 0.5.22 - Cliqz.com)
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
doubleTwist (HKLM-x32\...\doubleTwist) (Version: 3.2.0.11764 - doubleTwist Corporation)
Dropbox (HKU\S-1-5-21-1549066735-246946951-1000381425-1000\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
Druckerdeinstallation für EPSON PX650 Series (HKLM\...\EPSON PX650 Series) (Version:  - SEIKO EPSON Corporation)
Druckerdeinstallation für EPSON PX720WD Series (HKLM\...\EPSON PX720WD Series) (Version:  - SEIKO EPSON Corporation)
Epson Easy Photo Print 2 (HKLM-x32\...\{310C1558-F6B5-4889-98B0-7471966BA7F2}) (Version: 2.2.3.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM-x32\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}) (Version: 2.40.0001 - SEIKO EPSON CORPORATION)
Epson Print CD (HKLM-x32\...\{D16A31F9-276D-4968-A753-FFEAC56995D0}) (Version: 2.00.00 - SEIKO EPSON CORPORATION)
EPSON PX720WD Series Handbuch (HKLM-x32\...\EPSON PX720WD Series Manual) (Version:  - )
EPSON PX720WD Series Netzwerk-Handbuch (HKLM-x32\...\EPSON PX720WD Series Network Guide) (Version:  - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4j - SEIKO EPSON CORPORATION)
EpsonNet Setup 3.3 (HKLM-x32\...\{C9D8A041-2963-4B31-8FFC-1500F3DB9293}) (Version: 3.3a - SEIKO EPSON CORPORATION)
ffdshow [rev 2527] [2008-12-19] (HKLM-x32\...\ffdshow_is1) (Version: 1.0 - )
File Opener Packages (HKU\S-1-5-21-1549066735-246946951-1000381425-1000\...\File Opener Packages) (Version:  - ) <==== ATTENTION
Fotosizer 2.09 (HKLM-x32\...\Fotosizer) (Version: 2.09.0.548 - Fotosizer.com)
FRITZ!Powerline (HKLM-x32\...\{F88975C1-C182-4A51-BEDE-E333AB89F5D4}) (Version: 01.00.57 - AVM Berlin)
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
Java(TM) 6 Update 29 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216020FF}) (Version: 6.0.290 - Sun Microsystems, Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 15.0.4675.1003 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1549066735-246946951-1000381425-1000\...\OneDriveSetup.exe) (Version: 17.3.1171.0714 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version:  - Pavel Cvrcek)
Mozilla Firefox 34.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.0 - Mozilla)
Mozilla Thunderbird 31.4.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.4.0 (x86 de)) (Version: 31.4.0 - Mozilla)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
NVIDIA Grafiktreiber 268.29 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 268.29 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.2.22.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.2.22.1 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.10.0514 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.10.0514 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
PDF Architect 2 (HKLM-x32\...\PDF Architect 2) (Version: 2.0.24.16092 - pdfforge GmbH)
PDF Architect 2 View Module (HKLM-x32\...\{46889070-D447-4936-A5D3-246DB972FA2E}) (Version: 2.0.6.16537 - pdfforge GmbH)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.9.3 - pdfforge)
pdfforge Toolbar v9.3 (HKLM-x32\...\{BF5A8895-5DF8-42F0-80DC-50DD1AA2DD23}) (Version: 9.3 - Spigot, Inc.) <==== ATTENTION
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.37.1229.2010 - Realtek)
Realtek Ethernet Diagnostic Utility (HKLM-x32\...\{7236672F-6430-439E-9B27-27EDEAF1D676}) (Version: 1.00.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6251 - Realtek Semiconductor Corp.)
RedEye (remove only) (HKLM-x32\...\RedEye) (Version:  - )
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Synology Assistant (remove only) (HKLM-x32\...\Synology Assistant) (Version:  - )
UnderCoverXP 1.23 (HKLM-x32\...\UnderCoverXP_is1) (Version:  - Wicked & Wild Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
XMind (HKLM-x32\...\XMind) (Version: 3.2.1 - XMind Ltd.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1549066735-246946951-1000381425-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\mero\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1549066735-246946951-1000381425-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\mero\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1549066735-246946951-1000381425-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\mero\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1549066735-246946951-1000381425-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\mero\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1549066735-246946951-1000381425-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\mero\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1549066735-246946951-1000381425-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\mero\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1549066735-246946951-1000381425-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\mero\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1549066735-246946951-1000381425-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\mero\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1549066735-246946951-1000381425-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\mero\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1549066735-246946951-1000381425-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\mero\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1549066735-246946951-1000381425-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\mero\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1549066735-246946951-1000381425-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\mero\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1549066735-246946951-1000381425-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\mero\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1549066735-246946951-1000381425-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\mero\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

09-01-2015 04:09:00 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
09-01-2015 04:17:55 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
13-01-2015 12:08:42 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
13-01-2015 12:11:49 Windows Update
13-01-2015 16:05:12 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
13-01-2015 19:04:41 Removed ASUS Update
13-01-2015 19:06:26 Removed EPU
13-01-2015 19:06:49 Removed MyLogo
13-01-2015 19:07:45 Removed Probe II
13-01-2015 19:08:58 Removed System Information
13-01-2015 19:11:22 Removed AI Suite II
14-01-2015 16:24:30 Windows Update
16-01-2015 12:49:28 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
16-01-2015 13:14:22 Avira Free Antivirus - 16.01.2015 13:14

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {14903D84-2018-435C-BEDC-7CA1B5017CC1} - System32\Tasks\ASUS\AsBackupWizard_Run => C:\Program Files (x86)\ASUS\\AsBackupWizard\\AsRunBkWizardHelper.exe [2010-04-24] (ASUSTeK Computer Inc.)
Task: {68BEAC8E-8E5C-4330-AF6E-D3C15763FDA0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {7D3CF61D-8BD9-4059-BDA2-8E910F3F9C7C} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-11-04] (Microsoft Corporation)
Task: {A9A67696-4FF4-4FFC-8F79-E8551A5117A1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-17] (Google Inc.)
Task: {AD7C2B34-C313-4443-933B-3C0D276E38CD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-14] (Adobe Systems Incorporated)
Task: {BB83ADBC-3D3C-4885-81C4-4FA9385E14D2} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {BC264CD8-9BFE-4AA0-BB89-C22E62C61475} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-11-12] (Microsoft Corporation)
Task: {EF5F1B00-4526-447E-925B-0CEA5079ADCA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-17] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-05-06 23:25 - 2010-11-03 10:30 - 00918144 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe
2011-05-06 23:25 - 2010-12-02 03:15 - 00915584 _____ () C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe
2011-05-06 23:25 - 2010-10-21 10:52 - 00586880 _____ () C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
2014-12-05 11:15 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-07-11 11:41 - 2014-07-11 11:41 - 00709120 _____ () C:\Program Files\004\rqpbhevlkc64.exe
2014-02-25 02:28 - 2014-02-25 02:28 - 00248736 _____ () C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
2014-09-15 10:26 - 2014-10-15 06:35 - 06281024 _____ () C:\Users\mero\AppData\Local\Amazon Music\Amazon Music Helper.exe
2015-01-08 08:24 - 2015-01-13 23:12 - 51548328 _____ () C:\Users\mero\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
2015-01-08 08:24 - 2015-01-12 13:55 - 00091304 _____ () C:\Users\mero\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe
2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 19:58 - 2014-02-12 19:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-05-06 23:25 - 2015-01-16 12:45 - 00019456 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.13\PEbiosinterface32.dll
2011-05-06 23:25 - 2010-06-29 03:58 - 00104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.13\ATKEX.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00750080 _____ () C:\Users\mero\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-01-16 12:48 - 2015-01-16 12:48 - 00043008 _____ () c:\users\mero\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjjirrw.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00047616 _____ () C:\Users\mero\AppData\Roaming\Dropbox\bin\libEGL.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00863744 _____ () C:\Users\mero\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00200704 _____ () C:\Users\mero\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2014-12-09 11:12 - 2014-12-09 11:12 - 03758192 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2015-01-08 08:24 - 2015-01-07 22:22 - 01360552 _____ () C:\Users\mero\AppData\Roaming\Compatibility Verifier\libglesv2.dll
2015-01-08 08:24 - 2015-01-07 22:22 - 00214184 _____ () C:\Users\mero\AppData\Roaming\Compatibility Verifier\libegl.dll
2015-01-08 08:24 - 2015-01-07 22:22 - 00985768 _____ () C:\Users\mero\AppData\Roaming\Compatibility Verifier\ffmpegsumo.dll
2015-01-08 08:24 - 2015-01-07 22:22 - 16827048 _____ () C:\Users\mero\AppData\Roaming\Compatibility Verifier\NPSWF32_15_0_0_189.dll
2014-12-19 14:21 - 2015-01-15 15:32 - 03347056 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
2014-12-19 14:21 - 2015-01-15 15:32 - 00158832 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
2014-12-19 14:21 - 2015-01-15 15:32 - 00023152 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-1549066735-246946951-1000381425-500 - Administrator - Disabled)
Gast (S-1-5-21-1549066735-246946951-1000381425-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1549066735-246946951-1000381425-1002 - Limited - Enabled)
mero (S-1-5-21-1549066735-246946951-1000381425-1000 - Administrator - Enabled) => C:\Users\mero
Tix (S-1-5-21-1549066735-246946951-1000381425-1003 - Limited - Enabled) => C:\Users\Tix

==================== Faulty Device Manager Devices =============

Name: Realtek PCIe GBE Family Controller
Description: Realtek PCIe GBE Family Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: RTL8167
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Microsoft-Teredo-Tunneling-Adapter
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/16/2015 00:52:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: SearchSettings.exe, Version: 9.3.0.4, Zeitstempel: 0x538348fa
Name des fehlerhaften Moduls: SearchSettings.exe, Version: 9.3.0.4, Zeitstempel: 0x538348fa
Ausnahmecode: 0x40000015
Fehleroffset: 0x000a341d
ID des fehlerhaften Prozesses: 0x1170
Startzeit der fehlerhaften Anwendung: 0xSearchSettings.exe0
Pfad der fehlerhaften Anwendung: SearchSettings.exe1
Pfad des fehlerhaften Moduls: SearchSettings.exe2
Berichtskennung: SearchSettings.exe3

Error: (01/16/2015 00:47:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/15/2015 00:22:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: SearchSettings.exe, Version: 9.3.0.4, Zeitstempel: 0x538348fa
Name des fehlerhaften Moduls: SearchSettings.exe, Version: 9.3.0.4, Zeitstempel: 0x538348fa
Ausnahmecode: 0x40000015
Fehleroffset: 0x000a341d
ID des fehlerhaften Prozesses: 0xee4
Startzeit der fehlerhaften Anwendung: 0xSearchSettings.exe0
Pfad der fehlerhaften Anwendung: SearchSettings.exe1
Pfad des fehlerhaften Moduls: SearchSettings.exe2
Berichtskennung: SearchSettings.exe3

Error: (01/15/2015 00:19:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/14/2015 09:53:58 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/13/2015 07:07:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x54af4124
Name des fehlerhaften Moduls: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x54af4124
Ausnahmecode: 0x4000001f
Fehleroffset: 0x0022ecf0
ID des fehlerhaften Prozesses: 0x207c
Startzeit der fehlerhaften Anwendung: 0xcompatibilitycheck.exe0
Pfad der fehlerhaften Anwendung: compatibilitycheck.exe1
Pfad des fehlerhaften Moduls: compatibilitycheck.exe2
Berichtskennung: compatibilitycheck.exe3

Error: (01/13/2015 07:03:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x54af4124
Name des fehlerhaften Moduls: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x54af4124
Ausnahmecode: 0x4000001f
Fehleroffset: 0x0022ecf0
ID des fehlerhaften Prozesses: 0x2494
Startzeit der fehlerhaften Anwendung: 0xcompatibilitycheck.exe0
Pfad der fehlerhaften Anwendung: compatibilitycheck.exe1
Pfad des fehlerhaften Moduls: compatibilitycheck.exe2
Berichtskennung: compatibilitycheck.exe3

Error: (01/13/2015 07:02:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: AI Suite II.exe, Version: 1.0.0.40, Zeitstempel: 0x00000000
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18409, Zeitstempel: 0x53159a86
Ausnahmecode: 0x0eedfade
Fehleroffset: 0x0000c42d
ID des fehlerhaften Prozesses: 0x100c
Startzeit der fehlerhaften Anwendung: 0xAI Suite II.exe0
Pfad der fehlerhaften Anwendung: AI Suite II.exe1
Pfad des fehlerhaften Moduls: AI Suite II.exe2
Berichtskennung: AI Suite II.exe3

Error: (01/13/2015 07:02:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: aaHMSvc.exe, Version: 0.0.0.0, Zeitstempel: 0x00000000
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18409, Zeitstempel: 0x53159a86
Ausnahmecode: 0x0eedfade
Fehleroffset: 0x0000c42d
ID des fehlerhaften Prozesses: 0x904
Startzeit der fehlerhaften Anwendung: 0xaaHMSvc.exe0
Pfad der fehlerhaften Anwendung: aaHMSvc.exe1
Pfad des fehlerhaften Moduls: aaHMSvc.exe2
Berichtskennung: aaHMSvc.exe3

Error: (01/13/2015 04:50:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8830


System errors:
=============
Error: (01/16/2015 00:47:01 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (01/15/2015 00:19:34 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (01/14/2015 09:53:50 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (01/13/2015 07:02:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "ASUS HM Com Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (01/13/2015 04:03:42 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows-Fehlerberichterstattungsdienst erreicht.

Error: (01/13/2015 04:02:53 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (01/13/2015 01:12:59 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Trend Micro Solution Platform" wurde unerwartet beendet. Dies ist bereits 13 Mal passiert.

Error: (01/13/2015 01:07:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Trend Micro Solution Platform" wurde unerwartet beendet. Dies ist bereits 12 Mal passiert.

Error: (01/13/2015 01:02:54 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Trend Micro Solution Platform" wurde unerwartet beendet. Dies ist bereits 11 Mal passiert.

Error: (01/13/2015 00:57:50 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Trend Micro Solution Platform" wurde unerwartet beendet. Dies ist bereits 10 Mal passiert.


Microsoft Office Sessions:
=========================
Error: (01/16/2015 00:52:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: SearchSettings.exe9.3.0.4538348faSearchSettings.exe9.3.0.4538348fa40000015000a341d117001d031821d83b951C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exeC:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe208477dd-9d76-11e4-9470-a4e34dd07e23

Error: (01/16/2015 00:47:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/15/2015 00:22:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: SearchSettings.exe9.3.0.4538348faSearchSettings.exe9.3.0.4538348fa40000015000a341dee401d030b548a712dcC:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exeC:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.execcbca415-9ca8-11e4-b959-a197912d7822

Error: (01/15/2015 00:19:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/14/2015 09:53:58 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/13/2015 07:07:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: compatibilitycheck.exe0.0.0.054af4124compatibilitycheck.exe0.0.0.054af41244000001f0022ecf0207c01d02f5bcebbd8a9C:\Users\mero\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exeC:\Users\mero\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe11e938d3-9b4f-11e4-ab3c-c19cb75a0225

Error: (01/13/2015 07:03:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: compatibilitycheck.exe0.0.0.054af4124compatibilitycheck.exe0.0.0.054af41244000001f0022ecf0249401d02f5b2773ae54C:\Users\mero\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exeC:\Users\mero\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe6a0a2378-9b4e-11e4-ab3c-c19cb75a0225

Error: (01/13/2015 07:02:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: AI Suite II.exe1.0.0.4000000000KERNELBASE.dll6.1.7601.1840953159a860eedfade0000c42d100c01d02f41dd4036cdC:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exeC:\Windows\syswow64\KERNELBASE.dll6747c4d0-9b4e-11e4-ab3c-c19cb75a0225

Error: (01/13/2015 07:02:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: aaHMSvc.exe0.0.0.000000000KERNELBASE.dll6.1.7601.1840953159a860eedfade0000c42d90401d02f41ca4d025fC:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exeC:\Windows\syswow64\KERNELBASE.dll651217d8-9b4e-11e4-ab3c-c19cb75a0225

Error: (01/13/2015 04:50:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8830


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz
Percentage of memory in use: 71%
Total physical RAM: 6126.29 MB
Available physical RAM: 1728.18 MB
Total Pagefile: 12250.77 MB
Available Pagefile: 6897.29 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (WIN7) (Fixed) (Total:372.6 GB) (Free:128.5 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:544.72 GB) (Free:544.62 GB) NTFS
Drive g: () (Removable) (Total:7.47 GB) (Free:0.45 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: CB5BD2B2)
Partition 1: (Not Active) - (Size=14.2 GB) - (Type=1B)
Partition 2: (Active) - (Size=372.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=544.7 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 7.5 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================
--- --- ---

Warlord711 16.01.2015 15:04
Bitte Logfile von Avira posten.

Avira Log finden und posten - so geht's - Anleitungen

Warlord711 16.01.2015 15:06
Schritt 1
Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.


Schritt 2
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


mero4711 16.01.2015 16:22
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Freitag, 16. Januar 2015 13:15


Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer : Avira Antivirus Free
Seriennummer : 0000149996-AVHOE-0000001
Plattform : Windows 7 Home Premium
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : MERO-PC

Versionsinformationen:
BUILD.DAT : 14.0.7.468 91859 Bytes 24.11.2014 10:23:00
AVSCAN.EXE : 14.0.7.462 1015544 Bytes 24.11.2014 09:23:24
AVSCANRC.DLL : 14.0.7.308 64304 Bytes 24.11.2014 09:23:24
LUKE.DLL : 14.0.7.462 60664 Bytes 24.11.2014 09:23:29
AVSCPLR.DLL : 14.0.7.440 93488 Bytes 24.11.2014 09:23:24
REPAIR.DLL : 14.0.7.412 366328 Bytes 24.11.2014 09:23:24
REPAIR.RDF : 1.0.3.92 668746 Bytes 16.01.2015 11:51:16
AVREG.DLL : 14.0.7.310 264952 Bytes 24.11.2014 09:23:23
AVLODE.DLL : 14.0.7.440 561456 Bytes 24.11.2014 09:23:23
AVLODE.RDF : 14.0.4.54 78895 Bytes 13.01.2015 14:38:37
XBV00014.VDF : 8.11.165.190 2048 Bytes 07.08.2014 09:23:34
XBV00015.VDF : 8.11.165.190 2048 Bytes 07.08.2014 09:23:34
XBV00016.VDF : 8.11.165.190 2048 Bytes 07.08.2014 09:23:34
XBV00017.VDF : 8.11.165.190 2048 Bytes 07.08.2014 09:23:34
XBV00018.VDF : 8.11.165.190 2048 Bytes 07.08.2014 09:23:34
XBV00019.VDF : 8.11.165.190 2048 Bytes 07.08.2014 09:23:34
XBV00020.VDF : 8.11.165.190 2048 Bytes 07.08.2014 09:23:34
XBV00021.VDF : 8.11.165.190 2048 Bytes 07.08.2014 09:23:34
XBV00022.VDF : 8.11.165.190 2048 Bytes 07.08.2014 09:23:34
XBV00023.VDF : 8.11.165.190 2048 Bytes 07.08.2014 09:23:34
XBV00024.VDF : 8.11.165.190 2048 Bytes 07.08.2014 09:23:34
XBV00025.VDF : 8.11.165.190 2048 Bytes 07.08.2014 09:23:34
XBV00026.VDF : 8.11.165.190 2048 Bytes 07.08.2014 09:23:34
XBV00027.VDF : 8.11.165.190 2048 Bytes 07.08.2014 09:23:34
XBV00028.VDF : 8.11.165.190 2048 Bytes 07.08.2014 09:23:34
XBV00029.VDF : 8.11.165.190 2048 Bytes 07.08.2014 09:23:34
XBV00030.VDF : 8.11.165.190 2048 Bytes 07.08.2014 09:23:34
XBV00031.VDF : 8.11.165.190 2048 Bytes 07.08.2014 09:23:34
XBV00032.VDF : 8.11.165.190 2048 Bytes 07.08.2014 09:23:34
XBV00033.VDF : 8.11.165.190 2048 Bytes 07.08.2014 09:23:34
XBV00034.VDF : 8.11.165.190 2048 Bytes 07.08.2014 09:23:34
XBV00035.VDF : 8.11.165.190 2048 Bytes 07.08.2014 09:23:34
XBV00036.VDF : 8.11.165.190 2048 Bytes 07.08.2014 09:23:34
XBV00037.VDF : 8.11.165.190 2048 Bytes 07.08.2014 09:23:34
XBV00038.VDF : 8.11.165.190 2048 Bytes 07.08.2014 09:23:34
XBV00039.VDF : 8.11.165.190 2048 Bytes 07.08.2014 09:23:34
XBV00040.VDF : 8.11.165.190 2048 Bytes 07.08.2014 09:23:34
XBV00041.VDF : 8.11.165.190 2048 Bytes 07.08.2014 09:23:34
XBV00058.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:33
XBV00059.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:33
XBV00060.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:33
XBV00061.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:33
XBV00062.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:33
XBV00063.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:33
XBV00064.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:33
XBV00065.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:33
XBV00066.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:33
XBV00067.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:33
XBV00068.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:33
XBV00069.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:33
XBV00070.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:33
XBV00071.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:33
XBV00072.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:33
XBV00073.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:33
XBV00074.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:33
XBV00075.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:33
XBV00076.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:33
XBV00077.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:33
XBV00078.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:33
XBV00079.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:33
XBV00080.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:33
XBV00081.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:33
XBV00082.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:33
XBV00083.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:33
XBV00084.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:34
XBV00085.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:34
XBV00086.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:34
XBV00087.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:34
XBV00088.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:34
XBV00089.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:34
XBV00090.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:34
XBV00091.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:34
XBV00092.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:34
XBV00093.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:34
XBV00094.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:34
XBV00095.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:34
XBV00096.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:34
XBV00097.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:34
XBV00098.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:34
XBV00099.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:34
XBV00100.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:34
XBV00101.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:34
XBV00102.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:34
XBV00103.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:34
XBV00104.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:34
XBV00105.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:34
XBV00106.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:34
XBV00107.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:34
XBV00108.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:34
XBV00109.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:34
XBV00110.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:34
XBV00111.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:34
XBV00112.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:34
XBV00113.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:34
XBV00114.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:34
XBV00115.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:34
XBV00116.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:34
XBV00117.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:34
XBV00118.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:34
XBV00119.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:34
XBV00120.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:34
XBV00121.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:35
XBV00122.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:35
XBV00123.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:35
XBV00124.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:35
XBV00125.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:35
XBV00126.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:35
XBV00127.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:35
XBV00128.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:35
XBV00129.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:35
XBV00130.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:35
XBV00131.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:35
XBV00132.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:35
XBV00133.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:35
XBV00134.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:35
XBV00135.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:35
XBV00136.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:35
XBV00137.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:35
XBV00138.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:35
XBV00139.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:35
XBV00140.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:35
XBV00141.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:35
XBV00142.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:35
XBV00143.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:35
XBV00144.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:35
XBV00145.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:35
XBV00146.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:35
XBV00147.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:35
XBV00148.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:35
XBV00149.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:35
XBV00150.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:35
XBV00151.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:35
XBV00152.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:35
XBV00153.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:35
XBV00154.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:35
XBV00155.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:35
XBV00156.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:35
XBV00157.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:35
XBV00158.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:36
XBV00159.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:36
XBV00160.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:36
XBV00161.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:36
XBV00162.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:36
XBV00163.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:36
XBV00164.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:36
XBV00165.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:36
XBV00166.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:36
XBV00167.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:36
XBV00168.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:36
XBV00169.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:36
XBV00170.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:36
XBV00171.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:36
XBV00172.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:36
XBV00173.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:36
XBV00174.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:36
XBV00175.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:36
XBV00176.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:36
XBV00177.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:36
XBV00178.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:36
XBV00179.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:36
XBV00180.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:36
XBV00181.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:36
XBV00182.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:36
XBV00183.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:36
XBV00184.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:36
XBV00185.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:36
XBV00186.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:36
XBV00187.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:36
XBV00188.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:36
XBV00189.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:36
XBV00190.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:36
XBV00191.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:36
XBV00192.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:36
XBV00193.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:36
XBV00194.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:36
XBV00195.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:36
XBV00196.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:36
XBV00197.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:37
XBV00198.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:37
XBV00199.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:37
XBV00200.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:37
XBV00201.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:37
XBV00202.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:37
XBV00203.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:37
XBV00204.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:37
XBV00205.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:37
XBV00206.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:37
XBV00207.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:37
XBV00208.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:37
XBV00209.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:37
XBV00210.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:37
XBV00211.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:37
XBV00212.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:37
XBV00213.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:37
XBV00214.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:37
XBV00215.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:37
XBV00216.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:37
XBV00217.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:37
XBV00218.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:37
XBV00219.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:37
XBV00220.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:37
XBV00221.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:37
XBV00222.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:37
XBV00223.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:37
XBV00224.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:37
XBV00225.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:37
XBV00226.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:37
XBV00227.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:37
XBV00228.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:37
XBV00229.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:37
XBV00230.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:37
XBV00231.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:37
XBV00232.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:37
XBV00233.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:37
XBV00234.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:38
XBV00235.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:38
XBV00236.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:38
XBV00237.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:38
XBV00238.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:38
XBV00239.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:38
XBV00240.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:38
XBV00241.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:38
XBV00242.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:38
XBV00243.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:38
XBV00244.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:38
XBV00245.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:38
XBV00246.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:38
XBV00247.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:38
XBV00248.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:38
XBV00249.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:38
XBV00250.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:38
XBV00251.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:38
XBV00252.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:38
XBV00253.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:38
XBV00254.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:38
XBV00255.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:38:38
XBV00000.VDF : 7.11.70.0 66736640 Bytes 04.04.2013 09:23:34
XBV00001.VDF : 7.11.74.226 2201600 Bytes 30.04.2013 09:23:34
XBV00002.VDF : 7.11.80.60 2751488 Bytes 28.05.2013 09:23:34
XBV00003.VDF : 7.11.85.214 2162688 Bytes 21.06.2013 09:23:34
XBV00004.VDF : 7.11.91.176 3903488 Bytes 23.07.2013 09:23:34
XBV00005.VDF : 7.11.98.186 6822912 Bytes 29.08.2013 09:23:34
XBV00006.VDF : 7.11.139.38 15708672 Bytes 27.03.2014 09:23:34
XBV00007.VDF : 7.11.152.100 4193792 Bytes 02.06.2014 09:23:34
XBV00008.VDF : 8.11.165.192 4251136 Bytes 07.08.2014 09:23:34
XBV00009.VDF : 8.11.172.30 2094080 Bytes 15.09.2014 09:23:34
XBV00010.VDF : 8.11.178.32 1581056 Bytes 14.10.2014 09:23:34
XBV00011.VDF : 8.11.184.50 2178560 Bytes 11.11.2014 09:23:34
XBV00012.VDF : 8.11.190.32 1876992 Bytes 03.12.2014 14:38:39
XBV00013.VDF : 8.11.201.28 2973696 Bytes 14.01.2015 14:38:32
XBV00042.VDF : 8.11.201.52 20992 Bytes 14.01.2015 14:38:32
XBV00043.VDF : 8.11.201.74 2048 Bytes 14.01.2015 14:38:33
XBV00044.VDF : 8.11.201.100 13824 Bytes 14.01.2015 11:23:54
XBV00045.VDF : 8.11.201.124 4608 Bytes 14.01.2015 11:23:54
XBV00046.VDF : 8.11.201.126 8704 Bytes 15.01.2015 11:23:54
XBV00047.VDF : 8.11.201.128 2048 Bytes 15.01.2015 11:23:54
XBV00048.VDF : 8.11.201.132 13824 Bytes 15.01.2015 11:23:54
XBV00049.VDF : 8.11.201.134 9216 Bytes 15.01.2015 11:23:54
XBV00050.VDF : 8.11.201.136 26112 Bytes 15.01.2015 17:23:50
XBV00051.VDF : 8.11.201.138 2048 Bytes 15.01.2015 17:23:50
XBV00052.VDF : 8.11.201.142 40960 Bytes 15.01.2015 11:51:15
XBV00053.VDF : 8.11.201.144 5120 Bytes 15.01.2015 11:51:15
XBV00054.VDF : 8.11.201.148 20992 Bytes 16.01.2015 11:51:15
XBV00055.VDF : 8.11.201.150 8192 Bytes 16.01.2015 11:51:15
XBV00056.VDF : 8.11.201.152 9728 Bytes 16.01.2015 11:51:15
XBV00057.VDF : 8.11.201.154 12288 Bytes 16.01.2015 11:51:15
LOCAL001.VDF : 8.11.201.154 118804480 Bytes 16.01.2015 11:51:31
Engineversion : 8.3.28.10
AEVDF.DLL : 8.3.1.6 133992 Bytes 24.11.2014 09:23:20
AESCRIPT.DLL : 8.2.2.44 547696 Bytes 16.01.2015 11:51:15
AESCN.DLL : 8.3.2.2 139456 Bytes 24.11.2014 09:23:20
AESBX.DLL : 8.2.20.24 1409224 Bytes 24.11.2014 09:23:20
AERDL.DLL : 8.2.1.16 743328 Bytes 24.11.2014 09:23:20
AEPACK.DLL : 8.4.0.58 789360 Bytes 16.01.2015 11:51:15
AEOFFICE.DLL : 8.3.1.10 351088 Bytes 16.01.2015 11:51:15
AEMOBILE.DLL : 8.1.2.0 277360 Bytes 13.01.2015 14:38:36
AEHEUR.DLL : 8.1.4.1484 8006512 Bytes 16.01.2015 11:51:15
AEHELP.DLL : 8.3.1.0 278728 Bytes 24.11.2014 09:23:20
AEGEN.DLL : 8.1.7.40 456608 Bytes 13.01.2015 14:38:31
AEEXP.DLL : 8.4.2.48 252776 Bytes 13.01.2015 14:38:36
AEEMU.DLL : 8.1.3.4 399264 Bytes 24.11.2014 09:23:20
AEDROID.DLL : 8.4.3.6 850800 Bytes 13.01.2015 14:38:36
AECORE.DLL : 8.3.4.0 243624 Bytes 13.01.2015 14:38:30
AEBB.DLL : 8.1.2.0 60448 Bytes 24.11.2014 09:23:20
AVWINLL.DLL : 14.0.7.308 25904 Bytes 24.11.2014 09:23:25
AVPREF.DLL : 14.0.7.308 52016 Bytes 24.11.2014 09:23:23
AVREP.DLL : 14.0.7.308 220976 Bytes 24.11.2014 09:23:24
AVARKT.DLL : 14.0.7.308 227632 Bytes 24.11.2014 09:23:21
AVEVTLOG.DLL : 14.0.7.440 184112 Bytes 24.11.2014 09:23:21
SQLITE3.DLL : 14.0.7.308 453936 Bytes 24.11.2014 09:23:32
AVSMTP.DLL : 14.0.7.308 79096 Bytes 24.11.2014 09:23:24
NETNT.DLL : 14.0.7.308 15152 Bytes 24.11.2014 09:23:29
RCIMAGE.DLL : 14.0.7.308 4865328 Bytes 24.11.2014 09:23:30
RCTEXT.DLL : 14.0.7.318 77048 Bytes 24.11.2014 09:23:31

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: AVGuardAsyncScan
Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_54b8f9f6\guard_slideup.avp
Protokollierung.......................: standard
Primäre Aktion........................: Reparieren
Sekundäre Aktion......................: Quarantäne
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: aus
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: aus
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Prüfe alle Dateien....................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: Vollständig

Beginn des Suchlaufs: Freitag, 16. Januar 2015 13:15

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'svchost.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '85' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '112' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '82' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '159' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '81' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '101' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'eEBSVC.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'NvXDSync.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'NetworkLicenseServer.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '143' Modul(e) wurden durchsucht
Durchsuche Prozess 'AppleMobileDeviceService.exe' - '70' Modul(e) wurden durchsucht
Durchsuche Prozess 'atkexComSvc.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'aaHMSvc.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'AsSysCtrlService.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'PowerlineService.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'mDNSResponder.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'OfficeClickToRun.exe' - '100' Modul(e) wurden durchsucht
Durchsuche Prozess 'AsHookDevice.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'E_S50STB.EXE' - '21' Modul(e) wurden durchsucht
Durchsuche Prozess 'E_S50RPB.EXE' - '17' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '21' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '21' Modul(e) wurden durchsucht
Durchsuche Prozess 'rqpbhevlkc64.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'SeaPort.EXE' - '54' Modul(e) wurden durchsucht
Durchsuche Prozess 'sftvsa.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '64' Modul(e) wurden durchsucht
Durchsuche Prozess 'UsbClientService.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSVC.EXE' - '76' Modul(e) wurden durchsucht
Durchsuche Prozess 'Avira.OE.ServiceHost.exe' - '128' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSvcM.exe' - '17' Modul(e) wurden durchsucht
Durchsuche Prozess 'sftlist.exe' - '77' Modul(e) wurden durchsucht
Durchsuche Prozess 'CVHSVC.EXE' - '68' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'WUDFHost.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '67' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '220' Modul(e) wurden durchsucht
Durchsuche Prozess 'RAVCpl64.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'Amazon Music Helper.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'SSScheduler.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'AdobeARM.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'AsShellApplication.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'EEventManager.exe' - '68' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dropbox.exe' - '117' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'iTunesHelper.exe' - '78' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchSettings64.exe' - '21' Modul(e) wurden durchsucht
Durchsuche Prozess 'FRITZWLANMini.exe' - '68' Modul(e) wurden durchsucht
Durchsuche Prozess 'CNMNSST.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '58' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '124' Modul(e) wurden durchsucht
Durchsuche Prozess 'Avira.OE.Systray.exe' - '119' Modul(e) wurden durchsucht
Durchsuche Prozess 'iPodService.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnetwk.exe' - '133' Modul(e) wurden durchsucht
Durchsuche Prozess 'LMS.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '165' Modul(e) wurden durchsucht
Durchsuche Prozess 'UNS.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'compatibilitycheck.exe' - '97' Modul(e) wurden durchsucht
Durchsuche Prozess 'compatibilitychecksvc.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'compatibilitycheck.exe' - '98' Modul(e) wurden durchsucht
Durchsuche Prozess 'compatibilitycheck.exe' - '76' Modul(e) wurden durchsucht
Durchsuche Prozess 'compatibilitycheck.exe' - '72' Modul(e) wurden durchsucht
Durchsuche Prozess 'compatibilitycheck.exe' - '76' Modul(e) wurden durchsucht
Durchsuche Prozess 'compatibilitycheck.exe' - '72' Modul(e) wurden durchsucht
Durchsuche Prozess 'compatibilitycheck.exe' - '98' Modul(e) wurden durchsucht
Durchsuche Prozess 'wuauclt.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'compatibilitycheck.exe' - '93' Modul(e) wurden durchsucht
Durchsuche Prozess 'plugin-container.exe' - '86' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlashPlayerPlugin_16_0_0_257.exe' - '54' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlashPlayerPlugin_16_0_0_257.exe' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'vssvc.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchProtocolHost.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchFilterHost.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '115' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '70' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '35' Modul(e) wurden durchsucht

Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\Users\mero\AppData\Local\Temp\is-84UT4.tmp\preinstall.exe'
Der zu durchsuchende Pfad C:\Users\mero\AppData\Local\Temp\is-84UT4.tmp\preinstall.exe konnte nicht geöffnet werden!
Systemfehler [3]: Das System kann den angegebenen Pfad nicht finden.
Beginne mit der Suche in 'C:\Users\mero\Downloads\FileOpenerSetup.exe'
C:\Users\mero\Downloads\FileOpenerSetup.exe
[FUND] Enthält Erkennungsmuster der Adware ADWARE/InstallCo.bem
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '53079304.qua' verschoben!


Ende des Suchlaufs: Freitag, 16. Januar 2015 13:15
Benötigte Zeit: 00:16 Minute(n)

Der Suchlauf wurde vollständig durchgeführt.

0 Verzeichnisse wurden überprüft
2229 Dateien wurden geprüft
1 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
1 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
2228 Dateien ohne Befall
6 Archive wurden durchsucht
0 Warnungen
1 Hinweise

Code:
ComboFix 15-01-08.01 - mero 16.01.2015  16:03:11.1.8 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.6126.3993 [GMT 1:00]
ausgeführt von:: c:\users\mero\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\mero\AppData\Roaming\systweak\ssd\SSDPTstub.exe
c:\users\Tix\AppData\Local\Microsoft\Windows\Temporary Internet Files\{0FE3CFF1-FDB9-448E-8854-DFF3138C6B4C}.xps
c:\users\Tix\AppData\Local\Microsoft\Windows\Temporary Internet Files\{18DC621D-0D30-49FF-9295-7F2D36B95ABB}.xps
c:\users\Tix\AppData\Local\Microsoft\Windows\Temporary Internet Files\{2E59E17F-8CAE-40F2-A306-F35964204E8F}.xps
c:\users\Tix\AppData\Local\Microsoft\Windows\Temporary Internet Files\{46540FD7-C658-4359-805B-BC6175DB16C4}.xps
c:\users\Tix\AppData\Local\Microsoft\Windows\Temporary Internet Files\{6A0B9268-E7A7-4FF4-A3E1-ABD814970852}.xps
c:\users\Tix\AppData\Local\Microsoft\Windows\Temporary Internet Files\{822CC876-5ACC-436A-A33A-23E3FB096B01}.xps
c:\users\Tix\AppData\Local\Microsoft\Windows\Temporary Internet Files\{DCD8A9EC-DECC-4E48-90DE-7F9BF72694DF}.xps
c:\users\Tix\AppData\Local\Microsoft\Windows\Temporary Internet Files\{ECC5920F-967A-40CE-ACFD-B6CFD8738794}.xps
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll
.
.
(((((((((((((((((((((((  Dateien erstellt von 2014-12-16 bis 2015-01-16  ))))))))))))))))))))))))))))))
.
.
2015-01-16 15:11 . 2015-01-16 15:11        --------        d-----w-        c:\users\Tix\AppData\Local\temp
2015-01-16 15:11 . 2015-01-16 15:11        --------        d-----w-        c:\users\Default\AppData\Local\temp
2015-01-16 15:05 . 2015-01-16 15:05        75888        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{64CAB454-DC7B-477A-86F4-835982EC4302}\offreg.dll
2015-01-16 13:01 . 2015-01-16 13:53        --------        d-----w-        C:\FRST
2015-01-13 11:12 . 2014-12-02 10:26        11870360        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{64CAB454-DC7B-477A-86F4-835982EC4302}\mpengine.dll
2015-01-08 07:25 . 2015-01-16 14:58        --------        d-----w-        c:\programdata\Package Cache
2015-01-08 07:24 . 2015-01-16 14:59        --------        d-----w-        c:\users\mero\AppData\Roaming\Compatibility Verifier
2014-12-19 13:21 . 2015-01-15 14:32        --------        d-----w-        c:\program files (x86)\Mozilla Thunderbird
2014-12-18 07:09 . 2014-12-13 05:09        144384        ----a-w-        c:\windows\system32\ieUnatt.exe
2014-12-18 07:09 . 2014-12-13 03:33        115712        ----a-w-        c:\windows\SysWow64\ieUnatt.exe
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-01-14 14:12 . 2012-03-29 16:21        701616        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2015-01-14 14:12 . 2011-11-20 23:41        71344        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-01-06 03:36 . 2010-11-21 03:27        298120        ------w-        c:\windows\system32\MpSigStub.exe
2014-12-04 02:50 . 2014-12-10 09:27        413184        ----a-w-        c:\windows\system32\generaltel.dll
2014-12-04 02:50 . 2014-12-10 09:27        741376        ----a-w-        c:\windows\system32\invagent.dll
2014-12-04 02:50 . 2014-12-10 09:27        396800        ----a-w-        c:\windows\system32\devinv.dll
2014-12-04 02:50 . 2014-12-10 09:27        830976        ----a-w-        c:\windows\system32\appraiser.dll
2014-12-04 02:50 . 2014-12-10 09:27        192000        ----a-w-        c:\windows\system32\aepic.dll
2014-12-04 02:50 . 2014-12-10 09:27        227328        ----a-w-        c:\windows\system32\aepdu.dll
2014-12-04 02:44 . 2014-12-10 09:27        1083392        ----a-w-        c:\windows\system32\aeinv.dll
2014-12-01 23:28 . 2014-12-10 09:27        1232040        ----a-w-        c:\windows\system32\aitstatic.exe
2014-11-27 01:43 . 2014-12-10 09:26        389296        ----a-w-        c:\windows\system32\iedkcs32.dll
2014-11-22 03:13 . 2014-12-10 09:26        25059840        ----a-w-        c:\windows\system32\mshtml.dll
2014-11-22 03:06 . 2014-12-10 09:26        2724864        ----a-w-        c:\windows\system32\mshtml.tlb
2014-11-22 03:06 . 2014-12-10 09:26        4096        ----a-w-        c:\windows\system32\ieetwcollectorres.dll
2014-11-22 02:50 . 2014-12-10 09:26        66560        ----a-w-        c:\windows\system32\iesetup.dll
2014-11-22 02:50 . 2014-12-10 09:26        580096        ----a-w-        c:\windows\system32\vbscript.dll
2014-11-22 02:49 . 2014-12-10 09:26        48640        ----a-w-        c:\windows\system32\ieetwproxystub.dll
2014-11-22 02:49 . 2014-12-10 09:26        2885120        ----a-w-        c:\windows\system32\iertutil.dll
2014-11-22 02:48 . 2014-12-10 09:26        88064        ----a-w-        c:\windows\system32\MshtmlDac.dll
2014-11-22 02:41 . 2014-12-10 09:26        54784        ----a-w-        c:\windows\system32\jsproxy.dll
2014-11-22 02:40 . 2014-12-10 09:26        34304        ----a-w-        c:\windows\system32\iernonce.dll
2014-11-22 02:37 . 2014-12-10 09:26        633856        ----a-w-        c:\windows\system32\ieui.dll
2014-11-22 02:35 . 2014-12-10 09:26        114688        ----a-w-        c:\windows\system32\ieetwcollector.exe
2014-11-22 02:34 . 2014-12-10 09:26        814080        ----a-w-        c:\windows\system32\jscript9diag.dll
2014-11-22 02:34 . 2014-12-10 09:26        6039552        ----a-w-        c:\windows\system32\jscript9.dll
2014-11-22 02:26 . 2014-12-10 09:26        968704        ----a-w-        c:\windows\system32\MsSpellCheckingFacility.exe
2014-11-22 02:22 . 2014-12-10 09:26        490496        ----a-w-        c:\windows\system32\dxtmsft.dll
2014-11-22 02:20 . 2014-12-10 09:26        2724864        ----a-w-        c:\windows\SysWow64\mshtml.tlb
2014-11-22 02:14 . 2014-12-10 09:26        77824        ----a-w-        c:\windows\system32\JavaScriptCollectionAgent.dll
2014-11-22 02:09 . 2014-12-10 09:26        199680        ----a-w-        c:\windows\system32\msrating.dll
2014-11-22 02:08 . 2014-12-10 09:26        92160        ----a-w-        c:\windows\system32\mshtmled.dll
2014-11-22 02:07 . 2014-12-10 09:26        501248        ----a-w-        c:\windows\SysWow64\vbscript.dll
2014-11-22 02:07 . 2014-12-10 09:26        62464        ----a-w-        c:\windows\SysWow64\iesetup.dll
2014-11-22 02:06 . 2014-12-10 09:26        47616        ----a-w-        c:\windows\SysWow64\ieetwproxystub.dll
2014-11-22 02:05 . 2014-12-10 09:26        64000        ----a-w-        c:\windows\SysWow64\MshtmlDac.dll
2014-11-22 02:05 . 2014-12-10 09:26        316928        ----a-w-        c:\windows\system32\dxtrans.dll
2014-11-22 01:54 . 2014-12-10 09:26        620032        ----a-w-        c:\windows\SysWow64\jscript9diag.dll
2014-11-22 01:49 . 2014-12-10 09:26        718848        ----a-w-        c:\windows\system32\ie4uinit.exe
2014-11-22 01:49 . 2014-12-10 09:26        800768        ----a-w-        c:\windows\system32\msfeeds.dll
2014-11-22 01:47 . 2014-12-10 09:26        1359360        ----a-w-        c:\windows\system32\mshtmlmedia.dll
2014-11-22 01:46 . 2014-12-10 09:26        2125312        ----a-w-        c:\windows\system32\inetcpl.cpl
2014-11-22 01:43 . 2014-12-10 09:26        14412800        ----a-w-        c:\windows\system32\ieframe.dll
2014-11-22 01:40 . 2014-12-10 09:26        60416        ----a-w-        c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-22 01:29 . 2014-12-10 09:26        4299264        ----a-w-        c:\windows\SysWow64\jscript9.dll
2014-11-22 01:28 . 2014-12-10 09:26        2358272        ----a-w-        c:\windows\system32\wininet.dll
2014-11-22 01:22 . 2014-12-10 09:26        2052096        ----a-w-        c:\windows\SysWow64\inetcpl.cpl
2014-11-22 01:21 . 2014-12-10 09:26        1155072        ----a-w-        c:\windows\SysWow64\mshtmlmedia.dll
2014-11-22 01:15 . 2014-12-10 09:26        1548288        ----a-w-        c:\windows\system32\urlmon.dll
2014-11-22 01:03 . 2014-12-10 09:26        800768        ----a-w-        c:\windows\system32\ieapfltr.dll
2014-11-22 01:00 . 2014-12-10 09:26        1888256        ----a-w-        c:\windows\SysWow64\wininet.dll
2014-11-19 03:31 . 2014-11-19 03:31        1217192        ----a-w-        c:\windows\SysWow64\FM20.DLL
2014-11-11 03:09 . 2014-12-10 09:27        1424384        ----a-w-        c:\windows\system32\WindowsCodecs.dll
2014-11-11 03:08 . 2014-11-19 06:15        241152        ----a-w-        c:\windows\system32\pku2u.dll
2014-11-11 03:08 . 2014-11-19 06:15        728064        ----a-w-        c:\windows\system32\kerberos.dll
2014-11-11 02:44 . 2014-12-10 09:27        1230336        ----a-w-        c:\windows\SysWow64\WindowsCodecs.dll
2014-11-11 02:44 . 2014-11-19 06:15        186880        ----a-w-        c:\windows\SysWow64\pku2u.dll
2014-11-11 02:44 . 2014-11-19 06:15        550912        ----a-w-        c:\windows\SysWow64\kerberos.dll
2014-11-11 01:46 . 2014-12-10 09:26        119296        ----a-w-        c:\windows\system32\drivers\tdx.sys
2014-11-08 03:16 . 2014-12-10 09:26        2048        ----a-w-        c:\windows\system32\tzres.dll
2014-11-08 02:45 . 2014-12-10 09:26        2048        ----a-w-        c:\windows\SysWow64\tzres.dll
2014-11-04 09:35 . 2014-12-04 16:12        590536        ----a-w-        c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2014-10-30 02:03 . 2014-12-10 09:26        165888        ----a-w-        c:\windows\system32\charmap.exe
2014-10-30 01:45 . 2014-12-10 09:26        155136        ----a-w-        c:\windows\SysWow64\charmap.exe
2014-10-25 01:57 . 2014-11-12 09:35        77824        ----a-w-        c:\windows\system32\packager.dll
2014-10-25 01:32 . 2014-11-12 09:35        67584        ----a-w-        c:\windows\SysWow64\packager.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-12-05 10:28        233128        ----a-w-        c:\users\mero\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-12-05 10:28        233128        ----a-w-        c:\users\mero\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-12-05 10:28        233128        ----a-w-        c:\users\mero\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04        131480        ----a-w-        c:\users\mero\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04        131480        ----a-w-        c:\users\mero\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04        131480        ----a-w-        c:\users\mero\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04        131480        ----a-w-        c:\users\mero\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Amazon Music"="c:\users\mero\AppData\Local\Amazon Music\Amazon Music Helper.exe" [2014-10-15 6281024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-16 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"RunAIShell"="c:\program files (x86)\ASUS\AI Manager\AsShellApplication.exe" [2009-12-23 232064]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-07-31 43816]
"SearchSettings"="c:\program files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" [2014-05-26 1404736]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-09-01 152392]
"AVMWlanClient"="c:\program files (x86)\avmwlanstick\FRITZWLANMini.exe" [2012-08-21 933888]
"IJNetworkScannerSelectorEX"="c:\program files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2012-03-26 449168]
.
c:\users\mero\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\mero\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-12-9 39207112]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe /start [2011-5-6 548528]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.150\SSScheduler.exe [2014-4-9 332016]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Verifies and fixes application compatibility issues;Compatibility Verify;c:\users\mero\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe;c:\users\mero\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe [x]
R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys;c:\windows\SYSNATIVE\drivers\avmeject.sys [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
R3 fwlanusbn;FRITZ!WLAN N;c:\windows\system32\DRIVERS\fwlanusbn.sys;c:\windows\SYSNATIVE\DRIVERS\fwlanusbn.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe [x]
R3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
R3 PDF Architect 2;PDF Architect 2;c:\program files (x86)\PDF Architect 2\ws.exe;c:\program files (x86)\PDF Architect 2\ws.exe [x]
R3 pdfforge CrashHandler;pdfforge CrashHandler;c:\program files (x86)\PDF Architect 2\crash-handler-ws.exe;c:\program files (x86)\PDF Architect 2\crash-handler-ws.exe [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys;c:\windows\SYSNATIVE\DRIVERS\RtTeam60.sys [x]
R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan60.sys;c:\windows\SYSNATIVE\DRIVERS\RtVlan60.sys [x]
R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys;c:\windows\SYSNATIVE\DRIVERS\RtTeam60.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WSDScan;WSD-Scanunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 asahci64;asahci64;c:\windows\system32\drivers\asahci64.sys;c:\windows\SYSNATIVE\drivers\asahci64.sys [x]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys;SysWow64\drivers\AsUpIO.sys [x]
S1 netfilter64;netfilter64;c:\windows\system32\drivers\netfilter64.sys;c:\windows\SYSNATIVE\drivers\netfilter64.sys [x]
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [x]
S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe;c:\program files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [x]
S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe;c:\program files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe [x]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [x]
S2 AVMPowerlineService;AVM FRITZ!Powerline Service;c:\program files (x86)\FRITZ!Powerline\PowerlineService.exe;c:\program files (x86)\FRITZ!Powerline\PowerlineService.exe [x]
S2 ClickToRunSvc;Microsoft Office-Klick-und-Los-Dienst;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 Device Handle Service;Device Handle Service;c:\windows\SysWOW64\AsHookDevice.exe;c:\windows\SysWOW64\AsHookDevice.exe [x]
S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [x]
S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [x]
S2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys;c:\windows\SYSNATIVE\drivers\iPodDrv.sys [x]
S2 rqpbhevlkc64;rqpbhevlkc64;c:\program files\004\rqpbhevlkc64.exe run options=01100010040000000000000000000000 sourceguid=A6ADCE5D-859A-4E7E-B0B2-D07F8AB9237E;c:\program files\004\rqpbhevlkc64.exe run options=01100010040000000000000000000000 sourceguid=A6ADCE5D-859A-4E7E-B0B2-D07F8AB9237E [x]
S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys;c:\windows\SYSNATIVE\DRIVERS\RtNdPt60.sys [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 UsbClientService;UsbClientService;c:\program files (x86)\Synology\Assistant\UsbClientService.exe;c:\program files (x86)\Synology\Assistant\UsbClientService.exe [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 busenum;Synology Virtual USB Hub;c:\windows\system32\DRIVERS\busenum.sys;c:\windows\SYSNATIVE\DRIVERS\busenum.sys [x]
S3 fwlanusb5;FRITZ!WLAN N v2;c:\windows\system32\DRIVERS\fwlanusb5.sys;c:\windows\SYSNATIVE\DRIVERS\fwlanusb5.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Hpdevmgmt        REG_MULTI_SZ          hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-12-12 03:08        1087816        ----a-w-        c:\program files (x86)\Google\Chrome\Application\39.0.2171.95\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2015-01-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 14:12]
.
2015-01-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-17 09:02]
.
2015-01-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-17 09:02]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-12-05 10:28        260776        ----a-w-        c:\users\mero\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-12-05 10:28        260776        ----a-w-        c:\users\mero\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-12-05 10:28        260776        ----a-w-        c:\users\mero\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-11-12 08:07        2334928        ----a-w-        c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-11-12 08:07        2334928        ----a-w-        c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-11-12 08:07        2334928        ----a-w-        c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04        164760        ----a-w-        c:\users\mero\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04        164760        ----a-w-        c:\users\mero\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04        164760        ----a-w-        c:\users\mero\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04        164760        ----a-w-        c:\users\mero\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-19 11613288]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mDefault_Search_URL = about:blank
mDefault_Page_URL = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = about:blank
uInternet Settings,ProxyOverride = fritz.box;192.168.178.1;192.168.178.254;169.254.1.1;*.local
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\mero\AppData\Roaming\Mozilla\Firefox\Profiles\69uv4zk8.default-1382554676965\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{B922D405-6D13-4A2B-AE89-08A030DA4402} - (no file)
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
Toolbar-{B922D405-6D13-4A2B-AE89-08A030DA4402} - c:\program files (x86)\pdfforge Toolbar\IE\9.3\pdfforgeToolbarIE64.dll
AddRemove-{5A0C0737-6AFE-4DC6-A8B4-6DFE509ACD75}_is1 - c:\users\mero\AppData\Roaming\Mozilla\Firefox\Profiles\69uv4zk8.default-1382554676965\extensions\cliqz@cliqz.com\unins000.exe
AddRemove-Amazon Amazon Music - c:\users\mero\AppData\Local\Amazon Music\Uninstall.exe
AddRemove-File Opener Packages - c:\users\mero\AppData\Roaming\1H1Q\File Opener Packages\uninstaller.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.16"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2015-01-16  16:14:44
ComboFix-quarantined-files.txt  2015-01-16 15:14
.
Vor Suchlauf: 10 Verzeichnis(se), 143.144.046.592 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 146.094.411.776 Bytes frei
.
- - End Of File - - 50A01E5DE780923579DF179434D48076
4976D4A7A40B83FC7F06EE4BDD84EB9B

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-01-2015 01
Ran by mero (administrator) on MERO-PC on 16-01-2015 16:21:40
Running from C:\Users\mero\Downloads
Loaded Profiles: mero (Available profiles: mero & Tix)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe
() C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe
() C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
(AVM GmbH) C:\Program Files (x86)\FRITZ!Powerline\PowerlineService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(ASUSTeK Computer Inc.) C:\Windows\SysWOW64\AsHookDevice.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
() C:\Program Files\004\rqpbhevlkc64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
() C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\FRITZWLANMini.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11613288 2010-11-19] (Realtek Semiconductor)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2010-11-16] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RunAIShell] => C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe [232064 2009-12-23] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [976320 2009-12-03] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SearchSettings] => C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe [1404736 2014-05-26] (Spigot, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM-x32\...\Run: [AVMWlanClient] => C:\Program Files (x86)\avmwlanstick\FRITZWLANMini.exe [933888 2012-08-21] (AVM Berlin)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [449168 2012-03-26] (CANON INC.)
HKU\S-1-5-21-1549066735-246946951-1000381425-1000\...\Run: [Amazon Music] => C:\Users\mero\AppData\Local\Amazon Music\Amazon Music Helper.exe [6281024 2014-10-15] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\mero\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\mero\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1549066735-246946951-1000381425-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1549066735-246946951-1000381425-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1549066735-246946951-1000381425-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP08&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP08&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1549066735-246946951-1000381425-1000 -> DefaultScope {EBC79BE0-4FFF-4681-A0CF-1779313B8125} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1549066735-246946951-1000381425-1000 -> {EBC79BE0-4FFF-4681-A0CF-1779313B8125} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexbho.dll (CANON INC.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: PodcastBHO Class -> {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} -> C:\Program Files (x86)\Common Files\doubleTwist\IEPodcastPlugin.dll (doubleTwist Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: No Name -> {B922D405-6D13-4A2B-AE89-08A030DA4402} ->  No File
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKU\S-1-5-21-1549066735-246946951-1000381425-1000 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll (CANON INC.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\mero\AppData\Roaming\Mozilla\Firefox\Profiles\69uv4zk8.default-1382554676965
FF NewTab: chrome://quick_start/content/index.html
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: PDF Architect 2 -> C:\Program Files (x86)\PDF Architect 2\np-previewer.dll (pdfforge GmbH)
FF Plugin HKU\S-1-5-21-1549066735-246946951-1000381425-1000: @doubletwist.com/NPPodcast -> C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll (doubleTwist Corporation)
FF SearchPlugin: C:\Users\mero\AppData\Roaming\Mozilla\Firefox\Profiles\69uv4zk8.default-1382554676965\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\mero\AppData\Roaming\Mozilla\Firefox\Profiles\69uv4zk8.default-1382554676965\searchplugins\google-maps.xml
FF Extension: 20-20 3D Viewer - IKEA - C:\Users\mero\AppData\Roaming\Mozilla\Firefox\Profiles\69uv4zk8.default-1382554676965\Extensions\2020Player_IKEA@2020Technologies.com [2014-09-03]
FF Extension: Fast Start - C:\Users\mero\AppData\Roaming\Mozilla\Firefox\Profiles\69uv4zk8.default-1382554676965\Extensions\faststartff@gmail.com [2014-07-14]
FF Extension: Cliqz Beta - C:\Users\mero\AppData\Roaming\Mozilla\Firefox\Profiles\69uv4zk8.default-1382554676965\Extensions\cliqz@cliqz.com.xpi [2014-09-05]
FF Extension: PAYBACK Internet Assistent fuer Firefox - C:\Users\mero\AppData\Roaming\Mozilla\Firefox\Profiles\69uv4zk8.default-1382554676965\Extensions\toolbar-ff@payback.de.xpi [2014-12-01]
FF HKU\S-1-5-21-1549066735-246946951-1000381425-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
FF HKU\S-1-5-21-1549066735-246946951-1000381425-1000\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\mero\AppData\Roaming\Mozilla\Firefox\Profiles\69uv4zk8.default-1382554676965\extensions\cliqz@cliqz.com

Chrome:
=======
CHR Profile: C:\Users\mero\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\mero\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-23]
CHR Extension: (Google Docs) - C:\Users\mero\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-23]
CHR Extension: (Google Drive) - C:\Users\mero\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-23]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\mero\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-01]
CHR Extension: (YouTube) - C:\Users\mero\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-23]
CHR Extension: (Google-Suche) - C:\Users\mero\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-23]
CHR Extension: (Google Tabellen) - C:\Users\mero\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-23]
CHR Extension: (Avira Browserschutz) - C:\Users\mero\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-01-14]
CHR Extension: (Google Wallet) - C:\Users\mero\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-23]
CHR Extension: (Google Mail) - C:\Users\mero\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-23]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - No Path
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [918144 2010-11-03] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe [915584 2010-12-02] ()
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [586880 2010-10-21] ()
R2 AVMPowerlineService; C:\Program Files (x86)\FRITZ!Powerline\PowerlineService.exe [126976 2013-11-27] (AVM GmbH) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-15] (Hewlett-Packard) [File not signed]
S3 PDF Architect 2; C:\Program Files (x86)\PDF Architect 2\ws.exe [1716264 2014-04-30] (pdfforge GmbH)
S3 pdfforge CrashHandler; C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe [861736 2014-04-30] (pdfforge GmbH)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-15] (Hewlett-Packard) [File not signed]
R2 rqpbhevlkc64; C:\Program Files\004\rqpbhevlkc64.exe [709120 2014-07-11] () [File not signed]
R2 UsbClientService; C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [248736 2014-02-25] ()
S2 Verifies and fixes application compatibility issues; C:\Users\mero\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe [91304 2015-01-12] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R0 asahci64; C:\Windows\System32\drivers\asahci64.sys [36448 2011-01-30] (Asmedia Technology)
R2 ASInsHelp; C:\Windows\SysWow64\drivers\AsInsHelp64.sys [11832 2008-01-04] ()
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2012-04-25] (AVM Berlin)
R3 fwlanusb5; C:\Windows\System32\DRIVERS\fwlanusb5.sys [982784 2012-08-21] (AVM GmbH)
S3 fwlanusbn; C:\Windows\System32\DRIVERS\fwlanusbn.sys [714368 2010-10-25] (AVM GmbH)
R1 netfilter64; C:\Windows\System32\drivers\netfilter64.sys [46376 2014-07-08] (NetFilterSDK.com)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
U3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-16 16:14 - 2015-01-16 16:14 - 00032581 _____ () C:\ComboFix.txt
2015-01-16 15:32 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-01-16 15:32 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-01-16 15:32 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-01-16 15:32 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-01-16 15:32 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-01-16 15:32 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-01-16 15:32 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-01-16 15:32 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-01-16 15:28 - 2015-01-16 16:14 - 00000000 ____D () C:\Qoobox
2015-01-16 15:28 - 2015-01-16 16:13 - 00000000 ____D () C:\Windows\erdnt
2015-01-16 15:27 - 2015-01-16 15:28 - 05609736 ____R (Swearware) C:\Users\mero\Downloads\ComboFix.exe
2015-01-16 14:05 - 2015-01-16 14:53 - 00036396 _____ () C:\Users\mero\Downloads\Addition.txt
2015-01-16 14:01 - 2015-01-16 16:21 - 00021493 _____ () C:\Users\mero\Downloads\FRST.txt
2015-01-16 14:01 - 2015-01-16 16:21 - 00000000 ____D () C:\FRST
2015-01-16 14:00 - 2015-01-16 14:00 - 02125312 _____ (Farbar) C:\Users\mero\Downloads\FRST64.exe
2015-01-14 06:02 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 06:02 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 06:02 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 06:02 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 06:02 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 06:02 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 06:02 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 06:02 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 06:02 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 06:02 - 2014-12-11 18:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 06:02 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 06:02 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 06:02 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-13 15:31 - 2015-01-13 16:02 - 00003064 _____ () C:\Windows\system32\TmInstall.log
2015-01-13 15:31 - 2015-01-13 15:31 - 00004280 _____ () C:\Windows\SysWOW64\TmInstall.log
2015-01-13 15:21 - 2015-01-13 15:22 - 154051656 _____ () C:\Users\mero\Downloads\avira_free_antivirus468_de.exe
2015-01-13 12:11 - 2015-01-16 15:14 - 00000112 _____ () C:\ProgramData\OeSOSc67S.dat
2015-01-08 08:25 - 2015-01-16 15:58 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-08 08:24 - 2015-01-16 15:59 - 00000000 ____D () C:\Users\mero\AppData\Roaming\Compatibility Verifier
2015-01-08 07:51 - 2015-01-08 07:52 - 01054912 _____ (Adobe) C:\Users\mero\Downloads\install_flashplayer16x32au_mssa_aaa_aih.exe
2014-12-19 14:21 - 2015-01-15 15:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-12-18 08:09 - 2014-12-13 06:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-18 08:09 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-16 16:12 - 2012-03-29 17:21 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-16 16:12 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-01-16 16:07 - 2012-10-17 10:02 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-16 16:04 - 2009-07-14 05:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-16 16:04 - 2009-07-14 05:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-16 15:59 - 2011-11-20 23:39 - 01599814 _____ () C:\Windows\WindowsUpdate.log
2015-01-16 15:57 - 2014-02-26 22:54 - 00000000 ___RD () C:\Users\mero\Dropbox
2015-01-16 15:57 - 2014-02-26 22:52 - 00000000 ____D () C:\Users\mero\AppData\Roaming\Dropbox
2015-01-16 15:55 - 2012-10-17 10:02 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-16 15:54 - 2010-11-21 04:47 - 00669906 _____ () C:\Windows\PFRO.log
2015-01-16 15:54 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-16 15:54 - 2009-07-14 05:51 - 00097461 _____ () C:\Windows\setupact.log
2015-01-16 12:45 - 2012-05-27 10:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-14 15:12 - 2012-03-29 17:21 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-14 15:12 - 2012-03-29 17:21 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-14 15:12 - 2011-11-21 00:41 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-13 19:12 - 2011-05-06 23:14 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-01-13 19:11 - 2011-05-06 23:25 - 00000000 ____D () C:\Windows\System32\Tasks\ASUS
2015-01-13 19:11 - 2011-05-06 23:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2015-01-13 15:58 - 2014-07-11 11:42 - 00000000 ____D () C:\Program Files\A6ADCE5D-859A-4E7E-B0B2-D07F8AB9237E
2015-01-13 15:58 - 2014-07-11 11:42 - 00000000 ____D () C:\Program Files (x86)\A6ADCE5D-859A-4E7E-B0B2-D07F8AB9237E
2015-01-13 15:30 - 2011-05-06 23:41 - 00000000 ____D () C:\ProgramData\Trend Micro
2015-01-08 07:58 - 2011-11-23 11:55 - 00000000 ____D () C:\Users\mero\AppData\Local\Adobe
2015-01-07 12:35 - 2014-07-11 11:42 - 00000000 ____D () C:\Program Files\CouponDownloader
2015-01-06 04:36 - 2010-11-21 04:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-12-30 11:46 - 2011-12-06 11:59 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-30 11:45 - 2014-12-05 11:15 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-12-22 16:11 - 2011-11-21 00:11 - 00000000 ____D () C:\Users\mero\AppData\Local\Thunderbird

Files to move or delete:
====================
C:\ProgramData\OeSOSc67S.dat


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-14 00:32

==================== End Of Log ============================
--- --- ---

--- --- ---

mero4711 16.01.2015 16:23
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-01-2015 01
Ran by mero at 2015-01-16 16:23:30
Running from C:\Users\mero\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 1.2.0 - Hewlett-Packard) Hidden
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY)
ABBYY FineReader 9.0 Sprint (x32 Version: 9.01.513.58212 - ABBYY) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Reader X MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.0.0 - Adobe Systems Incorporated)
AI Manager (HKLM-x32\...\{4AF95DE2-B54D-4C3F-9494-FD3B558E2C2D}) (Version: 1.09.06 - ASUSTeK Computer Inc.)
Amazon Music Importer (HKLM-x32\...\com.amazon.music.uploader) (Version: 3.0.0 - Amazon Services LLC)
Amazon Music Importer (x32 Version: 3.0.0 - Amazon Services LLC) Hidden
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.10.0.0 - Asmedia Technology)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 1.1.9.000 - Asmedia Technology)
ASUS Backup Wizard (HKLM-x32\...\{124C9BD0-8C52-40AB-8238-0605703B1C28}) (Version: 1.00.10 - ASUSTeK Computer Inc.)
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.4.628 - ASUSTEK)
AVM FRITZ!WLAN (HKLM-x32\...\AVMWLANCLI) (Version: 1.2.0.0 - AVM Berlin)
Bing Bar (HKLM-x32\...\{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}) (Version: 7.0.610.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.4.1.0 - Canon Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - ‪Canon Inc.‬)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - ‪Canon Inc.‬)
Canon MG4200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG4200_series) (Version: 1.02 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 2.1.0 - Canon Inc.)
Cliqz (HKLM-x32\...\{5A0C0737-6AFE-4DC6-A8B4-6DFE509ACD75}_is1) (Version: 0.5.22 - Cliqz.com)
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
doubleTwist (HKLM-x32\...\doubleTwist) (Version: 3.2.0.11764 - doubleTwist Corporation)
Dropbox (HKU\S-1-5-21-1549066735-246946951-1000381425-1000\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
Druckerdeinstallation für EPSON PX650 Series (HKLM\...\EPSON PX650 Series) (Version:  - SEIKO EPSON Corporation)
Druckerdeinstallation für EPSON PX720WD Series (HKLM\...\EPSON PX720WD Series) (Version:  - SEIKO EPSON Corporation)
Epson Easy Photo Print 2 (HKLM-x32\...\{310C1558-F6B5-4889-98B0-7471966BA7F2}) (Version: 2.2.3.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM-x32\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}) (Version: 2.40.0001 - SEIKO EPSON CORPORATION)
Epson Print CD (HKLM-x32\...\{D16A31F9-276D-4968-A753-FFEAC56995D0}) (Version: 2.00.00 - SEIKO EPSON CORPORATION)
EPSON PX720WD Series Handbuch (HKLM-x32\...\EPSON PX720WD Series Manual) (Version:  - )
EPSON PX720WD Series Netzwerk-Handbuch (HKLM-x32\...\EPSON PX720WD Series Network Guide) (Version:  - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4j - SEIKO EPSON CORPORATION)
EpsonNet Setup 3.3 (HKLM-x32\...\{C9D8A041-2963-4B31-8FFC-1500F3DB9293}) (Version: 3.3a - SEIKO EPSON CORPORATION)
ffdshow [rev 2527] [2008-12-19] (HKLM-x32\...\ffdshow_is1) (Version: 1.0 - )
Fotosizer 2.09 (HKLM-x32\...\Fotosizer) (Version: 2.09.0.548 - Fotosizer.com)
FRITZ!Powerline (HKLM-x32\...\{F88975C1-C182-4A51-BEDE-E333AB89F5D4}) (Version: 01.00.57 - AVM Berlin)
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
Java(TM) 6 Update 29 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216020FF}) (Version: 6.0.290 - Sun Microsystems, Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 15.0.4675.1003 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1549066735-246946951-1000381425-1000\...\OneDriveSetup.exe) (Version: 17.3.1171.0714 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version:  - Pavel Cvrcek)
Mozilla Firefox 34.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.0 - Mozilla)
Mozilla Thunderbird 31.4.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.4.0 (x86 de)) (Version: 31.4.0 - Mozilla)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
NVIDIA Grafiktreiber 268.29 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 268.29 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.2.22.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.2.22.1 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.10.0514 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.10.0514 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
PDF Architect 2 (HKLM-x32\...\PDF Architect 2) (Version: 2.0.24.16092 - pdfforge GmbH)
PDF Architect 2 View Module (HKLM-x32\...\{46889070-D447-4936-A5D3-246DB972FA2E}) (Version: 2.0.6.16537 - pdfforge GmbH)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.9.3 - pdfforge)
pdfforge Toolbar v9.3 (HKLM-x32\...\{BF5A8895-5DF8-42F0-80DC-50DD1AA2DD23}) (Version: 9.3 - Spigot, Inc.) <==== ATTENTION
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.37.1229.2010 - Realtek)
Realtek Ethernet Diagnostic Utility (HKLM-x32\...\{7236672F-6430-439E-9B27-27EDEAF1D676}) (Version: 1.00.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6251 - Realtek Semiconductor Corp.)
RedEye (remove only) (HKLM-x32\...\RedEye) (Version:  - )
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Synology Assistant (remove only) (HKLM-x32\...\Synology Assistant) (Version:  - )
UnderCoverXP 1.23 (HKLM-x32\...\UnderCoverXP_is1) (Version:  - Wicked & Wild Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
XMind (HKLM-x32\...\XMind) (Version: 3.2.1 - XMind Ltd.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1549066735-246946951-1000381425-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\mero\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1549066735-246946951-1000381425-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\mero\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1549066735-246946951-1000381425-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\mero\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1549066735-246946951-1000381425-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\mero\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1549066735-246946951-1000381425-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\mero\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1549066735-246946951-1000381425-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\mero\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1549066735-246946951-1000381425-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\mero\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1549066735-246946951-1000381425-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\mero\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1549066735-246946951-1000381425-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\mero\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1549066735-246946951-1000381425-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\mero\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1549066735-246946951-1000381425-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\mero\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1549066735-246946951-1000381425-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\mero\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1549066735-246946951-1000381425-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\mero\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1549066735-246946951-1000381425-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\mero\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

13-01-2015 12:08:42 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
13-01-2015 12:11:49 Windows Update
13-01-2015 16:05:12 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
13-01-2015 19:04:41 Removed ASUS Update
13-01-2015 19:06:26 Removed EPU
13-01-2015 19:06:49 Removed MyLogo
13-01-2015 19:07:45 Removed Probe II
13-01-2015 19:08:58 Removed System Information
13-01-2015 19:11:22 Removed AI Suite II
14-01-2015 16:24:30 Windows Update
16-01-2015 12:49:28 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
16-01-2015 13:14:22 Avira Free Antivirus - 16.01.2015 13:14
16-01-2015 15:45:31 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
16-01-2015 15:46:14 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
16-01-2015 15:58:25 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
16-01-2015 15:58:25 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2015-01-16 16:11 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {14903D84-2018-435C-BEDC-7CA1B5017CC1} - System32\Tasks\ASUS\AsBackupWizard_Run => C:\Program Files (x86)\ASUS\\AsBackupWizard\\AsRunBkWizardHelper.exe [2010-04-24] (ASUSTeK Computer Inc.)
Task: {68BEAC8E-8E5C-4330-AF6E-D3C15763FDA0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {7D3CF61D-8BD9-4059-BDA2-8E910F3F9C7C} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-11-04] (Microsoft Corporation)
Task: {A9A67696-4FF4-4FFC-8F79-E8551A5117A1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-17] (Google Inc.)
Task: {AD7C2B34-C313-4443-933B-3C0D276E38CD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-14] (Adobe Systems Incorporated)
Task: {BB83ADBC-3D3C-4885-81C4-4FA9385E14D2} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {BC264CD8-9BFE-4AA0-BB89-C22E62C61475} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-11-12] (Microsoft Corporation)
Task: {EF5F1B00-4526-447E-925B-0CEA5079ADCA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-17] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-05-06 23:25 - 2010-11-03 10:30 - 00918144 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe
2011-05-06 23:25 - 2010-12-02 03:15 - 00915584 _____ () C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe
2011-05-06 23:25 - 2010-10-21 10:52 - 00586880 _____ () C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
2014-12-05 11:15 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-07-11 11:41 - 2014-07-11 11:41 - 00709120 _____ () C:\Program Files\004\rqpbhevlkc64.exe
2014-02-25 02:28 - 2014-02-25 02:28 - 00248736 _____ () C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 19:58 - 2014-02-12 19:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-05-06 23:25 - 2015-01-16 15:54 - 00019456 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.13\PEbiosinterface32.dll
2011-05-06 23:25 - 2010-06-29 03:58 - 00104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.13\ATKEX.dll
2014-12-09 11:12 - 2014-12-09 11:12 - 03758192 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-1549066735-246946951-1000381425-500 - Administrator - Disabled)
Gast (S-1-5-21-1549066735-246946951-1000381425-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1549066735-246946951-1000381425-1002 - Limited - Enabled)
mero (S-1-5-21-1549066735-246946951-1000381425-1000 - Administrator - Enabled) => C:\Users\mero
Tix (S-1-5-21-1549066735-246946951-1000381425-1003 - Limited - Enabled) => C:\Users\Tix

==================== Faulty Device Manager Devices =============

Name: Realtek PCIe GBE Family Controller
Description: Realtek PCIe GBE Family Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: RTL8167
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Microsoft-Teredo-Tunneling-Adapter
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/16/2015 03:55:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/16/2015 03:55:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: SearchSettings.exe, Version: 9.3.0.4, Zeitstempel: 0x538348fa
Name des fehlerhaften Moduls: SearchSettings.exe, Version: 9.3.0.4, Zeitstempel: 0x538348fa
Ausnahmecode: 0x40000015
Fehleroffset: 0x000a341d
ID des fehlerhaften Prozesses: 0x1284
Startzeit der fehlerhaften Anwendung: 0xSearchSettings.exe0
Pfad der fehlerhaften Anwendung: SearchSettings.exe1
Pfad des fehlerhaften Moduls: SearchSettings.exe2
Berichtskennung: SearchSettings.exe3

Error: (01/16/2015 03:50:30 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm setup.exe, Version 14.0.7.462 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1904

Startzeit: 01d0319b4ff5dfcd

Endzeit: 1

Anwendungspfad: C:\Program Files (x86)\Avira\AntiVir Desktop\setup.exe

Berichts-ID:

Error: (01/16/2015 03:43:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: SearchSettings.exe, Version: 9.3.0.4, Zeitstempel: 0x538348fa
Name des fehlerhaften Moduls: SearchSettings.exe, Version: 9.3.0.4, Zeitstempel: 0x538348fa
Ausnahmecode: 0x40000015
Fehleroffset: 0x000a341d
ID des fehlerhaften Prozesses: 0xf00
Startzeit der fehlerhaften Anwendung: 0xSearchSettings.exe0
Pfad der fehlerhaften Anwendung: SearchSettings.exe1
Pfad des fehlerhaften Moduls: SearchSettings.exe2
Berichtskennung: SearchSettings.exe3

Error: (01/16/2015 03:43:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/16/2015 00:52:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: SearchSettings.exe, Version: 9.3.0.4, Zeitstempel: 0x538348fa
Name des fehlerhaften Moduls: SearchSettings.exe, Version: 9.3.0.4, Zeitstempel: 0x538348fa
Ausnahmecode: 0x40000015
Fehleroffset: 0x000a341d
ID des fehlerhaften Prozesses: 0x1170
Startzeit der fehlerhaften Anwendung: 0xSearchSettings.exe0
Pfad der fehlerhaften Anwendung: SearchSettings.exe1
Pfad des fehlerhaften Moduls: SearchSettings.exe2
Berichtskennung: SearchSettings.exe3

Error: (01/16/2015 00:47:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/15/2015 00:22:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: SearchSettings.exe, Version: 9.3.0.4, Zeitstempel: 0x538348fa
Name des fehlerhaften Moduls: SearchSettings.exe, Version: 9.3.0.4, Zeitstempel: 0x538348fa
Ausnahmecode: 0x40000015
Fehleroffset: 0x000a341d
ID des fehlerhaften Prozesses: 0xee4
Startzeit der fehlerhaften Anwendung: 0xSearchSettings.exe0
Pfad der fehlerhaften Anwendung: SearchSettings.exe1
Pfad des fehlerhaften Moduls: SearchSettings.exe2
Berichtskennung: SearchSettings.exe3

Error: (01/15/2015 00:19:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/14/2015 09:53:58 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (01/16/2015 04:12:00 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (01/16/2015 04:10:34 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (01/16/2015 04:07:08 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (01/16/2015 03:59:36 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Compatibility Verify" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (01/16/2015 03:55:32 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (01/16/2015 03:43:13 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (01/16/2015 03:28:31 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Compatibility Verify" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (01/16/2015 00:47:01 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (01/15/2015 00:19:34 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (01/14/2015 09:53:50 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)


Microsoft Office Sessions:
=========================
Error: (01/16/2015 03:55:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/16/2015 03:55:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: SearchSettings.exe9.3.0.4538348faSearchSettings.exe9.3.0.4538348fa40000015000a341d128401d0319c7542b521C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exeC:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exec00cbd23-9d8f-11e4-bc16-be264770d626

Error: (01/16/2015 03:50:30 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: setup.exe14.0.7.462190401d0319b4ff5dfcd1C:\Program Files (x86)\Avira\AntiVir Desktop\setup.exe

Error: (01/16/2015 03:43:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: SearchSettings.exe9.3.0.4538348faSearchSettings.exe9.3.0.4538348fa40000015000a341df0001d0319ac06a7ee4C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exeC:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe10e1596f-9d8e-11e4-8bca-87a2d7ef2222

Error: (01/16/2015 03:43:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/16/2015 00:52:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: SearchSettings.exe9.3.0.4538348faSearchSettings.exe9.3.0.4538348fa40000015000a341d117001d031821d83b951C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exeC:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe208477dd-9d76-11e4-9470-a4e34dd07e23

Error: (01/16/2015 00:47:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/15/2015 00:22:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: SearchSettings.exe9.3.0.4538348faSearchSettings.exe9.3.0.4538348fa40000015000a341dee401d030b548a712dcC:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exeC:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.execcbca415-9ca8-11e4-b959-a197912d7822

Error: (01/15/2015 00:19:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/14/2015 09:53:58 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
  Date: 2015-01-16 16:10:34.689
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-01-16 16:10:34.611
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz
Percentage of memory in use: 37%
Total physical RAM: 6126.29 MB
Available physical RAM: 3837.43 MB
Total Pagefile: 12250.77 MB
Available Pagefile: 10002.44 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (WIN7) (Fixed) (Total:372.6 GB) (Free:136.15 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:544.72 GB) (Free:544.62 GB) NTFS
Drive g: () (Removable) (Total:7.47 GB) (Free:0.45 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: CB5BD2B2)
Partition 1: (Not Active) - (Size=14.2 GB) - (Type=1B)
Partition 2: (Active) - (Size=372.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=544.7 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 7.5 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================

Warlord711 16.01.2015 19:23
Lade Dir bitte von hier Revo Uninstaller Download Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
  • Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
  • Klicke auf Optionen und wähle als Sprache Deutsch.
  • Suche im Uninstallerfeld nach den Programmen:

    pdfforge Toolbar v9.3
    Java(TM) 6 Update 29

  • Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

 



Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.



Starte noch einmal FRST.
  • Ändere keine der Voreinstellungen und drücke auf Scan.
  • Wenn der Scan abgeschlossen ist, werden ein neues Logfile FRST.txt erstellt und auf dem Desktop gespeichert.
  • Poste den Inhalt dieses Logfiles bitte hier in deinen Thread.

mero4711 19.01.2015 10:38
Code:
# AdwCleaner v4.108 - Bericht erstellt am 19/01/2015 um 09:45:59
# Aktualisiert 17/01/2015 von Xplode
# Database : 2015-01-18.1 [Live]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : mero - MERO-PC
# Gestartet von : C:\Users\mero\Downloads\AdwCleaner_4.108.exe
# Option : Löschen

***** [ Dienste ] *****

Dienst Gelöscht : netfilter64
Dienst Gelöscht : rqpbhevlkc64

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\WindowsMangerProtect
Ordner Gelöscht : C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Program Files\004
Ordner Gelöscht : C:\Program Files\coupon downloader
Ordner Gelöscht : C:\Program Files\CouponDownloader
Ordner Gelöscht : C:\Users\mero\AppData\Roaming\1H1Q
Ordner Gelöscht : C:\Users\mero\AppData\Roaming\pdfforge
Ordner Gelöscht : C:\Users\mero\AppData\Roaming\Systweak
[!] Ordner Gelöscht : C:\Users\mero\AppData\Roaming\Compatibility Verifier
Ordner Gelöscht : C:\Users\Tix\AppData\LocalLow\pdfforge
Ordner Gelöscht : C:\Users\Tix\AppData\LocalLow\Search Settings
[!] Ordner Gelöscht : C:\Users\Tix\AppData\Roaming\Mozilla\Firefox\Profiles\qxxpm8og.default\Extensions\{badea1ae-72ed-4f6a-8c37-4db9a4ac7bc9}.xpi
Ordner Gelöscht : C:\Users\mero\AppData\Roaming\Mozilla\Firefox\Profiles\69uv4zk8.default-1382554676965\Extensions\faststartff@gmail.com
Datei Gelöscht : C:\Windows\System32\drivers\netfilter64.sys
Datei Gelöscht : C:\Windows\System32\roboot64.exe
Datei Gelöscht : C:\Users\Tix\AppData\Roaming\Mozilla\Firefox\Profiles\qxxpm8og.default\searchplugins\11-suche.xml

***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{8DCB7100-DF86-4384-8842-8FA844297B3F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8DCB7100-DF86-4384-8842-8FA844297B3F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8DCB7100-DF86-4384-8842-8FA844297B3F}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{8DCB7100-DF86-4384-8842-8FA844297B3F}]
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\SupHpUISoft
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKLM\SOFTWARE\supWindowsMangerProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\systweak
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\CouponDownloader
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Mozilla Firefox v34.0.5 (x86 de)

[69uv4zk8.default-1382554676965\prefs.js] - Zeile gelöscht : user_pref("browser.newtab.url", "chrome://quick_start/content/index.html");
[69uv4zk8.default-1382554676965\prefs.js] - Zeile gelöscht : user_pref("extensions.quick_start.enable_search1", false);
[69uv4zk8.default-1382554676965\prefs.js] - Zeile gelöscht : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);
[qxxpm8og.default\prefs.js] - Zeile gelöscht : user_pref("browser.newtab.url", "chrome://unitedtb/content/newtab/newtab-page.xhtml");

-\\ Google Chrome v39.0.2171.99


*************************

AdwCleaner[R0].txt - [5533 octets] - [19/01/2015 09:41:45]
AdwCleaner[S0].txt - [5193 octets] - [19/01/2015 09:45:59]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5253 octets] ##########
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Home Premium x64
Ran by mero on 19.01.2015 at 10:04:28,33
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\mero\appdata\local\{00CF7780-D622-4859-815D-5A934A41CB34}
Successfully deleted: [Empty Folder] C:\Users\mero\appdata\local\{04F8DA4D-C244-4997-BCF3-4A70D136B52E}
Successfully deleted: [Empty Folder] C:\Users\mero\appdata\local\{0B5CB897-05DF-4B43-A558-A497BFA6E988}
Successfully deleted: [Empty Folder] C:\Users\mero\appdata\local\{1B8CA4F8-43C6-4DCF-A945-D7041B07FC88}
Successfully deleted: [Empty Folder] C:\Users\mero\appdata\local\{35768FA3-0E7E-43BC-AF9F-5B0E17985F6C}
Successfully deleted: [Empty Folder] C:\Users\mero\appdata\local\{423C8DAD-9255-45F4-9015-633480E864C5}
Successfully deleted: [Empty Folder] C:\Users\mero\appdata\local\{4535D201-39BB-45F4-B9D8-9E491F94AD12}
Successfully deleted: [Empty Folder] C:\Users\mero\appdata\local\{67BEB48F-CF25-4E5A-96F4-567F2F03A0F7}
Successfully deleted: [Empty Folder] C:\Users\mero\appdata\local\{6CB11529-266E-442D-823C-5F8FE488ACE0}
Successfully deleted: [Empty Folder] C:\Users\mero\appdata\local\{806193AA-AD71-4527-BE4D-BA3CAAA33605}
Successfully deleted: [Empty Folder] C:\Users\mero\appdata\local\{85A3C531-63BF-4BC0-92C3-881D87668FA2}
Successfully deleted: [Empty Folder] C:\Users\mero\appdata\local\{89E3EDD4-5181-4E0B-B071-8EA0DB4E7735}
Successfully deleted: [Empty Folder] C:\Users\mero\appdata\local\{9ABEC764-0FAA-48D8-A9CC-66603C39A44E}
Successfully deleted: [Empty Folder] C:\Users\mero\appdata\local\{9B073414-D4BD-487B-9218-D0A203EC157D}
Successfully deleted: [Empty Folder] C:\Users\mero\appdata\local\{A03C5681-5FF3-4A85-9381-2D07FA4889F9}
Successfully deleted: [Empty Folder] C:\Users\mero\appdata\local\{AD95C538-C2EF-47B3-8FF5-D401E35EE182}
Successfully deleted: [Empty Folder] C:\Users\mero\appdata\local\{B8F7F174-6642-4E10-B84D-5024459C7BF4}
Successfully deleted: [Empty Folder] C:\Users\mero\appdata\local\{BC509931-2E14-4CF0-B05B-421F33976971}
Successfully deleted: [Empty Folder] C:\Users\mero\appdata\local\{C39938D9-3F72-4C3D-9E3D-AFD5A17B355F}
Successfully deleted: [Empty Folder] C:\Users\mero\appdata\local\{EA03E07E-732D-4BDE-880D-F1B5D39AD4DE}
Successfully deleted: [Empty Folder] C:\Users\mero\appdata\local\{EC4EF619-4D4C-4937-8D70-0B3E3A3B9F80}
Successfully deleted: [Empty Folder] C:\Users\mero\appdata\local\{FC9995A5-6776-4405-9B9D-077B66764ED9}



~~~ FireFox

Emptied folder: C:\Users\mero\AppData\Roaming\mozilla\firefox\profiles\69uv4zk8.default-1382554676965\minidumps [21 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 19.01.2015 at 10:06:29,26
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 19.01.2015
Suchlauf-Zeit: 10:10:35
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2015.01.19.06
Rootkit Datenbank: v2015.01.14.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: mero

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 402624
Verstrichene Zeit: 7 Min, 1 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 3
PUP.Optional.CompatibilityVerifier.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Verifies and fixes application compatibility issues, In Quarantäne, [20220fea1178191da06194df18eb9a66],
PUP.Optional.CouponDownloader.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Coupon Downloader, In Quarantäne, [df6320d9b6d366d0f802940d8c77ce32],
PUP.Optional.Spigot.A, HKU\S-1-5-21-1549066735-246946951-1000381425-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Search Settings, In Quarantäne, [51f1d623d0b90432b811e409689cee12],

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 2
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier, In Quarantäne, [7cc64eab6c1df04614ebf87a31d228d8],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\locales, In Quarantäne, [7cc64eab6c1df04614ebf87a31d228d8],

Dateien: 15
Trojan.Downloader, C:\Windows\Temp\db23.exe, In Quarantäne, [241e7b7e12779a9c4f5a9578d62c34cc],
PUP.Optional.OpenCandy, C:\Users\mero\Downloads\doubleTwist314Setup.exe, In Quarantäne, [410107f2771241f5bd5f358c18ed51af],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\cef.pak, In Quarantäne, [7cc64eab6c1df04614ebf87a31d228d8],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\cef_100_percent.pak, In Quarantäne, [7cc64eab6c1df04614ebf87a31d228d8],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\cef_200_percent.pak, In Quarantäne, [7cc64eab6c1df04614ebf87a31d228d8],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe, In Quarantäne, [7cc64eab6c1df04614ebf87a31d228d8],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe, In Quarantäne, [7cc64eab6c1df04614ebf87a31d228d8],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\d3dcompiler_46.dll, In Quarantäne, [7cc64eab6c1df04614ebf87a31d228d8],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\debug.log, In Quarantäne, [7cc64eab6c1df04614ebf87a31d228d8],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\ffmpegsumo.dll, In Quarantäne, [7cc64eab6c1df04614ebf87a31d228d8],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\icudtl.dat, In Quarantäne, [7cc64eab6c1df04614ebf87a31d228d8],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\libEGL.dll, In Quarantäne, [7cc64eab6c1df04614ebf87a31d228d8],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\libGLESv2.dll, In Quarantäne, [7cc64eab6c1df04614ebf87a31d228d8],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\NPSWF32_15_0_0_189.dll, In Quarantäne, [7cc64eab6c1df04614ebf87a31d228d8],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\vcredist_x86.exe, In Quarantäne, [7cc64eab6c1df04614ebf87a31d228d8],

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015
Ran by mero (administrator) on MERO-PC on 19-01-2015 10:36:55
Running from C:\Users\mero\Downloads
Loaded Profiles: mero (Available profiles: mero & Tix)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe
() C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe
() C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(ASUSTeK Computer Inc.) C:\Windows\SysWOW64\AsHookDevice.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
() C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Users\mero\AppData\Local\Amazon Music\Amazon Music Helper.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Dropbox, Inc.) C:\Users\mero\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\FRITZWLANMini.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11613288 2010-11-19] (Realtek Semiconductor)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2010-11-16] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RunAIShell] => C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe [232064 2009-12-23] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [976320 2009-12-03] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM-x32\...\Run: [AVMWlanClient] => C:\Program Files (x86)\avmwlanstick\FRITZWLANMini.exe [933888 2012-08-21] (AVM Berlin)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [449168 2012-03-26] (CANON INC.)
HKU\S-1-5-21-1549066735-246946951-1000381425-1000\...\Run: [Amazon Music] => C:\Users\mero\AppData\Local\Amazon Music\Amazon Music Helper.exe [6281024 2014-10-15] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\mero\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\mero\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1549066735-246946951-1000381425-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1549066735-246946951-1000381425-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1549066735-246946951-1000381425-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1549066735-246946951-1000381425-1000 -> {EBC79BE0-4FFF-4681-A0CF-1779313B8125} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexbho.dll (CANON INC.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: PodcastBHO Class -> {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} -> C:\Program Files (x86)\Common Files\doubleTwist\IEPodcastPlugin.dll (doubleTwist Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKU\S-1-5-21-1549066735-246946951-1000381425-1000 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll (CANON INC.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\mero\AppData\Roaming\Mozilla\Firefox\Profiles\69uv4zk8.default-1382554676965
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: PDF Architect 2 -> C:\Program Files (x86)\PDF Architect 2\np-previewer.dll (pdfforge GmbH)
FF Plugin HKU\S-1-5-21-1549066735-246946951-1000381425-1000: @doubletwist.com/NPPodcast -> C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll (doubleTwist Corporation)
FF SearchPlugin: C:\Users\mero\AppData\Roaming\Mozilla\Firefox\Profiles\69uv4zk8.default-1382554676965\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\mero\AppData\Roaming\Mozilla\Firefox\Profiles\69uv4zk8.default-1382554676965\searchplugins\google-maps.xml
FF Extension: 20-20 3D Viewer - IKEA - C:\Users\mero\AppData\Roaming\Mozilla\Firefox\Profiles\69uv4zk8.default-1382554676965\Extensions\2020Player_IKEA@2020Technologies.com [2014-09-03]
FF Extension: Cliqz Beta - C:\Users\mero\AppData\Roaming\Mozilla\Firefox\Profiles\69uv4zk8.default-1382554676965\Extensions\cliqz@cliqz.com.xpi [2014-09-05]
FF Extension: PAYBACK Internet Assistent fuer Firefox - C:\Users\mero\AppData\Roaming\Mozilla\Firefox\Profiles\69uv4zk8.default-1382554676965\Extensions\toolbar-ff@payback.de.xpi [2014-12-01]
FF HKU\S-1-5-21-1549066735-246946951-1000381425-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
FF HKU\S-1-5-21-1549066735-246946951-1000381425-1000\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\mero\AppData\Roaming\Mozilla\Firefox\Profiles\69uv4zk8.default-1382554676965\extensions\cliqz@cliqz.com

Chrome:
=======
CHR Profile: C:\Users\mero\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\mero\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-23]
CHR Extension: (Google Docs) - C:\Users\mero\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-23]
CHR Extension: (Google Drive) - C:\Users\mero\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-23]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\mero\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-01]
CHR Extension: (YouTube) - C:\Users\mero\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-23]
CHR Extension: (Google-Suche) - C:\Users\mero\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-23]
CHR Extension: (Google Tabellen) - C:\Users\mero\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-23]
CHR Extension: (Avira Browserschutz) - C:\Users\mero\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-01-14]
CHR Extension: (Google Wallet) - C:\Users\mero\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-23]
CHR Extension: (Google Mail) - C:\Users\mero\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-23]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [918144 2010-11-03] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe [915584 2010-12-02] ()
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [586880 2010-10-21] ()
S2 AVMPowerlineService; C:\Program Files (x86)\FRITZ!Powerline\PowerlineService.exe [126976 2013-11-27] (AVM GmbH) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-15] (Hewlett-Packard) [File not signed]
S3 PDF Architect 2; C:\Program Files (x86)\PDF Architect 2\ws.exe [1716264 2014-04-30] (pdfforge GmbH)
S3 pdfforge CrashHandler; C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe [861736 2014-04-30] (pdfforge GmbH)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-15] (Hewlett-Packard) [File not signed]
R2 UsbClientService; C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [248736 2014-02-25] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R0 asahci64; C:\Windows\System32\drivers\asahci64.sys [36448 2011-01-30] (Asmedia Technology)
R2 ASInsHelp; C:\Windows\SysWow64\drivers\AsInsHelp64.sys [11832 2008-01-04] ()
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2012-04-25] (AVM Berlin)
R3 fwlanusb5; C:\Windows\System32\DRIVERS\fwlanusb5.sys [982784 2012-08-21] (AVM GmbH)
S3 fwlanusbn; C:\Windows\System32\DRIVERS\fwlanusbn.sys [714368 2010-10-25] (AVM GmbH)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-19] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-19 10:36 - 2015-01-19 10:36 - 00000000 ____D () C:\Users\mero\Downloads\FRST-OlderVersion
2015-01-19 10:35 - 2015-01-19 10:35 - 00004341 _____ () C:\Users\mero\Desktop\mbam.txt
2015-01-19 10:09 - 2015-01-19 10:25 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-19 10:08 - 2015-01-19 10:08 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\mero\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-19 10:08 - 2015-01-19 10:08 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-19 10:08 - 2015-01-19 10:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-19 10:08 - 2015-01-19 10:08 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-19 10:08 - 2015-01-19 10:08 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-19 10:08 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-19 10:08 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-19 10:08 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-19 10:06 - 2015-01-19 10:06 - 00003081 _____ () C:\Users\mero\Desktop\JRT.txt
2015-01-19 10:04 - 2015-01-19 10:04 - 00000000 ____D () C:\Windows\ERUNT
2015-01-19 10:03 - 2015-01-19 10:03 - 01707939 _____ (Thisisu) C:\Users\mero\Downloads\JRT.exe
2015-01-19 09:39 - 2015-01-19 09:46 - 00000000 ____D () C:\AdwCleaner
2015-01-19 09:33 - 2015-01-19 09:33 - 02186752 _____ () C:\Users\mero\Downloads\AdwCleaner_4.108.exe
2015-01-19 09:13 - 2015-01-19 09:13 - 00001268 _____ () C:\Users\mero\Desktop\Revo Uninstaller.lnk
2015-01-19 09:13 - 2015-01-19 09:13 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-01-19 09:11 - 2015-01-19 09:11 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\mero\Downloads\revosetup95.exe
2015-01-18 03:33 - 2015-01-18 03:33 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Adobe
2015-01-18 03:33 - 2015-01-18 03:33 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Adobe
2015-01-16 16:14 - 2015-01-16 16:14 - 00032581 _____ () C:\ComboFix.txt
2015-01-16 15:32 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-01-16 15:32 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-01-16 15:32 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-01-16 15:32 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-01-16 15:32 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-01-16 15:32 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-01-16 15:32 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-01-16 15:32 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-01-16 15:28 - 2015-01-16 16:14 - 00000000 ____D () C:\Qoobox
2015-01-16 15:28 - 2015-01-16 16:13 - 00000000 ____D () C:\Windows\erdnt
2015-01-16 15:27 - 2015-01-16 15:28 - 05609736 ____R (Swearware) C:\Users\mero\Downloads\ComboFix.exe
2015-01-16 14:05 - 2015-01-16 16:23 - 00034902 _____ () C:\Users\mero\Downloads\Addition.txt
2015-01-16 14:01 - 2015-01-19 10:37 - 00020350 _____ () C:\Users\mero\Downloads\FRST.txt
2015-01-16 14:01 - 2015-01-19 10:36 - 00000000 ____D () C:\FRST
2015-01-16 14:00 - 2015-01-19 10:36 - 02126848 _____ (Farbar) C:\Users\mero\Downloads\FRST64.exe
2015-01-14 06:02 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 06:02 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 06:02 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 06:02 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 06:02 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 06:02 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 06:02 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 06:02 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 06:02 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 06:02 - 2014-12-11 18:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 06:02 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 06:02 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 06:02 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-13 15:31 - 2015-01-13 16:02 - 00003064 _____ () C:\Windows\system32\TmInstall.log
2015-01-13 15:31 - 2015-01-13 15:31 - 00004280 _____ () C:\Windows\SysWOW64\TmInstall.log
2015-01-13 15:21 - 2015-01-13 15:22 - 154051656 _____ () C:\Users\mero\Downloads\avira_free_antivirus468_de.exe
2015-01-13 12:11 - 2015-01-19 09:32 - 00000112 _____ () C:\ProgramData\OeSOSc67S.dat
2015-01-08 08:25 - 2015-01-16 15:58 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-08 08:24 - 2015-01-19 09:48 - 00000000 ____D () C:\Users\mero\AppData\Roaming\Compatibility Verifier
2015-01-08 07:51 - 2015-01-08 07:52 - 01054912 _____ (Adobe) C:\Users\mero\Downloads\install_flashplayer16x32au_mssa_aaa_aih.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-19 10:35 - 2014-12-09 11:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-19 10:31 - 2009-07-14 05:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-19 10:31 - 2009-07-14 05:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-19 10:28 - 2011-11-20 23:39 - 01709132 _____ () C:\Windows\WindowsUpdate.log
2015-01-19 10:25 - 2014-02-26 22:54 - 00000000 ___RD () C:\Users\mero\Dropbox
2015-01-19 10:25 - 2014-02-26 22:52 - 00000000 ____D () C:\Users\mero\AppData\Roaming\Dropbox
2015-01-19 10:25 - 2012-10-17 10:02 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-19 10:24 - 2012-07-18 10:45 - 00000000 ____D () C:\Windows\de
2015-01-19 10:24 - 2010-11-21 04:47 - 00676446 _____ () C:\Windows\PFRO.log
2015-01-19 10:24 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-19 10:24 - 2009-07-14 05:51 - 00097685 _____ () C:\Windows\setupact.log
2015-01-19 10:12 - 2012-03-29 17:21 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-19 10:07 - 2012-10-17 10:02 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-19 09:29 - 2014-10-23 07:19 - 00002179 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-16 16:14 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2015-01-16 16:12 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-01-16 12:45 - 2012-05-27 10:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-15 15:32 - 2014-12-19 14:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-01-14 15:12 - 2012-03-29 17:21 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-14 15:12 - 2012-03-29 17:21 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-14 15:12 - 2011-11-21 00:41 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-13 19:12 - 2011-05-06 23:14 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-01-13 19:11 - 2011-05-06 23:25 - 00000000 ____D () C:\Windows\System32\Tasks\ASUS
2015-01-13 19:11 - 2011-05-06 23:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2015-01-13 15:58 - 2014-07-11 11:42 - 00000000 ____D () C:\Program Files\A6ADCE5D-859A-4E7E-B0B2-D07F8AB9237E
2015-01-13 15:58 - 2014-07-11 11:42 - 00000000 ____D () C:\Program Files (x86)\A6ADCE5D-859A-4E7E-B0B2-D07F8AB9237E
2015-01-13 15:30 - 2011-05-06 23:41 - 00000000 ____D () C:\ProgramData\Trend Micro
2015-01-08 07:58 - 2011-11-23 11:55 - 00000000 ____D () C:\Users\mero\AppData\Local\Adobe
2015-01-06 04:36 - 2010-11-21 04:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-12-30 11:46 - 2011-12-06 11:59 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-30 11:45 - 2014-12-05 11:15 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-12-22 16:11 - 2011-11-21 00:11 - 00000000 ____D () C:\Users\mero\AppData\Local\Thunderbird

==================== Files in the root of some directories =======
2015-01-13 12:11 - 2015-01-19 09:32 - 0000112 _____ () C:\ProgramData\OeSOSc67S.dat

Files to move or delete:
====================
C:\ProgramData\OeSOSc67S.dat


Some content of TEMP:
====================
C:\Users\mero\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjnmdaa.dll
C:\Users\mero\AppData\Local\Temp\Quarantine.exe
C:\Users\mero\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-14 00:32

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-01-2015
Ran by mero at 2015-01-19 10:37:17
Running from C:\Users\mero\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 1.2.0 - Hewlett-Packard) Hidden
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY)
ABBYY FineReader 9.0 Sprint (x32 Version: 9.01.513.58212 - ABBYY) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Reader X MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.0.0 - Adobe Systems Incorporated)
AI Manager (HKLM-x32\...\{4AF95DE2-B54D-4C3F-9494-FD3B558E2C2D}) (Version: 1.09.06 - ASUSTeK Computer Inc.)
Amazon Music Importer (HKLM-x32\...\com.amazon.music.uploader) (Version: 3.0.0 - Amazon Services LLC)
Amazon Music Importer (x32 Version: 3.0.0 - Amazon Services LLC) Hidden
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.10.0.0 - Asmedia Technology)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 1.1.9.000 - Asmedia Technology)
ASUS Backup Wizard (HKLM-x32\...\{124C9BD0-8C52-40AB-8238-0605703B1C28}) (Version: 1.00.10 - ASUSTeK Computer Inc.)
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.4.628 - ASUSTEK)
AVM FRITZ!WLAN (HKLM-x32\...\AVMWLANCLI) (Version: 1.2.0.0 - AVM Berlin)
Bing Bar (HKLM-x32\...\{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}) (Version: 7.0.610.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.4.1.0 - Canon Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - ‪Canon Inc.‬)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - ‪Canon Inc.‬)
Canon MG4200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG4200_series) (Version: 1.02 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 2.1.0 - Canon Inc.)
Cliqz (HKLM-x32\...\{5A0C0737-6AFE-4DC6-A8B4-6DFE509ACD75}_is1) (Version: 0.5.22 - Cliqz.com)
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
doubleTwist (HKLM-x32\...\doubleTwist) (Version: 3.2.0.11764 - doubleTwist Corporation)
Dropbox (HKU\S-1-5-21-1549066735-246946951-1000381425-1000\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
Druckerdeinstallation für EPSON PX650 Series (HKLM\...\EPSON PX650 Series) (Version:  - SEIKO EPSON Corporation)
Druckerdeinstallation für EPSON PX720WD Series (HKLM\...\EPSON PX720WD Series) (Version:  - SEIKO EPSON Corporation)
Epson Easy Photo Print 2 (HKLM-x32\...\{310C1558-F6B5-4889-98B0-7471966BA7F2}) (Version: 2.2.3.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM-x32\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}) (Version: 2.40.0001 - SEIKO EPSON CORPORATION)
Epson Print CD (HKLM-x32\...\{D16A31F9-276D-4968-A753-FFEAC56995D0}) (Version: 2.00.00 - SEIKO EPSON CORPORATION)
EPSON PX720WD Series Handbuch (HKLM-x32\...\EPSON PX720WD Series Manual) (Version:  - )
EPSON PX720WD Series Netzwerk-Handbuch (HKLM-x32\...\EPSON PX720WD Series Network Guide) (Version:  - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4j - SEIKO EPSON CORPORATION)
EpsonNet Setup 3.3 (HKLM-x32\...\{C9D8A041-2963-4B31-8FFC-1500F3DB9293}) (Version: 3.3a - SEIKO EPSON CORPORATION)
ffdshow [rev 2527] [2008-12-19] (HKLM-x32\...\ffdshow_is1) (Version: 1.0 - )
Fotosizer 2.09 (HKLM-x32\...\Fotosizer) (Version: 2.09.0.548 - Fotosizer.com)
FRITZ!Powerline (HKLM-x32\...\{F88975C1-C182-4A51-BEDE-E333AB89F5D4}) (Version: 01.00.57 - AVM Berlin)
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.99 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 15.0.4675.1003 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1549066735-246946951-1000381425-1000\...\OneDriveSetup.exe) (Version: 17.3.1171.0714 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version:  - Pavel Cvrcek)
Mozilla Firefox 34.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.0 - Mozilla)
Mozilla Thunderbird 31.4.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.4.0 (x86 de)) (Version: 31.4.0 - Mozilla)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
NVIDIA Grafiktreiber 268.29 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 268.29 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.2.22.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.2.22.1 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.10.0514 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.10.0514 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
PDF Architect 2 (HKLM-x32\...\PDF Architect 2) (Version: 2.0.24.16092 - pdfforge GmbH)
PDF Architect 2 View Module (HKLM-x32\...\{46889070-D447-4936-A5D3-246DB972FA2E}) (Version: 2.0.6.16537 - pdfforge GmbH)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.9.3 - pdfforge)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.37.1229.2010 - Realtek)
Realtek Ethernet Diagnostic Utility (HKLM-x32\...\{7236672F-6430-439E-9B27-27EDEAF1D676}) (Version: 1.00.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6251 - Realtek Semiconductor Corp.)
RedEye (remove only) (HKLM-x32\...\RedEye) (Version:  - )
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Synology Assistant (remove only) (HKLM-x32\...\Synology Assistant) (Version:  - )
UnderCoverXP 1.23 (HKLM-x32\...\UnderCoverXP_is1) (Version:  - Wicked & Wild Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
XMind (HKLM-x32\...\XMind) (Version: 3.2.1 - XMind Ltd.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1549066735-246946951-1000381425-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\mero\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1549066735-246946951-1000381425-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\mero\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1549066735-246946951-1000381425-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\mero\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1549066735-246946951-1000381425-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\mero\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1549066735-246946951-1000381425-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\mero\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1549066735-246946951-1000381425-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\mero\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1549066735-246946951-1000381425-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\mero\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1549066735-246946951-1000381425-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\mero\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1549066735-246946951-1000381425-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\mero\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1549066735-246946951-1000381425-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\mero\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1549066735-246946951-1000381425-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\mero\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1549066735-246946951-1000381425-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\mero\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1549066735-246946951-1000381425-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\mero\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1549066735-246946951-1000381425-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\mero\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

13-01-2015 19:04:41 Removed ASUS Update
13-01-2015 19:06:26 Removed EPU
13-01-2015 19:06:49 Removed MyLogo
13-01-2015 19:07:45 Removed Probe II
13-01-2015 19:08:58 Removed System Information
13-01-2015 19:11:22 Removed AI Suite II
14-01-2015 16:24:30 Windows Update
16-01-2015 12:49:28 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
16-01-2015 13:14:22 Avira Free Antivirus - 16.01.2015 13:14
16-01-2015 15:45:31 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
16-01-2015 15:46:14 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
16-01-2015 15:58:25 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
16-01-2015 15:58:25 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
18-01-2015 03:31:08 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
18-01-2015 03:38:05 Windows Update
19-01-2015 09:03:32 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
19-01-2015 09:19:43 Revo Uninstaller's restore point - pdfforge Toolbar v9.3
19-01-2015 09:22:36 Removed pdfforge Toolbar v9.3.
19-01-2015 09:25:09 Revo Uninstaller's restore point - Java(TM) 6 Update 29
19-01-2015 09:26:45 Removed Java(TM) 6 Update 29

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2015-01-16 16:11 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {14903D84-2018-435C-BEDC-7CA1B5017CC1} - System32\Tasks\ASUS\AsBackupWizard_Run => C:\Program Files (x86)\ASUS\\AsBackupWizard\\AsRunBkWizardHelper.exe [2010-04-24] (ASUSTeK Computer Inc.)
Task: {68BEAC8E-8E5C-4330-AF6E-D3C15763FDA0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {7D3CF61D-8BD9-4059-BDA2-8E910F3F9C7C} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-11-04] (Microsoft Corporation)
Task: {A9A67696-4FF4-4FFC-8F79-E8551A5117A1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-17] (Google Inc.)
Task: {AD7C2B34-C313-4443-933B-3C0D276E38CD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-14] (Adobe Systems Incorporated)
Task: {BB83ADBC-3D3C-4885-81C4-4FA9385E14D2} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {BC264CD8-9BFE-4AA0-BB89-C22E62C61475} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-11-12] (Microsoft Corporation)
Task: {EF5F1B00-4526-447E-925B-0CEA5079ADCA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-17] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-05-06 23:25 - 2010-11-03 10:30 - 00918144 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe
2011-05-06 23:25 - 2010-12-02 03:15 - 00915584 _____ () C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe
2011-05-06 23:25 - 2010-10-21 10:52 - 00586880 _____ () C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
2014-12-05 11:15 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-02-25 02:28 - 2014-02-25 02:28 - 00248736 _____ () C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
2014-09-15 10:26 - 2014-10-15 06:35 - 06281024 _____ () C:\Users\mero\AppData\Local\Amazon Music\Amazon Music Helper.exe
2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 19:58 - 2014-02-12 19:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-05-06 23:25 - 2015-01-19 10:24 - 00019456 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.13\PEbiosinterface32.dll
2011-05-06 23:25 - 2010-06-29 03:58 - 00104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.13\ATKEX.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00750080 _____ () C:\Users\mero\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-01-19 10:25 - 2015-01-19 10:25 - 00043008 _____ () c:\users\mero\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjnmdaa.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00047616 _____ () C:\Users\mero\AppData\Roaming\Dropbox\bin\libEGL.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00863744 _____ () C:\Users\mero\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00200704 _____ () C:\Users\mero\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2014-12-09 11:12 - 2014-12-09 11:12 - 03758192 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-1549066735-246946951-1000381425-500 - Administrator - Disabled)
Gast (S-1-5-21-1549066735-246946951-1000381425-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1549066735-246946951-1000381425-1002 - Limited - Enabled)
mero (S-1-5-21-1549066735-246946951-1000381425-1000 - Administrator - Enabled) => C:\Users\mero
Tix (S-1-5-21-1549066735-246946951-1000381425-1003 - Limited - Enabled) => C:\Users\Tix

==================== Faulty Device Manager Devices =============

Name: Realtek PCIe GBE Family Controller
Description: Realtek PCIe GBE Family Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: RTL8167
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Microsoft-Teredo-Tunneling-Adapter
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/19/2015 10:25:56 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (01/19/2015 10:25:33 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (01/19/2015 10:24:36 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Server" wurde mit folgendem Fehler beendet:
%%14

Error: (01/19/2015 10:24:23 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "AVM FRITZ!Powerline Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (01/19/2015 10:24:23 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst AVM FRITZ!Powerline Service erreicht.


Microsoft Office Sessions:
=========================
Error: (01/19/2015 10:25:56 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
  Date: 2015-01-16 16:10:34.689
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-01-16 16:10:34.611
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz
Percentage of memory in use: 34%
Total physical RAM: 6126.29 MB
Available physical RAM: 4015.21 MB
Total Pagefile: 12250.77 MB
Available Pagefile: 9842.39 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (WIN7) (Fixed) (Total:372.6 GB) (Free:136.6 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:544.72 GB) (Free:544.62 GB) NTFS
Drive g: () (Removable) (Total:7.47 GB) (Free:0.45 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: CB5BD2B2)
Partition 1: (Not Active) - (Size=14.2 GB) - (Type=1B)
Partition 2: (Active) - (Size=372.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=544.7 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 7.5 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================

Warlord711 19.01.2015 11:27
Ok, sieht schon gut aus.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


mero4711 19.01.2015 12:03
FRST meldet mir immer no fixlist found

Warlord711 19.01.2015 13:49
Wahrscheinlich falsch abgespeichert, geht aber eh nur ums Löschen von temporären Dateien, also den Fixlist+FRST hierdurch ersetzen:

Temp File Cleaner
  • Lade dir bitte den Temp File Cleaner ( by OldTimer ) hier herunter.
  • Starte TFC.exe als Administrator und wähle START.
  • Ggf. wirst du zu einem Neustart aufgefordert.

mero4711 19.01.2015 16:45
Code:
Results of screen317's Security Check version 0.99.93 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Adobe Flash Player 16.0.0.257 
 Mozilla Firefox (35.0)
 Mozilla Thunderbird (31.4.0)
 Google Chrome (39.0.2171.95)
 Google Chrome (39.0.2171.99)
````````Process Check: objlist.exe by Laurent```````` 
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbamscheduler.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````
Code:
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=0fee5872fce3ae4dae40c0992aeacea1
# engine=22037
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-01-19 02:59:30
# local_time=2015-01-19 03:59:30 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 3819 173309420 0 0
# scanned=255339
# found=16
# cleaned=16
# scan_time=3494
sh=B98C851D46F6F34607DEC601FF82469DA350D9EC ft=1 fh=95a049650cc65f75 vn="Variante von Win64/Adware.Adpeak.C Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\004\rqpbhevlkc64.exe.vir"
sh=977B60DEF45F24048D040ECDCAA65BB332C6B449 ft=1 fh=164dad5fc31d40af vn="Variante von Win32/AdSuproot Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\mero\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe.vir"
sh=2C8981A59216CCB644BE5FBC92DBB7F8F0188F99 ft=1 fh=6aad921543298e71 vn="Variante von Win32/AdSuproot.A Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\mero\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe.vir"
sh=D95DA6EB1B41CE144BC78AA7EF8FDBA782692156 ft=1 fh=038f0e9c2aa6fcd9 vn="Variante von Win32/AdSuproot Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\mero\AppData\Roaming\Compatibility Verifier\d3dcompiler_46.dll.vir"
sh=6FAC18F40A0B9D8591E636CB3B40208DE00A527D ft=1 fh=f4fb7f62c46286d7 vn="Variante von Win32/AdSuproot Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\mero\AppData\Roaming\Compatibility Verifier\ffmpegsumo.dll.vir"
sh=2E6E4C2FDF55F1E6CB989861ABC276BF28DE1F0C ft=1 fh=ab455342bbbbf6b6 vn="Variante von Win32/AdSuproot Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\mero\AppData\Roaming\Compatibility Verifier\libEGL.dll.vir"
sh=A759EFBF880BDF0268F7ACA91E5C7CFA184EC6BA ft=1 fh=8b9d0fa7f7d4506b vn="Variante von Win32/AdSuproot Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\mero\AppData\Roaming\Compatibility Verifier\libGLESv2.dll.vir"
sh=560236056E7C0D6603562B7296CBA8EDA6B081D5 ft=1 fh=27394455615c306e vn="Variante von Win32/AdSuproot Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\mero\AppData\Roaming\Compatibility Verifier\NPSWF32_15_0_0_189.dll.vir"
sh=1051181D6A4E6B06FF83BFD5BAD844647E2B6450 ft=1 fh=a1ff9876a0d9750c vn="Variante von Win64/Systweak.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir"
sh=8B67C4946B050285FE89EFE36AB6DC2F7B3E2D2F ft=1 fh=d91722da20002316 vn="Variante von Win64/Riskware.NetFilter.F Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\netfilter64.sys.vir"
sh=B4245F63C6CA98F9F162674C2D5E5E6DE2EA5249 ft=1 fh=7c81c5e0e10aea42 vn="Win32/Systweak.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Qoobox\Quarantine\C\Users\mero\AppData\Roaming\Systweak\ssd\SSDPTstub.exe.vir"
sh=C2612AA1AEFEBE9B4C7D9FCF040D4F0721E3C142 ft=1 fh=218e820efb3653cd vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\mero\Downloads\7 Zip 32 Bit - CHIP-Installer.exe"
sh=6CF8A9F031B45F70BE3E66E7ACC7449CDA15FA34 ft=1 fh=2de4b6f517306153 vn="Win32/Toolbar.Widgi evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\mero\Downloads\PDFCreator-1_2_3_setup.exe"
sh=E2C028A886AA7352539DEE32CBB38770C529A76E ft=1 fh=d2aeb2930bcba9f7 vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\mero\Downloads\PDFCreator-1_7_3_setup.exe"
sh=47DA0A4A23B5F6FA4C8DD6BD9B6055691E4339EB ft=1 fh=2ec24482c96e1f8f vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\mero\Downloads\PDFCreator-1_9_3-setup.exe"
sh=A0A92E6410267F66CE01A3903E586B66BA906223 ft=1 fh=134bdcaa859dee44 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\mero\Downloads\UnderCoverXP - CHIP-Installer.exe"

Warlord711 20.01.2015 08:48
Ok, der letzte Scan hat nur noch die Quarantäne der vorherigen Tools gefunden und ein paar Installer mit Adware von Chip+Co.

Zitat:
AntiVir hat Virus db22.exe festgellt. Der Rechner arbeitet nur noch sehr langsam. Zwischendurch werden unkontrolliert Musik und Audiobeiträge gespielt. Internet Ladezeiten sind extrem lang.
Tritt davon noch irgend etwas auf ?

Ansonsten sind die Logs nämlich sauber und du bist fertig :party:

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Abschließend habe ich noch ein paar Tipps zur Absicherung deines Systems.

Ändere regelmäßig alle deine Passwörter, jetzt, nach der Bereinigung ist ein idealer Zeitpunkt dafür
  • verwende für jede Anwendung und jeden Account ein anderes Passwort
  • ändere regelmäßig dein Passwort, vor allem bei Onlinebanking oder deinem Emailpostfach ist dieses sehr wichtig
  • speichere keine Passwörter auf deinem PC, gib diese nicht an dritte weiter
  • ein sicheres Passwort besteht aus mindestens 8 Zeichen und beinhaltet Groß- und Kleinbuchstaben, Zahlen und Sonderzeichen
  • benutze keine Zahlen- oder Buchstabenkombinationen, ( zB 12345678, qwertzui) auch keine Zahlen oder Buchstabenmuster
  • verwende keine Passwörter die einen Bezug zu dir, deinem Wohnort, Familienmitglied oder Haustier (Geburtsdatum, Postleitzahl, Adresse, Name) haben

Ich kann gar nicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7 / 8 : Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti-Viren-Programm und zusätzlicher Schutz
  • Gehe sicher, dass du immer nur eine Anti-Viren Software installiert hast und dass diese auch up to date ist!
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion bietet zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • AdwCleaner
    Dieses Tool erkennt eine Vielzahl von Werbeprogrammen (Adware) und unerwümschten Programmen (PUPs).
    Starte das Tool einmal die Woche und lass es laufen. Sollte eine neue Version verfügbar sein, so wird dies angezeigt und du kannst dir die neueste Version direkt auf den Desktop downloaden.
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • WOT (Web of trust)
    Dieses AddOn warnt dich, bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser
Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Mozilla Firefox
  • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
  • NoScript
    Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt, wenn Du es bestätigst.
  • AdblockPlus
    Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
    Es spart außerdem Downloadkapazität.


Performance
  • Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
  • Halte dich fern von Registry Cleanern.
    Diese Schaden deinem System mehr als dass sie helfen. Hier ein englischer Link:
    Miekemoes Blogspot ( MVP )


Was du vermeiden solltest:
  • Klicke nicht auf alles, nur weil es dich dazu auffordert und schön bunt ist.
  • Verwende keine P2P oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie z.B. deinFoto.jpg.exe.
  • Lade keine Software von Softonic oder Chip herunter, da diese Installer oft mit Adware oder unerünschter Software versehen sind!



Nun bleibt mir nur noch dir viel Spaß beim sicheren Surfen zu wünschen... ... und vielleicht möchtest du ja das Trojaner-Board unterstützen?

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.

mero4711 26.01.2015 08:00
Vielen Dank für die super Hilfe! Rechner läuft wieder prima!


Alle Zeitangaben in WEZ +1. Es ist jetzt 22:47 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131