Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Pop ups lassen sich nicht löschen! (https://www.trojaner-board.de/163389-pop-ups-lassen-loeschen.html)

Duplo15 30.01.2015 18:13
Pop ups lassen sich nicht löschen!
 
Hallo
Habe von Chip.de einige Programme geladen. Seitdem habe ich Pop-ups, die sich ständig in Vordergrund schieben und sich nicht löschen lassen.
Was kann ich tun.

Mit freundlichen Grüssen
Duplo15

schrauber 30.01.2015 18:26
hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


Duplo15 31.01.2015 10:50
Hi Schrauber
Den Scan habe ich durchgeführt.
Wie poste ich die Log Files, bzw. was hat es mit dem # Zeichen auf sich?

Gruß Duplo15

Hi Schrauber
Den Scan habe ich durchgeführt.
Wie poste ich die Log Files, bzw. was hat es mit dem # Zeichen auf sich?

Gruß Duplo15

schrauber 31.01.2015 15:52
So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

Duplo15 31.01.2015 18:34

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-01-2015 01
Ran by AGANDO (administrator) on AGANDO-PC on 31-01-2015 18:19:38
Running from C:\Users\AGANDO\Downloads
Loaded Profiles: AGANDO (Available profiles: AGANDO)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Lollipop Network SL) C:\Program Files (x86)\4HD\updater.exe
() C:\Program Files (x86)\Hardcopy\hcdll2_ex_x64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
() C:\Program Files (x86)\Hardcopy\hcdll2_ex_Win32.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
( ) C:\Windows\System32\lxbvcoms.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(VIA Technologies, Inc.) C:\VIA_XHCI\usb3Monitor.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(sw4you) C:\Program Files (x86)\Hardcopy\hardcopy.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Lollipop Network SL) C:\Program Files (x86)\4HD\4hd.exe
(Dropbox, Inc.) C:\Users\AGANDO\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_296.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_296.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [VIAxHCUtl] => C:\VIA_XHCI\usb3Monitor.exe [331776 2011-07-12] (VIA Technologies, Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2352072 2014-05-30] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5263504 2012-08-09] (VIA)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-20] (Intel Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-09] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [4hd] => C:\Program Files (x86)\4HD\4hd.exe [702960 2014-10-22] (Lollipop Network SL)
HKU\S-1-5-21-4230170062-206650724-3253433267-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30878816 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-4230170062-206650724-3253433267-1000\...\MountPoints2: {2631dca3-0ffa-11e4-a95b-94de80a669a6} - I:\LaunchU3.exe -a
Startup: C:\Users\AGANDO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\AGANDO\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hardcopy.LNK
ShortcutTarget: Hardcopy.LNK -> C:\Program Files (x86)\Hardcopy\hardcopy.exe (sw4you)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hardcopy.LNK
ShortcutTarget: Hardcopy.LNK -> C:\Program Files (x86)\Hardcopy\hardcopy.exe (sw4you)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\S-1-5-21-4230170062-206650724-3253433267-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKU\S-1-5-21-4230170062-206650724-3253433267-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKU\S-1-5-21-4230170062-206650724-3253433267-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
HKU\S-1-5-21-4230170062-206650724-3253433267-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4230170062-206650724-3253433267-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\AGANDO\AppData\Roaming\Mozilla\Firefox\Profiles\zl9ojpxi.default-1422433099013
FF Homepage: hxxp://www.t-online.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @Sibelius.com/Scorch Plugin,version=6.2.0.88 -> C:\Program Files (x86)\Sibelius Software\Scorch\npsibelius.dll ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPSibelius.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\PDFNetC.dll (PDFTron Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ScorchAxPlugin.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ScorchPDFWrapper.dll ()
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-01-28]
FF HKU\S-1-5-21-4230170062-206650724-3253433267-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
FF HKU\S-1-5-21-4230170062-206650724-3253433267-1000\...\Firefox\Extensions: [SoundFrost@helper.com] - C:\Program Files (x86)\keepvid\SoundFrost.xpi

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 4hdupdater; C:\Program Files (x86)\4HD\updater.exe [376816 2014-10-22] (Lollipop Network SL)
R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [807672 2014-12-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [993584 2014-12-09] (Avira Operations GmbH & Co. KG)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2635552 2015-01-26] (IObit)
R2 lxbv_device; C:\Windows\system32\lxbvcoms.exe [566704 2007-04-25] ( )
R2 lxbv_device; C:\Windows\SysWOW64\lxbvcoms.exe [537520 2007-04-25] ( )
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1631008 2014-05-30] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21055432 2014-05-30] (NVIDIA Corporation)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27792 2012-08-03] (VIA Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-02-14] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [43064 2014-10-09] (Avira Operations GmbH & Co. KG)
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [110744 2012-07-19] (Qualcomm Atheros Co., Ltd.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-05-30] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
R3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [205312 2012-01-20] (VIA Technologies, Inc.)
R3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [254464 2012-01-20] (VIA Technologies, Inc.)
S3 gdrv; \??\C:\Windows\gdrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-31 18:19 - 2015-01-31 18:19 - 00000000 ____D () C:\Users\AGANDO\Downloads\FRST-OlderVersion
2015-01-30 20:11 - 2015-01-30 20:12 - 00025137 _____ () C:\Users\AGANDO\Downloads\Addition.txt
2015-01-30 20:10 - 2015-01-31 18:19 - 00017882 _____ () C:\Users\AGANDO\Downloads\FRST.txt
2015-01-30 20:09 - 2015-01-31 18:19 - 02130944 _____ (Farbar) C:\Users\AGANDO\Downloads\FRST64.exe
2015-01-30 20:09 - 2015-01-31 18:19 - 00000000 ____D () C:\FRST
2015-01-28 09:18 - 2015-01-28 09:18 - 00000000 ____D () C:\Users\AGANDO\Desktop\Alte Firefox-Daten
2015-01-28 09:16 - 2015-01-28 09:16 - 00001697 _____ () C:\Users\AGANDO\Downloads\software_removal_tool.log
2015-01-28 09:13 - 2015-01-28 09:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-28 09:07 - 2015-01-28 09:07 - 02194432 _____ () C:\Users\AGANDO\Downloads\AdwCleaner_4.109(1).exe
2015-01-27 09:36 - 2015-01-28 09:10 - 00000000 ____D () C:\AdwCleaner
2015-01-27 09:36 - 2015-01-27 09:36 - 02194432 _____ () C:\Users\AGANDO\Downloads\adwcleaner_4.109.exe
2015-01-26 19:03 - 2015-01-26 19:03 - 00001532 _____ () C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
2015-01-26 19:03 - 2015-01-26 19:03 - 00001241 _____ () C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
2015-01-26 19:03 - 2015-01-26 19:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2015-01-26 19:03 - 2015-01-26 19:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2015-01-26 19:03 - 2015-01-26 19:03 - 00000000 ____D () C:\Program Files (x86)\Free Codec Pack
2015-01-26 19:03 - 2015-01-26 19:03 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2015-01-26 19:00 - 2015-01-28 20:21 - 00000000 ____D () C:\Users\AGANDO\AppData\Roaming\DVDVideoSoft
2015-01-26 18:59 - 2015-01-26 18:59 - 03534792 _____ (DVDVideoSoft Ltd. ) C:\Users\AGANDO\Downloads\FreeYouTubeToMP3Converter.exe
2015-01-26 18:33 - 2015-01-27 09:43 - 00003598 _____ () C:\Windows\PFRO.log
2015-01-26 14:24 - 2015-01-26 14:24 - 00000000 ____D () C:\Program Files\Google
2015-01-26 14:23 - 2015-01-31 18:08 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-26 14:23 - 2015-01-31 12:33 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-26 14:23 - 2015-01-26 14:28 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-01-26 14:23 - 2015-01-26 14:28 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-01-26 14:23 - 2015-01-26 14:24 - 00000000 ____D () C:\ProgramData\Google
2015-01-26 14:23 - 2015-01-26 14:24 - 00000000 ____D () C:\ProgramData\Google
2015-01-26 14:23 - 2015-01-26 14:23 - 02243616 _____ (Google Inc.) C:\Users\AGANDO\Downloads\GoogleToolbarInstaller_en32_signed.exe
2015-01-26 12:32 - 2015-01-26 12:32 - 00000226 _____ () C:\Users\AGANDO\Desktop\Eric Clapton & Friends - Call Me The Breeze (Official Music Video) - YouTube.URL
2015-01-26 12:26 - 2015-01-26 12:26 - 00000226 _____ () C:\Users\AGANDO\Desktop\PENTATONIC SCALE PATTERNS LESSON #1 TUTORIAL - YouTube.URL
2015-01-26 11:35 - 2015-01-26 14:53 - 00116660 _____ () C:\Users\AGANDO\AppData\Local\sinder.txt
2015-01-26 11:35 - 2015-01-26 11:35 - 00000000 ____D () C:\Program Files (x86)\WiredTools
2015-01-26 11:35 - 2014-07-16 11:47 - 00004520 _____ () C:\Windows\SysWOW64\WiredTools.ini
2015-01-26 11:35 - 2014-07-16 11:47 - 00002352 _____ () C:\Windows\SysWOW64\WiredToolsOff.ini
2015-01-26 11:35 - 2014-07-04 22:53 - 00338992 _____ (WiredTools Ltd.) C:\Windows\system32\WiredTools64.dll
2015-01-26 11:35 - 2014-07-04 22:53 - 00296080 _____ (WiredTools Ltd.) C:\Windows\SysWOW64\WiredTools.dll
2015-01-26 11:34 - 2015-01-26 14:53 - 00124476 _____ () C:\Users\AGANDO\AppData\Local\viewer.txt
2015-01-26 11:30 - 2014-07-07 10:54 - 02599936 _____ (Digia Plc and/or its subsidiary(-ies)) C:\Users\AGANDO\AppData\Local\QtCore4.dll
2015-01-26 11:30 - 2014-04-20 04:40 - 13108224 _____ (Digia Plc and/or its subsidiary(-ies)) C:\Users\AGANDO\AppData\Local\QtWebKit4.dll
2015-01-26 11:30 - 2014-04-20 02:43 - 08587264 _____ (Digia Plc and/or its subsidiary(-ies)) C:\Users\AGANDO\AppData\Local\QtGui4.dll
2015-01-26 11:30 - 2014-04-20 02:38 - 01053184 _____ (Digia Plc and/or its subsidiary(-ies)) C:\Users\AGANDO\AppData\Local\QtNetwork4.dll
2015-01-26 11:30 - 2013-03-18 17:45 - 01122304 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\Users\AGANDO\AppData\Local\libeay32.dll
2015-01-26 11:30 - 2013-03-18 17:45 - 00274432 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\Users\AGANDO\AppData\Local\ssleay32.dll
2015-01-26 11:30 - 2011-06-11 00:58 - 00773968 _____ (Microsoft Corporation) C:\Users\AGANDO\AppData\Local\msvcr100.dll
2015-01-26 11:30 - 2011-06-11 00:58 - 00421200 _____ (Microsoft Corporation) C:\Users\AGANDO\AppData\Local\msvcp100.dll
2015-01-26 11:27 - 2015-01-26 11:27 - 00372568 _____ () C:\Users\AGANDO\Downloads\SoftonicDownloader_fuer_keepvid.exe
2015-01-26 10:29 - 2015-01-28 20:43 - 00002095 _____ () C:\Users\AGANDO\Downloads\mp3DirectCut.ini
2015-01-26 10:28 - 2015-01-26 10:28 - 00000716 _____ () C:\Users\AGANDO\Desktop\mp3DirectCut.lnk
2015-01-26 10:28 - 2015-01-26 10:28 - 00000000 ____D () C:\Users\AGANDO\Downloads\Languages
2015-01-26 10:28 - 2014-04-04 22:03 - 00004003 _____ () C:\Users\AGANDO\Downloads\Version.txt
2015-01-26 10:28 - 2014-04-04 20:42 - 00135200 _____ (Martin Pesch) C:\Users\AGANDO\Downloads\mp3DirectCut.exe
2015-01-26 10:28 - 2014-04-04 16:45 - 00029583 _____ () C:\Users\AGANDO\Downloads\Manual.htm
2015-01-26 10:28 - 2014-04-03 13:42 - 00001764 _____ () C:\Users\AGANDO\Downloads\License.txt
2015-01-26 10:28 - 2014-04-02 14:35 - 00016230 _____ () C:\Users\AGANDO\Downloads\FAQ.htm
2015-01-26 10:26 - 2015-01-26 10:26 - 00308709 _____ () C:\Users\AGANDO\Downloads\mp3DC220.exe
2015-01-26 10:18 - 2015-01-26 10:21 - 00000000 ____D () C:\ProgramData\iRinger
2015-01-26 10:18 - 2015-01-26 10:21 - 00000000 ____D () C:\ProgramData\iRinger
2015-01-26 10:18 - 2015-01-26 10:18 - 01191200 _____ () C:\Users\AGANDO\Downloads\iRinger - CHIP-Installer.exe
2015-01-26 09:59 - 2015-01-26 09:59 - 00000000 ____D () C:\Windows\Tasks\ImCleanDisabled
2015-01-26 09:59 - 2015-01-26 09:59 - 00000000 ____D () C:\Users\AGANDO\AppData\Roaming\Apple Computer
2015-01-26 09:59 - 2015-01-26 09:59 - 00000000 ____D () C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
2015-01-26 09:59 - 2015-01-26 09:59 - 00000000 ____D () C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
2015-01-26 09:58 - 2015-01-27 09:39 - 00002888 _____ () C:\Windows\System32\Tasks\Uninstaller_SkipUac_AGANDO
2015-01-26 09:58 - 2015-01-26 10:02 - 00000000 ____D () C:\Program Files (x86)\IObit
2015-01-26 09:58 - 2015-01-26 09:59 - 00000000 ____D () C:\ProgramData\ProductData
2015-01-26 09:58 - 2015-01-26 09:59 - 00000000 ____D () C:\ProgramData\ProductData
2015-01-26 09:58 - 2015-01-26 09:59 - 00000000 ____D () C:\ProgramData\IObit
2015-01-26 09:58 - 2015-01-26 09:59 - 00000000 ____D () C:\ProgramData\IObit
2015-01-26 09:58 - 2015-01-26 09:58 - 00001252 _____ () C:\Users\AGANDO\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk
2015-01-26 09:58 - 2015-01-26 09:58 - 00001228 _____ () C:\Users\Public\Desktop\IObit Uninstaller.lnk
2015-01-26 09:58 - 2015-01-26 09:58 - 00000000 ____D () C:\Users\AGANDO\AppData\Roaming\ProductData
2015-01-26 09:58 - 2015-01-26 09:58 - 00000000 ____D () C:\Users\AGANDO\AppData\Roaming\IObit
2015-01-26 09:58 - 2015-01-26 09:58 - 00000000 ____D () C:\Users\AGANDO\AppData\IObit
2015-01-26 09:56 - 2015-01-26 09:57 - 01191200 _____ () C:\Users\AGANDO\Downloads\IObit Uninstaller - CHIP-Installer.exe
2015-01-25 20:29 - 2015-01-25 20:30 - 00000049 ____H () C:\Users\AGANDO\Downloads\.picasa.ini
2015-01-24 11:16 - 2015-01-24 11:16 - 00000882 _____ () C:\Users\Public\Desktop\Metronome 4.0.lnk
2015-01-24 11:16 - 2015-01-24 11:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Metronome
2015-01-24 11:16 - 2015-01-24 11:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Metronome
2015-01-24 11:16 - 2015-01-24 11:16 - 00000000 ____D () C:\Program Files\Metronome 4.0
2015-01-24 11:11 - 2015-01-24 11:11 - 00000000 ____D () C:\Users\AGANDO\Documents\weirdmet
2015-01-24 09:48 - 2015-01-31 18:08 - 00004200 _____ () C:\Windows\setupact.log
2015-01-24 09:48 - 2015-01-24 09:48 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-23 14:24 - 2015-01-23 14:24 - 00000000 ____D () C:\Users\AGANDO\AppData\Local\4hd
2015-01-23 14:23 - 2015-01-24 11:16 - 00000014 _____ () C:\Windows\mm.sys
2015-01-23 14:23 - 2015-01-23 14:24 - 00000000 ____D () C:\Program Files (x86)\4HD
2015-01-23 14:23 - 2015-01-23 14:23 - 00000030 ____H () C:\Windows\~mem001.sys
2015-01-23 14:23 - 2003-12-01 06:39 - 00024576 _____ () C:\Windows\Metronome 4.0 Uninstall.exe
2015-01-23 14:22 - 2015-01-23 14:22 - 00372592 _____ () C:\Users\AGANDO\Downloads\SoftonicDownloader_fuer_fast-soft-metronome.exe
2015-01-23 14:14 - 2015-01-23 14:14 - 00000063 _____ () C:\Windows\wininit.ini
2015-01-23 14:13 - 2015-01-23 14:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GCH Guitar academy
2015-01-23 14:13 - 2015-01-23 14:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GCH Guitar academy
2015-01-23 14:07 - 2015-01-23 14:10 - 10250969 _____ () C:\Users\AGANDO\Downloads\metronome.zip
2015-01-23 14:06 - 2015-01-23 14:06 - 01191200 _____ () C:\Users\AGANDO\Downloads\Metronome - CHIP-Installer.exe
2015-01-23 14:05 - 2015-01-23 14:05 - 00000000 ____D () C:\Users\AGANDO\AppData\Local\Temp5130868870d146a12d3c4c69ba9ca860
2015-01-23 14:02 - 2015-01-23 14:03 - 00000000 ____D () C:\Users\AGANDO\Downloads\Metronome-Plus
2015-01-23 14:01 - 2015-01-23 14:01 - 00000000 ____D () C:\Users\AGANDO\AppData\Roaming\NVIDIA
2015-01-23 14:00 - 2015-01-23 14:01 - 01045496 _____ () C:\Users\AGANDO\Downloads\Metronome-Plus-lnstall.exe
2015-01-23 08:46 - 2015-01-23 08:46 - 03244390 _____ (Igor Pavlov) C:\Users\AGANDO\Downloads\kamera-widget(1).exe
2015-01-22 20:40 - 2015-01-22 20:40 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2015-01-22 20:40 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2015-01-22 20:40 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2015-01-22 20:40 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2015-01-22 20:40 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2015-01-22 20:40 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2015-01-22 20:40 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2015-01-22 20:40 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2015-01-22 20:40 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2015-01-22 20:40 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2015-01-22 20:40 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2015-01-22 20:40 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2015-01-22 20:40 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2015-01-22 20:40 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2015-01-22 20:40 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2015-01-22 20:40 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2015-01-22 20:40 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2015-01-22 20:40 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2015-01-22 20:40 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2015-01-22 20:40 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2015-01-22 20:40 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2015-01-22 20:40 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2015-01-22 20:40 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2015-01-22 20:36 - 2015-01-24 17:56 - 00000000 ____D () C:\Program Files (x86)\Microsoft Games
2015-01-22 19:55 - 2015-01-22 19:55 - 00000000 __SHD () C:\Users\AGANDO\AppData\Local\EmieBrowserModeList
2015-01-22 19:54 - 2015-01-22 19:54 - 01191200 _____ () C:\Users\AGANDO\Downloads\Demo Flight Simulator X - CHIP-Installer.exe
2015-01-17 20:13 - 2015-01-17 20:13 - 04816704 _____ (Online Sheet Music, Inc. ) C:\Users\AGANDO\Downloads\OnlineSheetMusicViewer8.3.4.0.exe
2015-01-17 20:05 - 2015-01-17 20:05 - 00000000 ____D () C:\Users\AGANDO\AppData\Roaming\Sibelius Software
2015-01-17 19:56 - 2015-01-17 19:56 - 00597488 _____ () C:\Users\AGANDO\AppData\Roaming\Scorch_Install.log
2015-01-17 19:56 - 2015-01-17 19:56 - 00000000 ____D () C:\Program Files (x86)\Sibelius Software
2015-01-17 19:55 - 2015-01-17 19:56 - 17795912 _____ (Sibelius Software, a division of Avid Technology, Inc.) C:\Users\AGANDO\Downloads\InstallScorch.exe
2015-01-16 19:36 - 2015-01-16 19:36 - 03244390 _____ (Igor Pavlov) C:\Users\AGANDO\Downloads\kamera-widget.exe
2015-01-14 14:06 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 14:06 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 14:06 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 14:06 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 14:06 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 14:06 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 14:06 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 14:06 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 14:06 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 14:06 - 2014-12-11 18:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 14:06 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 14:06 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 14:06 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-31 18:15 - 2014-09-21 12:11 - 00003938 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{598AE1E5-34A6-4C87-8505-B40D7A1B3F57}
2015-01-31 18:15 - 2009-07-14 05:45 - 00028720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-31 18:15 - 2009-07-14 05:45 - 00028720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-31 18:14 - 2011-04-12 08:43 - 00699868 _____ () C:\Windows\system32\perfh007.dat
2015-01-31 18:14 - 2011-04-12 08:43 - 00149750 _____ () C:\Windows\system32\perfc007.dat
2015-01-31 18:14 - 2009-07-14 06:13 - 01622228 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-31 18:12 - 2014-06-08 18:08 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-31 18:11 - 2014-11-29 09:46 - 02033002 _____ () C:\Windows\WindowsUpdate.log
2015-01-31 18:09 - 2014-12-19 13:17 - 00000000 ___RD () C:\Users\AGANDO\Dropbox
2015-01-31 18:09 - 2014-12-19 13:15 - 00000000 ____D () C:\Users\AGANDO\AppData\Roaming\Dropbox
2015-01-31 18:09 - 2014-06-01 13:07 - 00000000 ____D () C:\Users\AGANDO\AppData\Roaming\Skype
2015-01-31 18:08 - 2014-05-27 18:17 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-31 18:08 - 2014-05-27 18:17 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-31 18:08 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-30 11:34 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-30 09:48 - 2014-06-01 08:51 - 00000000 ____D () C:\Users\AGANDO\AppData\Roaming\SoftGrid Client
2015-01-28 09:22 - 2014-05-31 09:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-27 09:18 - 2009-07-14 05:45 - 00298848 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-26 19:10 - 2014-05-27 18:14 - 00073776 _____ () C:\Users\AGANDO\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-26 19:09 - 2014-06-04 08:21 - 00000000 ____D () C:\Users\AGANDO\AppData\Roaming\Samsung
2015-01-26 19:09 - 2014-06-04 08:18 - 00000000 ____D () C:\ProgramData\Samsung
2015-01-26 19:09 - 2014-06-04 08:18 - 00000000 ____D () C:\ProgramData\Samsung
2015-01-26 19:09 - 2014-06-04 08:18 - 00000000 ____D () C:\Program Files (x86)\Samsung
2015-01-26 19:09 - 2014-05-27 18:06 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-01-26 19:06 - 2014-12-26 14:44 - 00000000 ____D () C:\ProgramData\tmp
2015-01-26 19:06 - 2014-12-26 14:44 - 00000000 ____D () C:\ProgramData\tmp
2015-01-26 19:06 - 2014-12-26 14:42 - 00000000 ____D () C:\Program Files\Pixum
2015-01-26 14:24 - 2014-05-31 09:45 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-26 12:09 - 2014-05-31 09:45 - 00000000 ____D () C:\Users\AGANDO\AppData\Local\Google
2015-01-26 10:29 - 2014-01-16 17:54 - 00000000 ____D () C:\Users\AGANDO\Documents\Exceldateien
2015-01-26 10:19 - 2014-06-08 18:08 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-26 10:19 - 2014-06-08 18:08 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-26 10:19 - 2014-06-08 18:08 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-26 10:07 - 2014-06-04 08:20 - 00000000 ____D () C:\Program Files (x86)\MyFree Codec
2015-01-24 17:55 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-01-24 17:55 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-01-24 11:04 - 2014-05-27 18:01 - 00000000 ____D () C:\Users\AGANDO\AppData\Local\VirtualStore
2015-01-21 13:13 - 2014-06-12 12:16 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-21 13:13 - 2014-06-12 12:16 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-21 13:13 - 2014-06-12 12:16 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-21 13:12 - 2014-08-11 08:24 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2015-01-21 13:12 - 2014-06-12 12:16 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2015-01-21 13:12 - 2014-06-12 12:16 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2015-01-21 13:12 - 2014-06-12 12:16 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-01-14 14:19 - 2014-06-10 12:53 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 14:16 - 2014-06-10 12:53 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-05 10:53 - 2014-10-09 12:01 - 00000000 ____D () C:\Program Files (x86)\ElsterFormular
2015-01-05 10:52 - 2014-10-09 12:03 - 00000000 ____D () C:\Users\AGANDO\AppData\Local\.elfohilfe
2015-01-05 10:52 - 2014-05-27 18:01 - 00000000 ____D () C:\Users\AGANDO
2015-01-03 13:28 - 2014-01-16 17:43 - 00000000 ____D () C:\Users\AGANDO\Documents\Worddateien
2015-01-02 09:06 - 2014-06-01 13:07 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-01-02 09:05 - 2014-06-01 13:07 - 00000000 ____D () C:\ProgramData\Skype
2015-01-02 09:05 - 2014-06-01 13:07 - 00000000 ____D () C:\ProgramData\Skype

==================== Files in the root of some directories =======

2015-01-17 19:56 - 2015-01-17 19:56 - 0597488 _____ () C:\Users\AGANDO\AppData\Roaming\Scorch_Install.log
2014-08-21 11:13 - 2014-12-08 10:51 - 0007680 _____ () C:\Users\AGANDO\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-26 11:30 - 2013-03-18 17:45 - 1122304 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\Users\AGANDO\AppData\Local\libeay32.dll
2015-01-26 11:34 - 2015-01-26 14:53 - 0101169 _____ () C:\Users\AGANDO\AppData\Local\log.txt
2015-01-26 11:30 - 2011-06-11 00:58 - 0421200 _____ (Microsoft Corporation) C:\Users\AGANDO\AppData\Local\msvcp100.dll
2015-01-26 11:30 - 2011-06-11 00:58 - 0773968 _____ (Microsoft Corporation) C:\Users\AGANDO\AppData\Local\msvcr100.dll
2015-01-26 11:30 - 2014-07-07 10:54 - 2599936 _____ (Digia Plc and/or its subsidiary(-ies)) C:\Users\AGANDO\AppData\Local\QtCore4.dll
2015-01-26 11:30 - 2014-04-20 02:43 - 8587264 _____ (Digia Plc and/or its subsidiary(-ies)) C:\Users\AGANDO\AppData\Local\QtGui4.dll
2015-01-26 11:30 - 2014-04-20 02:38 - 1053184 _____ (Digia Plc and/or its subsidiary(-ies)) C:\Users\AGANDO\AppData\Local\QtNetwork4.dll
2015-01-26 11:30 - 2014-04-20 04:40 - 13108224 _____ (Digia Plc and/or its subsidiary(-ies)) C:\Users\AGANDO\AppData\Local\QtWebKit4.dll
2015-01-26 11:35 - 2015-01-26 14:53 - 0116660 _____ () C:\Users\AGANDO\AppData\Local\sinder.txt
2015-01-26 11:30 - 2013-03-18 17:45 - 0274432 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\Users\AGANDO\AppData\Local\ssleay32.dll
2015-01-26 11:34 - 2015-01-26 14:53 - 0124476 _____ () C:\Users\AGANDO\AppData\Local\viewer.txt

Some content of TEMP:
====================
C:\Users\AGANDO\AppData\Local\Temp\4hd-setup.exe
C:\Users\AGANDO\AppData\Local\Temp\avgnt.exe
C:\Users\AGANDO\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpimx61q.dll
C:\Users\AGANDO\AppData\Local\Temp\FreeYouTubeToMP3Converter.exe
C:\Users\AGANDO\AppData\Local\Temp\keepvid_updater.exe
C:\Users\AGANDO\AppData\Local\Temp\mailcheck_ff_2014_12_02.exe
C:\Users\AGANDO\AppData\Local\Temp\sdan.exe
C:\Users\AGANDO\AppData\Local\Temp\sdapk.exe
C:\Users\AGANDO\AppData\Local\Temp\sdaspwn.exe
C:\Users\AGANDO\AppData\Local\Temp\setup.exe
C:\Users\AGANDO\AppData\Local\Temp\smw_FF.exe
C:\Users\AGANDO\AppData\Local\Temp\smw_FF[1].exe
C:\Users\AGANDO\AppData\Local\Temp\SpOrder.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-30 18:52

==================== End Of Log ============================
--- --- ---


Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-01-2015
Ran by AGANDO at 2015-01-30 20:11:20
Running from C:\Users\AGANDO\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Antivirus Pro (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.7 - Atheros Communications Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform)
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
Dropbox (HKU\S-1-5-21-4230170062-206650724-3253433267-1000\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 15.3.14949 - Landesfinanzdirektion Thüringen)
Free YouTube to MP3 Converter version 3.12.53.113 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.53.113 - DVDVideoSoft Ltd.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Hardcopy (HKLM-x32\...\Hardcopy) (Version: 2014.10.06 - www.hardcopy.de)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.5.235 - Intel Corporation)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 4.2.6.1 - IObit)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Lexmark 2200 Series (HKLM\...\Lexmark 2200 Series) (Version:  - Lexmark International, Inc.)
marvell 91xx driver (HKLM-x32\...\MagniDriver) (Version: 1.2.0.1020 - Marvell)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Metronome 4.0 (HKLM-x32\...\Metronome 4.0) (Version:  - )
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0407-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser und SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
NVIDIA 3D Vision Controller-Treiber 335.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 335.21 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 335.23 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden
Remove 4HD (HKLM-x32\...\4HD) (Version: 1.0.5263.177 - Lollipop Network SL) <==== ATTENTION
Samsung Universal Print Driver 2 (HKLM-x32\...\Samsung Universal Print Driver 2) (Version: 2.50.05.00 - Samsung Electronics Co., Ltd.)
SHIELD Streaming (Version: 2.1.214 - NVIDIA Corporation) Hidden
Sibelius Scorch (Firefox, Opera, Netscape, Chrome only) (HKLM-x32\...\{41626CC0-A854-4402-AD06-D7939515C282}) (Version: 6.2.0 - Sibelius Software, a division of Avid Technology, Inc.)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.2 - IObit)
Turbo Lister 2 (HKLM-x32\...\{8927E07C-97F7-4A54-88FB-D976F50DD46E}) (Version: 2.00.0000 - eBay Inc.)
VIA Plattform-Geräte-Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.)
WiredTools (HKLM-x32\...\WiredTools_is1) (Version: 2.3.2.0 - WiredTools LTD)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-4230170062-206650724-3253433267-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\AGANDO\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4230170062-206650724-3253433267-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\AGANDO\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4230170062-206650724-3253433267-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\AGANDO\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4230170062-206650724-3253433267-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\AGANDO\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4230170062-206650724-3253433267-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\AGANDO\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4230170062-206650724-3253433267-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\AGANDO\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4230170062-206650724-3253433267-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\AGANDO\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4230170062-206650724-3253433267-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\AGANDO\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4230170062-206650724-3253433267-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\AGANDO\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

14-01-2015 14:16:32 Windows Update
16-01-2015 19:36:44 Installed Zetta Widget
17-01-2015 19:56:35 Installed Sibelius Scorch (Firefox, Opera, Netscape, Chrome only).
22-01-2015 20:35:29 Installiert Microsoft Flight Simulator X Demo
23-01-2015 13:49:50 Windows Update
24-01-2015 17:54:44 Konfiguriert Microsoft Flight Simulator X Demo
26-01-2015 19:08:20 Removed Samsung Kies

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {108D91DE-251D-4160-955E-D8ACC8B57EE7} - System32\Tasks\hcdll2_ex_x64 => C:\Program Files (x86)\Hardcopy\hcdll2_ex_x64.exe [2012-11-08] ()
Task: {22348B50-B1C4-4F8B-A084-2B76F4844336} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {4E6C077E-47AB-43E0-BFCA-3BC5AAA7DA62} - System32\Tasks\Uninstaller_SkipUac_AGANDO => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2015-01-26] (IObit)
Task: {62FCBA5F-7BAB-45D9-9EF6-CB752B2AD279} - System32\Tasks\{B76F97CE-6B6D-4281-BA36-F6C543049234} => pcalua.exe -a D:\Setup.exe -d D:\
Task: {7725DFB3-E838-4642-B832-74EF2E7DB1EE} - System32\Tasks\{BCC8346C-C89A-4AA5-9215-289C2217D628} => pcalua.exe -a C:\Users\AGANDO\Documents\ostarter\Office-Starter\SetupConsumerC2ROLW.exe -d C:\Users\AGANDO\Documents\ostarter\Office-Starter
Task: {77812E12-A0C9-4ECD-BA3A-17F1A6E92270} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-26] (Google Inc.)
Task: {973AC5FA-527E-42AF-8B0C-19A801B91AAE} - System32\Tasks\hcdll2_ex_Win32 => C:\Program Files (x86)\Hardcopy\hcdll2_ex_Win32.exe [2013-07-17] ()
Task: {AD7460C7-340E-4499-8978-52902BAE9622} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-06-24] (Piriform Ltd)
Task: {B9FCAFE7-947E-4BAD-B155-5B3FA83B11C0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-26] (Google Inc.)
Task: {CF1C4724-ADDD-43FA-A2F6-B1CE452570A9} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {FEC3AD1D-56A8-4B39-86ED-57CDFB1C5CDF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-26] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2009-11-19 02:34 - 2009-11-19 02:34 - 00022016 _____ () C:\Windows\System32\suge1l6.dll
2014-09-18 11:53 - 2014-04-16 09:22 - 00029184 _____ () C:\Windows\System32\usp01l.dll
2014-05-27 18:17 - 2014-03-04 14:05 - 00116056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-10-29 20:17 - 2013-10-30 10:49 - 00126968 _____ () C:\Program Files (x86)\Hardcopy\HcDLL2_43_x64.dll
2014-11-06 13:47 - 2012-11-08 07:38 - 00044608 _____ () C:\Program Files (x86)\Hardcopy\hcdll2_ex_x64.exe
2014-11-06 13:47 - 2013-07-17 16:03 - 00037880 _____ () C:\Program Files (x86)\Hardcopy\hcdll2_ex_Win32.exe
2009-11-19 02:34 - 2009-11-19 02:34 - 00327168 _____ () C:\Windows\system32\SaMinDrv.dll
2014-05-27 18:08 - 2012-08-09 11:55 - 00078480 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2014-05-27 18:08 - 2012-08-09 11:55 - 00386192 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2014-09-18 11:53 - 2014-07-04 07:39 - 00249368 _____ () c:\windows\system32\spool\drivers\x64\3\usp01pi.exe
2014-09-18 11:53 - 2014-07-24 19:54 - 01194496 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\usp01du.dll
2014-09-18 11:53 - 2014-04-16 09:20 - 01817600 _____ () C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\X64\3\USP01UM.DLL
2014-11-06 13:47 - 2012-07-05 14:56 - 00052800 _____ () C:\Program Files (x86)\Hardcopy\hardcopy_05.dll
2014-10-29 20:17 - 2013-10-30 10:49 - 00117752 _____ () C:\Program Files (x86)\Hardcopy\HcDLL2_43_Win32.dll
2014-11-06 13:47 - 2014-10-06 14:26 - 03650016 _____ () C:\Program Files (x86)\Hardcopy\HcDllS.dll
2014-12-19 13:17 - 2014-10-22 01:22 - 00750080 _____ () C:\Users\AGANDO\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-01-30 17:25 - 2015-01-30 17:25 - 00043008 _____ () c:\users\agando\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpzhgaay.dll
2014-12-19 13:17 - 2014-10-22 01:22 - 00047616 _____ () C:\Users\AGANDO\AppData\Roaming\Dropbox\bin\libEGL.dll
2014-12-19 13:17 - 2014-10-22 01:22 - 00863744 _____ () C:\Users\AGANDO\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2014-12-19 13:17 - 2014-10-22 01:22 - 00200704 _____ () C:\Users\AGANDO\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2014-10-17 09:57 - 2014-10-17 09:57 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\1eeea3ab8d69ec722bdcb28b8eb8dd75\IsdiInterop.ni.dll
2014-05-27 18:09 - 2012-02-01 15:25 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2014-05-27 18:07 - 2012-06-25 09:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2015-01-28 09:13 - 2015-01-28 09:13 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2015-01-25 13:12 - 2015-01-25 13:12 - 16844976 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-4230170062-206650724-3253433267-500 - Administrator - Disabled)
AGANDO (S-1-5-21-4230170062-206650724-3253433267-1000 - Administrator - Enabled) => C:\Users\AGANDO
Gast (S-1-5-21-4230170062-206650724-3253433267-501 - Limited - Disabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/30/2015 05:27:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/30/2015 11:36:13 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/30/2015 09:11:56 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/29/2015 08:36:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/29/2015 06:37:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/28/2015 06:47:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/28/2015 09:24:05 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/28/2015 08:58:47 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/27/2015 08:30:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/27/2015 06:43:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (01/27/2015 09:42:09 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Application Virtualization Client" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (01/27/2015 09:42:08 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (01/27/2015 09:42:08 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Client Virtualization Handler" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (01/27/2015 09:42:08 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Modules Installer" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (01/27/2015 09:42:08 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Center-Empfängerdienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (01/27/2015 09:42:08 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Rapid Storage Technology" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (01/27/2015 09:42:08 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Management and Security Application User Notification Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (01/27/2015 09:42:07 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NVIDIA Streamer Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (01/27/2015 09:42:07 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Application Virtualization Service Agent" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (01/27/2015 09:42:07 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Skype Click to Call PNR Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


Microsoft Office Sessions:
=========================
Error: (01/30/2015 05:27:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/30/2015 11:36:13 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/30/2015 09:11:56 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/29/2015 08:36:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/29/2015 06:37:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/28/2015 06:47:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/28/2015 09:24:05 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/28/2015 08:58:47 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/27/2015 08:30:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/27/2015 06:43:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz
Percentage of memory in use: 38%
Total physical RAM: 4056.09 MB
Available physical RAM: 2509.57 MB
Total Pagefile: 8110.36 MB
Available Pagefile: 5573.24 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.42 GB) (Free:347.07 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 0AB1CB3C)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.4 GB) - (Type=07 NTFS)

==================== End Of Log ============================

schrauber 31.01.2015 23:19
Lade Dir bitte von hier Revo Uninstaller Download Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
  • Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
  • Klicke auf Optionen und wähle als Sprache Deutsch.
  • Suche im Uninstallerfeld nach den Programmen:

    Remove 4HD


  • Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

 





Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Duplo15 01.02.2015 14:01
Code:
ComboFix 15-01-29.01 - AGANDO 01.02.2015  13:45:18.1.4 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.4056.2221 [GMT 1:00]
ausgeführt von:: c:\users\AGANDO\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\AGANDO\AppData\Local\libeay32.dll
c:\users\AGANDO\AppData\Local\log.txt
c:\users\AGANDO\AppData\Local\msvcp100.dll
c:\users\AGANDO\AppData\Local\msvcr100.dll
c:\users\AGANDO\AppData\Local\QtCore4.dll
c:\users\AGANDO\AppData\Local\ssleay32.dll
c:\users\AGANDO\AppData\Roaming\Scorch_Install.log
c:\users\AGANDO\WINDOWS
c:\windows\security\Database\tmp.edb
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((  Dateien erstellt von 2015-01-01 bis 2015-02-01  ))))))))))))))))))))))))))))))
.
.
2015-02-01 12:48 . 2015-02-01 12:48        --------        d-----w-        c:\users\Default\AppData\Local\temp
2015-02-01 12:06 . 2015-02-01 12:06        --------        d-----w-        c:\program files (x86)\VS Revo Group
2015-01-30 19:09 . 2015-01-31 17:20        --------        d-----w-        C:\FRST
2015-01-27 08:36 . 2015-01-28 08:10        --------        d-----w-        C:\AdwCleaner
2015-01-26 18:03 . 2015-01-26 18:03        --------        d-----w-        c:\program files (x86)\Free Codec Pack
2015-01-26 18:03 . 2015-01-26 18:03        --------        d-----w-        c:\program files (x86)\DVDVideoSoft
2015-01-26 18:03 . 2015-01-26 18:03        --------        d-----w-        c:\program files (x86)\Common Files\DVDVideoSoft
2015-01-26 18:00 . 2015-01-28 19:21        --------        d-----w-        c:\users\AGANDO\AppData\Roaming\DVDVideoSoft
2015-01-26 13:24 . 2015-01-26 13:24        --------        d-----w-        c:\program files\Google
2015-01-26 10:35 . 2014-07-04 21:53        338992        ----a-w-        c:\windows\system32\WiredTools64.dll
2015-01-26 10:35 . 2014-07-04 21:53        296080        ----a-w-        c:\windows\SysWow64\WiredTools.dll
2015-01-26 10:35 . 2015-01-26 10:35        --------        d-----w-        c:\program files (x86)\WiredTools
2015-01-26 10:30 . 2014-04-20 03:40        13108224        ----a-w-        c:\users\AGANDO\AppData\Local\QtWebKit4.dll
2015-01-26 10:30 . 2014-04-20 01:43        8587264        ----a-w-        c:\users\AGANDO\AppData\Local\QtGui4.dll
2015-01-26 10:30 . 2014-04-20 01:38        1053184        ----a-w-        c:\users\AGANDO\AppData\Local\QtNetwork4.dll
2015-01-26 09:18 . 2015-01-26 09:21        --------        d-----w-        c:\programdata\iRinger
2015-01-26 08:59 . 2015-01-26 08:59        --------        d-----w-        c:\users\AGANDO\AppData\Roaming\Apple Computer
2015-01-26 08:59 . 2015-01-26 08:59        --------        d-----w-        c:\programdata\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
2015-01-26 08:59 . 2015-01-26 08:59        --------        d-----w-        c:\program files (x86)\Common Files\IObit
2015-01-26 08:58 . 2015-01-26 08:58        --------        d-----w-        c:\users\AGANDO\AppData\Roaming\ProductData
2015-01-26 08:58 . 2015-01-26 08:59        --------        d-----w-        c:\programdata\IObit
2015-01-26 08:58 . 2015-01-26 08:59        --------        d-----w-        c:\programdata\ProductData
2015-01-26 08:58 . 2015-01-26 09:02        --------        d-----w-        c:\program files (x86)\IObit
2015-01-26 08:58 . 2015-01-26 08:58        --------        d-----w-        c:\users\AGANDO\AppData\Roaming\IObit
2015-01-24 10:16 . 2015-01-24 10:16        --------        d-----w-        c:\program files\Metronome 4.0
2015-01-23 13:23 . 2015-01-24 10:16        14        ----a-w-        c:\windows\mm.sys
2015-01-23 13:23 . 2015-01-23 13:23        30        ---ha-w-        c:\windows\~mem001.sys
2015-01-23 13:23 . 2003-12-01 05:39        24576        ----a-w-        c:\windows\Metronome 4.0 Uninstall.exe
2015-01-23 13:05 . 2015-01-23 13:05        --------        d-----w-        c:\users\AGANDO\AppData\Local\Temp5130868870d146a12d3c4c69ba9ca860
2015-01-23 13:01 . 2015-01-23 13:01        --------        d-----w-        c:\users\AGANDO\AppData\Roaming\NVIDIA
2015-01-22 19:36 . 2015-01-24 16:56        --------        d-----w-        c:\program files (x86)\Microsoft Games
2015-01-22 18:55 . 2015-01-22 18:55        --------        d-sh--w-        c:\users\AGANDO\AppData\Local\EmieBrowserModeList
2015-01-21 12:13 . 2015-01-21 12:13        --------        d-----w-        c:\program files (x86)\Common Files\Java
2015-01-17 19:13 . 2015-01-27 08:18        --------        d-----w-        c:\program files (x86)\Online Sheet Music
2015-01-17 19:13 . 2015-01-17 19:14        --------        d-----w-        c:\programdata\Online Sheet Music
2015-01-17 19:05 . 2015-01-17 19:05        --------        d-----w-        c:\users\AGANDO\AppData\Roaming\Sibelius Software
2015-01-17 18:56 . 2015-01-17 18:56        --------        d-----w-        c:\program files (x86)\Sibelius Software
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-01-31 09:04 . 2014-07-23 08:17        163504        ----a-w-        c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
2015-01-26 09:19 . 2014-06-08 17:08        71344        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-01-26 09:19 . 2014-06-08 17:08        701616        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2015-01-21 12:12 . 2014-06-12 11:16        98216        ----a-w-        c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-01-14 13:16 . 2014-06-10 11:53        113365784        ----a-w-        c:\windows\system32\MRT.exe
2014-12-13 05:09 . 2014-12-18 12:04        144384        ----a-w-        c:\windows\system32\ieUnatt.exe
2014-12-13 03:33 . 2014-12-18 12:04        115712        ----a-w-        c:\windows\SysWow64\ieUnatt.exe
2014-12-11 17:40 . 2014-08-16 14:53        1236816        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2014-12-10 11:16 . 2014-08-16 14:53        893552        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2014-12-10 11:16 . 2014-08-16 14:53        42168        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2014-12-04 02:50 . 2014-12-11 13:52        413184        ----a-w-        c:\windows\system32\generaltel.dll
2014-12-04 02:50 . 2014-12-11 13:52        741376        ----a-w-        c:\windows\system32\invagent.dll
2014-12-04 02:50 . 2014-12-11 13:52        396800        ----a-w-        c:\windows\system32\devinv.dll
2014-12-04 02:50 . 2014-12-11 13:52        830976        ----a-w-        c:\windows\system32\appraiser.dll
2014-12-04 02:50 . 2014-12-11 13:52        192000        ----a-w-        c:\windows\system32\aepic.dll
2014-12-04 02:50 . 2014-12-11 13:52        227328        ----a-w-        c:\windows\system32\aepdu.dll
2014-12-04 02:44 . 2014-12-11 13:52        1083392        ----a-w-        c:\windows\system32\aeinv.dll
2014-12-03 14:22 . 2014-09-05 08:07        893552        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2014-12-03 14:22 . 2014-09-05 08:07        42168        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2014-12-01 23:28 . 2014-12-11 13:52        1232040        ----a-w-        c:\windows\system32\aitstatic.exe
2014-11-27 01:43 . 2014-12-11 13:52        389296        ----a-w-        c:\windows\system32\iedkcs32.dll
2014-11-22 03:13 . 2014-12-11 13:52        25059840        ----a-w-        c:\windows\system32\mshtml.dll
2014-11-22 03:06 . 2014-12-11 13:52        2724864        ----a-w-        c:\windows\system32\mshtml.tlb
2014-11-22 03:06 . 2014-12-11 13:52        4096        ----a-w-        c:\windows\system32\ieetwcollectorres.dll
2014-11-22 02:50 . 2014-12-11 13:52        66560        ----a-w-        c:\windows\system32\iesetup.dll
2014-11-22 02:50 . 2014-12-11 13:52        580096        ----a-w-        c:\windows\system32\vbscript.dll
2014-11-22 02:49 . 2014-12-11 13:52        48640        ----a-w-        c:\windows\system32\ieetwproxystub.dll
2014-11-22 02:49 . 2014-12-11 13:52        2885120        ----a-w-        c:\windows\system32\iertutil.dll
2014-11-22 02:48 . 2014-12-11 13:52        88064        ----a-w-        c:\windows\system32\MshtmlDac.dll
2014-11-22 02:41 . 2014-12-11 13:52        54784        ----a-w-        c:\windows\system32\jsproxy.dll
2014-11-22 02:40 . 2014-12-11 13:52        34304        ----a-w-        c:\windows\system32\iernonce.dll
2014-11-22 02:37 . 2014-12-11 13:52        633856        ----a-w-        c:\windows\system32\ieui.dll
2014-11-22 02:35 . 2014-12-11 13:52        114688        ----a-w-        c:\windows\system32\ieetwcollector.exe
2014-11-22 02:34 . 2014-12-11 13:52        814080        ----a-w-        c:\windows\system32\jscript9diag.dll
2014-11-22 02:34 . 2014-12-11 13:52        6039552        ----a-w-        c:\windows\system32\jscript9.dll
2014-11-22 02:26 . 2014-12-11 13:52        968704        ----a-w-        c:\windows\system32\MsSpellCheckingFacility.exe
2014-11-22 02:22 . 2014-12-11 13:52        490496        ----a-w-        c:\windows\system32\dxtmsft.dll
2014-11-22 02:20 . 2014-12-11 13:52        2724864        ----a-w-        c:\windows\SysWow64\mshtml.tlb
2014-11-22 02:14 . 2014-12-11 13:52        77824        ----a-w-        c:\windows\system32\JavaScriptCollectionAgent.dll
2014-11-22 02:09 . 2014-12-11 13:52        199680        ----a-w-        c:\windows\system32\msrating.dll
2014-11-22 02:08 . 2014-12-11 13:52        92160        ----a-w-        c:\windows\system32\mshtmled.dll
2014-11-22 02:07 . 2014-12-11 13:52        501248        ----a-w-        c:\windows\SysWow64\vbscript.dll
2014-11-22 02:07 . 2014-12-11 13:52        62464        ----a-w-        c:\windows\SysWow64\iesetup.dll
2014-11-22 02:06 . 2014-12-11 13:52        47616        ----a-w-        c:\windows\SysWow64\ieetwproxystub.dll
2014-11-22 02:05 . 2014-12-11 13:52        64000        ----a-w-        c:\windows\SysWow64\MshtmlDac.dll
2014-11-22 02:05 . 2014-12-11 13:52        316928        ----a-w-        c:\windows\system32\dxtrans.dll
2014-11-22 01:54 . 2014-12-11 13:52        620032        ----a-w-        c:\windows\SysWow64\jscript9diag.dll
2014-11-22 01:49 . 2014-12-11 13:52        718848        ----a-w-        c:\windows\system32\ie4uinit.exe
2014-11-22 01:49 . 2014-12-11 13:52        800768        ----a-w-        c:\windows\system32\msfeeds.dll
2014-11-22 01:47 . 2014-12-11 13:52        1359360        ----a-w-        c:\windows\system32\mshtmlmedia.dll
2014-11-22 01:46 . 2014-12-11 13:52        2125312        ----a-w-        c:\windows\system32\inetcpl.cpl
2014-11-22 01:43 . 2014-12-11 13:52        14412800        ----a-w-        c:\windows\system32\ieframe.dll
2014-11-22 01:40 . 2014-12-11 13:52        60416        ----a-w-        c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-22 01:29 . 2014-12-11 13:52        4299264        ----a-w-        c:\windows\SysWow64\jscript9.dll
2014-11-22 01:28 . 2014-12-11 13:52        2358272        ----a-w-        c:\windows\system32\wininet.dll
2014-11-22 01:22 . 2014-12-11 13:52        2052096        ----a-w-        c:\windows\SysWow64\inetcpl.cpl
2014-11-22 01:21 . 2014-12-11 13:52        1155072        ----a-w-        c:\windows\SysWow64\mshtmlmedia.dll
2014-11-22 01:15 . 2014-12-11 13:52        1548288        ----a-w-        c:\windows\system32\urlmon.dll
2014-11-22 01:03 . 2014-12-11 13:52        800768        ----a-w-        c:\windows\system32\ieapfltr.dll
2014-11-22 01:00 . 2014-12-11 13:52        1888256        ----a-w-        c:\windows\SysWow64\wininet.dll
2014-11-11 03:09 . 2014-12-11 13:52        1424384        ----a-w-        c:\windows\system32\WindowsCodecs.dll
2014-11-11 03:08 . 2014-11-19 11:16        241152        ----a-w-        c:\windows\system32\pku2u.dll
2014-11-11 03:08 . 2014-11-19 11:16        728064        ----a-w-        c:\windows\system32\kerberos.dll
2014-11-11 02:44 . 2014-12-11 13:52        1230336        ----a-w-        c:\windows\SysWow64\WindowsCodecs.dll
2014-11-11 02:44 . 2014-11-19 11:16        186880        ----a-w-        c:\windows\SysWow64\pku2u.dll
2014-11-11 02:44 . 2014-11-19 11:16        550912        ----a-w-        c:\windows\SysWow64\kerberos.dll
2014-11-11 01:46 . 2014-12-11 13:52        119296        ----a-w-        c:\windows\system32\drivers\tdx.sys
2014-11-08 03:16 . 2014-12-11 13:47        2048        ----a-w-        c:\windows\system32\tzres.dll
2014-11-08 02:45 . 2014-12-11 13:47        2048        ----a-w-        c:\windows\SysWow64\tzres.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-12-11 30878816]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2012-08-09 5263504]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2012-02-29 56088]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-05-20 291648]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-12-09 702768]
.
c:\users\AGANDO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\AGANDO\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-12-19 39207112]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Hardcopy.LNK - c:\program files (x86)\Hardcopy\hardcopy.exe [2014-11-6 3751904]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.150\SSScheduler.exe [2014-4-9 332016]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AntiVirMailService;Avira Email-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avmailc7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avmailc7.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe [x]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys;c:\windows\SYSNATIVE\DRIVERS\avnetflt.sys [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 lxbv_device;lxbv_device;c:\windows\system32\lxbvcoms.exe;c:\windows\SYSNATIVE\lxbvcoms.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys;c:\windows\SYSNATIVE\Drivers\SSPORT.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe;c:\windows\SYSNATIVE\viakaraokesrv.exe [x]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
S3 VUSB3HUB;VIA USB 3 Root Hub Service;c:\windows\system32\DRIVERS\ViaHub3.sys;c:\windows\SYSNATIVE\DRIVERS\ViaHub3.sys [x]
S3 xhcdrv;VIA USB eXtensible Host Controller Service;c:\windows\system32\DRIVERS\xhcdrv.sys;c:\windows\SYSNATIVE\DRIVERS\xhcdrv.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2015-02-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-08 09:19]
.
2015-02-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-01-26 13:23]
.
2015-02-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-01-26 13:23]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
2015-01-26 08:58        2471744        ----a-w-        c:\program files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-18 17:22        164760        ----a-w-        c:\users\AGANDO\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-18 17:22        164760        ----a-w-        c:\users\AGANDO\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-18 17:22        164760        ----a-w-        c:\users\AGANDO\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-18 17:22        164760        ----a-w-        c:\users\AGANDO\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-18 17:22        164760        ----a-w-        c:\users\AGANDO\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-18 17:22        164760        ----a-w-        c:\users\AGANDO\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-18 17:22        164760        ----a-w-        c:\users\AGANDO\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-18 17:22        164760        ----a-w-        c:\users\AGANDO\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VIAxHCUtl"="c:\via_xhci\usb3Monitor.exe" [2011-07-12 331776]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-05-29 2352072]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-05-29 1279480]
.
------- Zusätzlicher Suchlauf -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uLocal Page = c:\windows\system32\blank.htm
mDefault_Search_URL = about:blank
mDefault_Page_URL = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = about:blank
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\AGANDO\AppData\Roaming\Mozilla\Firefox\Profiles\zl9ojpxi.default-1422433099013\
FF - prefs.js: browser.startup.homepage - hxxp://www.t-online.de/
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_296_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_296_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_296_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_296_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_296.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.16"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_296.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_296.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_296.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2015-02-01  13:49:28
ComboFix-quarantined-files.txt  2015-02-01 12:49
.
Vor Suchlauf: 22 Verzeichnis(se), 376.759.095.296 Bytes frei
Nach Suchlauf: 26 Verzeichnis(se), 376.324.558.848 Bytes frei
.
- - End Of File - - 15E74B0C42DCC04C89090EA70F126BC6

schrauber 01.02.2015 17:38
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

Duplo15 02.02.2015 14:05
Hallo Schrauber
Erstmal ein herzliches Dankeschön vorab für deine ausführliche Anleitung.
Hier sind die Files:
FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015
Ran by AGANDO (administrator) on AGANDO-PC on 02-02-2015 14:00:36
Running from C:\Users\AGANDO\Downloads
Loaded Profiles: AGANDO (Available profiles: AGANDO)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Program Files (x86)\Hardcopy\hcdll2_ex_x64.exe
() C:\Program Files (x86)\Hardcopy\hcdll2_ex_Win32.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
( ) C:\Windows\System32\lxbvcoms.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(VIA Technologies, Inc.) C:\VIA_XHCI\usb3Monitor.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(sw4you) C:\Program Files (x86)\Hardcopy\hardcopy.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Dropbox, Inc.) C:\Users\AGANDO\AppData\Roaming\Dropbox\bin\Dropbox.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_296.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_296.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Farbar) C:\Users\AGANDO\Downloads\FRST64(1).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [VIAxHCUtl] => C:\VIA_XHCI\usb3Monitor.exe [331776 2011-07-12] (VIA Technologies, Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2352072 2014-05-30] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5263504 2012-08-09] (VIA)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-20] (Intel Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-09] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-4230170062-206650724-3253433267-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30878816 2014-12-11] (Skype Technologies S.A.)
Startup: C:\Users\AGANDO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\AGANDO\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hardcopy.LNK
ShortcutTarget: Hardcopy.LNK -> C:\Program Files (x86)\Hardcopy\hardcopy.exe (sw4you)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hardcopy.LNK
ShortcutTarget: Hardcopy.LNK -> C:\Program Files (x86)\Hardcopy\hardcopy.exe (sw4you)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-4230170062-206650724-3253433267-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-4230170062-206650724-3253433267-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-4230170062-206650724-3253433267-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
HKU\S-1-5-21-4230170062-206650724-3253433267-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4230170062-206650724-3253433267-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\AGANDO\AppData\Roaming\Mozilla\Firefox\Profiles\zl9ojpxi.default-1422433099013
FF Homepage: hxxp://www.t-online.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @Sibelius.com/Scorch Plugin,version=6.2.0.88 -> C:\Program Files (x86)\Sibelius Software\Scorch\npsibelius.dll ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPSibelius.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\PDFNetC.dll (PDFTron Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ScorchAxPlugin.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ScorchPDFWrapper.dll ()
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-01-28]
FF HKU\S-1-5-21-4230170062-206650724-3253433267-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
FF HKU\S-1-5-21-4230170062-206650724-3253433267-1000\...\Firefox\Extensions: [SoundFrost@helper.com] - C:\Program Files (x86)\keepvid\SoundFrost.xpi

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [807672 2014-12-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [993584 2014-12-09] (Avira Operations GmbH & Co. KG)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2635552 2015-01-26] (IObit)
R2 lxbv_device; C:\Windows\system32\lxbvcoms.exe [566704 2007-04-25] ( )
R2 lxbv_device; C:\Windows\SysWOW64\lxbvcoms.exe [537520 2007-04-25] ( )
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1631008 2014-05-30] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21055432 2014-05-30] (NVIDIA Corporation)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27792 2012-08-03] (VIA Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-02-14] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [43064 2014-10-09] (Avira Operations GmbH & Co. KG)
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [110744 2012-07-19] (Qualcomm Atheros Co., Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-02] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-05-30] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
R3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [205312 2012-01-20] (VIA Technologies, Inc.)
R3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [254464 2012-01-20] (VIA Technologies, Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-02 14:00 - 2015-02-02 14:00 - 02131456 _____ (Farbar) C:\Users\AGANDO\Downloads\FRST64(1).exe
2015-02-02 13:45 - 2015-02-02 13:45 - 00000844 _____ () C:\Users\AGANDO\Desktop\JRT.txt
2015-02-02 13:43 - 2015-02-02 13:43 - 01707939 _____ (Thisisu) C:\Users\AGANDO\Downloads\JRT.exe
2015-02-02 13:43 - 2015-02-02 13:43 - 00000000 ____D () C:\Windows\ERUNT
2015-02-02 13:27 - 2015-02-02 13:27 - 00001149 _____ () C:\Users\AGANDO\Desktop\AdwCleaner[S1].txt
2015-02-02 13:12 - 2015-02-02 13:12 - 00001557 _____ () C:\Users\AGANDO\Desktop\mbam.txt
2015-02-02 12:39 - 2015-02-02 13:57 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-02 12:39 - 2015-02-02 13:02 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-02 12:39 - 2015-02-02 13:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-02 12:39 - 2015-02-02 13:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-02 12:39 - 2015-02-02 13:02 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-02 12:39 - 2015-02-02 12:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-02 12:39 - 2015-02-02 12:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-02 12:39 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-02 12:39 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-02 12:39 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-02 12:37 - 2015-02-02 12:38 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\AGANDO\Downloads\mbam-setup-2.0.4.1028.exe
2015-02-01 13:49 - 2015-02-01 13:49 - 00028327 _____ () C:\ComboFix.txt
2015-02-01 13:44 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-02-01 13:44 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-02-01 13:44 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-02-01 13:44 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-02-01 13:44 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-02-01 13:44 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-02-01 13:44 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-02-01 13:44 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-02-01 13:21 - 2015-02-01 13:49 - 00000000 ____D () C:\Qoobox
2015-02-01 13:20 - 2015-02-01 13:48 - 00000000 ____D () C:\Windows\erdnt
2015-02-01 13:18 - 2015-02-01 13:18 - 05611408 ____R (Swearware) C:\Users\AGANDO\Downloads\ComboFix.exe
2015-02-01 13:06 - 2015-02-01 13:06 - 00001264 _____ () C:\Users\AGANDO\Desktop\Revo Uninstaller.lnk
2015-02-01 13:06 - 2015-02-01 13:06 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-02-01 13:04 - 2015-02-01 13:04 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\AGANDO\Downloads\revosetup95.exe
2015-01-31 18:19 - 2015-01-31 18:19 - 00000000 ____D () C:\Users\AGANDO\Downloads\FRST-OlderVersion
2015-01-30 20:11 - 2015-01-30 20:12 - 00025137 _____ () C:\Users\AGANDO\Downloads\Addition.txt
2015-01-30 20:10 - 2015-02-02 14:00 - 00018521 _____ () C:\Users\AGANDO\Downloads\FRST.txt
2015-01-30 20:09 - 2015-02-02 14:00 - 00000000 ____D () C:\FRST
2015-01-30 20:09 - 2015-01-31 18:19 - 02130944 _____ (Farbar) C:\Users\AGANDO\Downloads\FRST64.exe
2015-01-28 09:18 - 2015-01-28 09:18 - 00000000 ____D () C:\Users\AGANDO\Desktop\Alte Firefox-Daten
2015-01-28 09:16 - 2015-01-28 09:16 - 00001697 _____ () C:\Users\AGANDO\Downloads\software_removal_tool.log
2015-01-28 09:13 - 2015-01-28 09:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-28 09:07 - 2015-01-28 09:07 - 02194432 _____ () C:\Users\AGANDO\Downloads\AdwCleaner_4.109(1).exe
2015-01-27 09:36 - 2015-02-02 13:40 - 00000000 ____D () C:\AdwCleaner
2015-01-27 09:36 - 2015-01-27 09:36 - 02194432 _____ () C:\Users\AGANDO\Downloads\adwcleaner_4.109.exe
2015-01-26 19:03 - 2015-01-26 19:03 - 00001532 _____ () C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
2015-01-26 19:03 - 2015-01-26 19:03 - 00001241 _____ () C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
2015-01-26 19:03 - 2015-01-26 19:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2015-01-26 19:03 - 2015-01-26 19:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2015-01-26 19:03 - 2015-01-26 19:03 - 00000000 ____D () C:\Program Files (x86)\Free Codec Pack
2015-01-26 19:03 - 2015-01-26 19:03 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2015-01-26 19:00 - 2015-01-28 20:21 - 00000000 ____D () C:\Users\AGANDO\AppData\Roaming\DVDVideoSoft
2015-01-26 18:59 - 2015-01-26 18:59 - 03534792 _____ (DVDVideoSoft Ltd. ) C:\Users\AGANDO\Downloads\FreeYouTubeToMP3Converter.exe
2015-01-26 18:33 - 2015-02-02 13:28 - 00006548 _____ () C:\Windows\PFRO.log
2015-01-26 14:24 - 2015-01-26 14:24 - 00000000 ____D () C:\Program Files\Google
2015-01-26 14:23 - 2015-02-02 13:55 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-26 14:23 - 2015-02-02 13:33 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-26 14:23 - 2015-01-26 14:28 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-01-26 14:23 - 2015-01-26 14:28 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-01-26 14:23 - 2015-01-26 14:24 - 00000000 ____D () C:\ProgramData\Google
2015-01-26 14:23 - 2015-01-26 14:24 - 00000000 ____D () C:\ProgramData\Google
2015-01-26 14:23 - 2015-01-26 14:23 - 02243616 _____ (Google Inc.) C:\Users\AGANDO\Downloads\GoogleToolbarInstaller_en32_signed.exe
2015-01-26 12:32 - 2015-01-26 12:32 - 00000226 _____ () C:\Users\AGANDO\Desktop\Eric Clapton & Friends - Call Me The Breeze (Official Music Video) - YouTube.URL
2015-01-26 12:26 - 2015-01-26 12:26 - 00000226 _____ () C:\Users\AGANDO\Desktop\PENTATONIC SCALE PATTERNS LESSON #1 TUTORIAL - YouTube.URL
2015-01-26 11:35 - 2015-01-26 14:53 - 00116660 _____ () C:\Users\AGANDO\AppData\Local\sinder.txt
2015-01-26 11:35 - 2015-01-26 11:35 - 00000000 ____D () C:\Program Files (x86)\WiredTools
2015-01-26 11:35 - 2014-07-16 11:47 - 00004520 _____ () C:\Windows\SysWOW64\WiredTools.ini
2015-01-26 11:35 - 2014-07-16 11:47 - 00002352 _____ () C:\Windows\SysWOW64\WiredToolsOff.ini
2015-01-26 11:35 - 2014-07-04 22:53 - 00338992 _____ (WiredTools Ltd.) C:\Windows\system32\WiredTools64.dll
2015-01-26 11:35 - 2014-07-04 22:53 - 00296080 _____ (WiredTools Ltd.) C:\Windows\SysWOW64\WiredTools.dll
2015-01-26 11:34 - 2015-01-26 14:53 - 00124476 _____ () C:\Users\AGANDO\AppData\Local\viewer.txt
2015-01-26 11:30 - 2014-04-20 04:40 - 13108224 _____ (Digia Plc and/or its subsidiary(-ies)) C:\Users\AGANDO\AppData\Local\QtWebKit4.dll
2015-01-26 11:30 - 2014-04-20 02:43 - 08587264 _____ (Digia Plc and/or its subsidiary(-ies)) C:\Users\AGANDO\AppData\Local\QtGui4.dll
2015-01-26 11:30 - 2014-04-20 02:38 - 01053184 _____ (Digia Plc and/or its subsidiary(-ies)) C:\Users\AGANDO\AppData\Local\QtNetwork4.dll
2015-01-26 10:29 - 2015-01-28 20:43 - 00002095 _____ () C:\Users\AGANDO\Downloads\mp3DirectCut.ini
2015-01-26 10:28 - 2015-01-26 10:28 - 00000716 _____ () C:\Users\AGANDO\Desktop\mp3DirectCut.lnk
2015-01-26 10:28 - 2015-01-26 10:28 - 00000000 ____D () C:\Users\AGANDO\Downloads\Languages
2015-01-26 10:28 - 2014-04-04 22:03 - 00004003 _____ () C:\Users\AGANDO\Downloads\Version.txt
2015-01-26 10:28 - 2014-04-04 20:42 - 00135200 _____ (Martin Pesch) C:\Users\AGANDO\Downloads\mp3DirectCut.exe
2015-01-26 10:28 - 2014-04-04 16:45 - 00029583 _____ () C:\Users\AGANDO\Downloads\Manual.htm
2015-01-26 10:28 - 2014-04-03 13:42 - 00001764 _____ () C:\Users\AGANDO\Downloads\License.txt
2015-01-26 10:28 - 2014-04-02 14:35 - 00016230 _____ () C:\Users\AGANDO\Downloads\FAQ.htm
2015-01-26 10:26 - 2015-01-26 10:26 - 00308709 _____ () C:\Users\AGANDO\Downloads\mp3DC220.exe
2015-01-26 10:18 - 2015-01-26 10:21 - 00000000 ____D () C:\ProgramData\iRinger
2015-01-26 10:18 - 2015-01-26 10:21 - 00000000 ____D () C:\ProgramData\iRinger
2015-01-26 10:18 - 2015-01-26 10:18 - 01191200 _____ () C:\Users\AGANDO\Downloads\iRinger - CHIP-Installer.exe
2015-01-26 09:59 - 2015-01-26 09:59 - 00000000 ____D () C:\Windows\Tasks\ImCleanDisabled
2015-01-26 09:59 - 2015-01-26 09:59 - 00000000 ____D () C:\Users\AGANDO\AppData\Roaming\Apple Computer
2015-01-26 09:59 - 2015-01-26 09:59 - 00000000 ____D () C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
2015-01-26 09:59 - 2015-01-26 09:59 - 00000000 ____D () C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
2015-01-26 09:58 - 2015-02-02 13:58 - 00002888 _____ () C:\Windows\System32\Tasks\Uninstaller_SkipUac_AGANDO
2015-01-26 09:58 - 2015-02-02 11:31 - 00000000 ____D () C:\ProgramData\ProductData
2015-01-26 09:58 - 2015-02-02 11:31 - 00000000 ____D () C:\ProgramData\ProductData
2015-01-26 09:58 - 2015-01-26 10:02 - 00000000 ____D () C:\Program Files (x86)\IObit
2015-01-26 09:58 - 2015-01-26 09:59 - 00000000 ____D () C:\ProgramData\IObit
2015-01-26 09:58 - 2015-01-26 09:59 - 00000000 ____D () C:\ProgramData\IObit
2015-01-26 09:58 - 2015-01-26 09:58 - 00001252 _____ () C:\Users\AGANDO\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk
2015-01-26 09:58 - 2015-01-26 09:58 - 00001228 _____ () C:\Users\Public\Desktop\IObit Uninstaller.lnk
2015-01-26 09:58 - 2015-01-26 09:58 - 00000000 ____D () C:\Users\AGANDO\AppData\Roaming\ProductData
2015-01-26 09:58 - 2015-01-26 09:58 - 00000000 ____D () C:\Users\AGANDO\AppData\Roaming\IObit
2015-01-26 09:58 - 2015-01-26 09:58 - 00000000 ____D () C:\Users\AGANDO\AppData\IObit
2015-01-26 09:56 - 2015-01-26 09:57 - 01191200 _____ () C:\Users\AGANDO\Downloads\IObit Uninstaller - CHIP-Installer.exe
2015-01-25 20:29 - 2015-01-25 20:30 - 00000049 ____H () C:\Users\AGANDO\Downloads\.picasa.ini
2015-01-24 11:16 - 2015-01-24 11:16 - 00000882 _____ () C:\Users\Public\Desktop\Metronome 4.0.lnk
2015-01-24 11:16 - 2015-01-24 11:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Metronome
2015-01-24 11:16 - 2015-01-24 11:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Metronome
2015-01-24 11:16 - 2015-01-24 11:16 - 00000000 ____D () C:\Program Files\Metronome 4.0
2015-01-24 11:11 - 2015-01-24 11:11 - 00000000 ____D () C:\Users\AGANDO\Documents\weirdmet
2015-01-24 09:48 - 2015-02-02 13:55 - 00005432 _____ () C:\Windows\setupact.log
2015-01-24 09:48 - 2015-01-24 09:48 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-23 14:23 - 2015-01-24 11:16 - 00000014 _____ () C:\Windows\mm.sys
2015-01-23 14:23 - 2015-01-23 14:23 - 00000030 ____H () C:\Windows\~mem001.sys
2015-01-23 14:23 - 2003-12-01 06:39 - 00024576 _____ () C:\Windows\Metronome 4.0 Uninstall.exe
2015-01-23 14:13 - 2015-01-23 14:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GCH Guitar academy
2015-01-23 14:13 - 2015-01-23 14:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GCH Guitar academy
2015-01-23 14:07 - 2015-01-23 14:10 - 10250969 _____ () C:\Users\AGANDO\Downloads\metronome.zip
2015-01-23 14:06 - 2015-01-23 14:06 - 01191200 _____ () C:\Users\AGANDO\Downloads\Metronome - CHIP-Installer.exe
2015-01-23 14:05 - 2015-01-23 14:05 - 00000000 ____D () C:\Users\AGANDO\AppData\Local\Temp5130868870d146a12d3c4c69ba9ca860
2015-01-23 14:02 - 2015-01-23 14:03 - 00000000 ____D () C:\Users\AGANDO\Downloads\Metronome-Plus
2015-01-23 14:01 - 2015-01-23 14:01 - 00000000 ____D () C:\Users\AGANDO\AppData\Roaming\NVIDIA
2015-01-23 08:46 - 2015-01-23 08:46 - 03244390 _____ (Igor Pavlov) C:\Users\AGANDO\Downloads\kamera-widget(1).exe
2015-01-22 20:40 - 2015-01-22 20:40 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2015-01-22 20:40 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2015-01-22 20:40 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2015-01-22 20:40 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2015-01-22 20:40 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2015-01-22 20:40 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2015-01-22 20:40 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2015-01-22 20:40 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2015-01-22 20:40 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2015-01-22 20:40 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2015-01-22 20:40 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2015-01-22 20:40 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2015-01-22 20:40 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2015-01-22 20:40 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2015-01-22 20:40 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2015-01-22 20:40 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2015-01-22 20:40 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2015-01-22 20:40 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2015-01-22 20:40 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2015-01-22 20:40 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2015-01-22 20:40 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2015-01-22 20:40 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2015-01-22 20:40 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2015-01-22 20:36 - 2015-01-24 17:56 - 00000000 ____D () C:\Program Files (x86)\Microsoft Games
2015-01-22 19:55 - 2015-01-22 19:55 - 00000000 __SHD () C:\Users\AGANDO\AppData\Local\EmieBrowserModeList
2015-01-22 19:54 - 2015-01-22 19:54 - 01191200 _____ () C:\Users\AGANDO\Downloads\Demo Flight Simulator X - CHIP-Installer.exe
2015-01-17 20:13 - 2015-01-17 20:13 - 04816704 _____ (Online Sheet Music, Inc. ) C:\Users\AGANDO\Downloads\OnlineSheetMusicViewer8.3.4.0.exe
2015-01-17 20:05 - 2015-01-17 20:05 - 00000000 ____D () C:\Users\AGANDO\AppData\Roaming\Sibelius Software
2015-01-17 19:56 - 2015-01-17 19:56 - 00000000 ____D () C:\Program Files (x86)\Sibelius Software
2015-01-17 19:55 - 2015-01-17 19:56 - 17795912 _____ (Sibelius Software, a division of Avid Technology, Inc.) C:\Users\AGANDO\Downloads\InstallScorch.exe
2015-01-16 19:36 - 2015-01-16 19:36 - 03244390 _____ (Igor Pavlov) C:\Users\AGANDO\Downloads\kamera-widget.exe
2015-01-14 14:06 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 14:06 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 14:06 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 14:06 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 14:06 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 14:06 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 14:06 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 14:06 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 14:06 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 14:06 - 2014-12-11 18:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 14:06 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 14:06 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 14:06 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-02 13:56 - 2014-12-19 13:17 - 00000000 ___RD () C:\Users\AGANDO\Dropbox
2015-02-02 13:56 - 2014-12-19 13:15 - 00000000 ____D () C:\Users\AGANDO\AppData\Roaming\Dropbox
2015-02-02 13:56 - 2014-06-01 13:07 - 00000000 ____D () C:\Users\AGANDO\AppData\Roaming\Skype
2015-02-02 13:55 - 2014-05-27 18:17 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-02 13:55 - 2014-05-27 18:17 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-02 13:55 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-02 13:54 - 2014-11-29 09:46 - 01105044 _____ () C:\Windows\WindowsUpdate.log
2015-02-02 13:36 - 2009-07-14 05:45 - 00028720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-02 13:36 - 2009-07-14 05:45 - 00028720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-02 13:34 - 2011-04-12 08:43 - 00699868 _____ () C:\Windows\system32\perfh007.dat
2015-02-02 13:34 - 2011-04-12 08:43 - 00149750 _____ () C:\Windows\system32\perfc007.dat
2015-02-02 13:34 - 2009-07-14 06:13 - 01622228 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-02 13:12 - 2014-06-08 18:08 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-02 11:33 - 2014-09-21 12:11 - 00003938 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{598AE1E5-34A6-4C87-8505-B40D7A1B3F57}
2015-02-01 13:49 - 2014-06-03 08:22 - 00000000 ____D () C:\Users\Hoffmann
2015-02-01 13:49 - 2014-01-14 15:48 - 00000000 ____D () C:\Users\All Users.WINDOWS
2015-02-01 13:49 - 2014-01-14 15:47 - 00000000 ____D () C:\Users\Administrator.TEST-BD004CB97B
2015-02-01 13:48 - 2014-05-27 18:01 - 00000000 ____D () C:\Users\AGANDO
2015-02-01 13:48 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-01-30 11:34 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-30 09:48 - 2014-06-01 08:51 - 00000000 ____D () C:\Users\AGANDO\AppData\Roaming\SoftGrid Client
2015-01-28 09:22 - 2014-05-31 09:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-27 09:18 - 2009-07-14 05:45 - 00298848 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-26 19:10 - 2014-05-27 18:14 - 00073776 _____ () C:\Users\AGANDO\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-26 19:09 - 2014-06-04 08:21 - 00000000 ____D () C:\Users\AGANDO\AppData\Roaming\Samsung
2015-01-26 19:09 - 2014-06-04 08:18 - 00000000 ____D () C:\ProgramData\Samsung
2015-01-26 19:09 - 2014-06-04 08:18 - 00000000 ____D () C:\ProgramData\Samsung
2015-01-26 19:09 - 2014-06-04 08:18 - 00000000 ____D () C:\Program Files (x86)\Samsung
2015-01-26 19:09 - 2014-05-27 18:06 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-01-26 19:06 - 2014-12-26 14:44 - 00000000 ____D () C:\ProgramData\tmp
2015-01-26 19:06 - 2014-12-26 14:44 - 00000000 ____D () C:\ProgramData\tmp
2015-01-26 19:06 - 2014-12-26 14:42 - 00000000 ____D () C:\Program Files\Pixum
2015-01-26 14:24 - 2014-05-31 09:45 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-26 12:09 - 2014-05-31 09:45 - 00000000 ____D () C:\Users\AGANDO\AppData\Local\Google
2015-01-26 10:29 - 2014-01-16 17:54 - 00000000 ____D () C:\Users\AGANDO\Documents\Exceldateien
2015-01-26 10:19 - 2014-06-08 18:08 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-26 10:19 - 2014-06-08 18:08 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-26 10:19 - 2014-06-08 18:08 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-24 17:55 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-01-24 17:55 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-01-24 11:04 - 2014-05-27 18:01 - 00000000 ____D () C:\Users\AGANDO\AppData\Local\VirtualStore
2015-01-21 13:13 - 2014-06-12 12:16 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-21 13:13 - 2014-06-12 12:16 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-21 13:13 - 2014-06-12 12:16 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-21 13:12 - 2014-08-11 08:24 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2015-01-21 13:12 - 2014-06-12 12:16 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2015-01-21 13:12 - 2014-06-12 12:16 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2015-01-21 13:12 - 2014-06-12 12:16 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-01-14 14:19 - 2014-06-10 12:53 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 14:16 - 2014-06-10 12:53 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-05 10:53 - 2014-10-09 12:01 - 00000000 ____D () C:\Program Files (x86)\ElsterFormular
2015-01-05 10:52 - 2014-10-09 12:03 - 00000000 ____D () C:\Users\AGANDO\AppData\Local\.elfohilfe
2015-01-03 13:28 - 2014-01-16 17:43 - 00000000 ____D () C:\Users\AGANDO\Documents\Worddateien

==================== Files in the root of some directories =======

2014-08-21 11:13 - 2014-12-08 10:51 - 0007680 _____ () C:\Users\AGANDO\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-26 11:30 - 2014-04-20 02:43 - 8587264 _____ (Digia Plc and/or its subsidiary(-ies)) C:\Users\AGANDO\AppData\Local\QtGui4.dll
2015-01-26 11:30 - 2014-04-20 02:38 - 1053184 _____ (Digia Plc and/or its subsidiary(-ies)) C:\Users\AGANDO\AppData\Local\QtNetwork4.dll
2015-01-26 11:30 - 2014-04-20 04:40 - 13108224 _____ (Digia Plc and/or its subsidiary(-ies)) C:\Users\AGANDO\AppData\Local\QtWebKit4.dll
2015-01-26 11:35 - 2015-01-26 14:53 - 0116660 _____ () C:\Users\AGANDO\AppData\Local\sinder.txt
2015-01-26 11:34 - 2015-01-26 14:53 - 0124476 _____ () C:\Users\AGANDO\AppData\Local\viewer.txt

Some content of TEMP:
====================
C:\Users\AGANDO\AppData\Local\Temp\avgnt.exe
C:\Users\AGANDO\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpizqv4z.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-30 18:52

==================== End Of Log ============================
--- --- ---

Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 02.02.2015
Scan Time: 12:41:56
Logfile: mbam.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.02.02.02
Rootkit Database: v2015.01.14.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: AGANDO

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 423616
Time Elapsed: 15 min, 58 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 4
PUP.Optional.Giga, C:\Users\AGANDO\Downloads\Metronome-Plus-lnstall.exe, Quarantined, [6b3fcc4dc4c6082e9dfce6b241c426da],
PUP.Optional.Softonic, C:\Users\AGANDO\Downloads\SoftonicDownloader_fuer_fast-soft-metronome.exe, Quarantined, [c3e734e557338da9f8c034260cf448b8],
PUP.Optional.Softonic, C:\Users\AGANDO\Downloads\SoftonicDownloader_fuer_keepvid.exe, Quarantined, [5c4e56c3305ac670f4c40f4b15eb58a8],
Rogue.AntiVirusPro, C:\Users\AGANDO\Desktop\Antivirus Pro starten.lnk, Quarantined, [0c9ebd5ce5a587afbf29bd40917213ed],

Physical Sectors: 0
(No malicious items detected)


(end)
Code:
# AdwCleaner v4.109 - Bericht erstellt am 02/02/2015 um 13:27:28
# Aktualisiert 24/01/2015 von Xplode
# Database : 2015-01-26.1 [Live]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : AGANDO - AGANDO-PC
# Gestartet von : C:\Users\AGANDO\Downloads\AdwCleaner_4.109(1).exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Mozilla Firefox v35.0.1 (x86 de)


*************************

AdwCleaner[R0].txt - [3528 octets] - [27/01/2015 09:36:47]
AdwCleaner[R1].txt - [3588 octets] - [27/01/2015 09:40:11]
AdwCleaner[R2].txt - [965 octets] - [28/01/2015 09:09:39]
AdwCleaner[R3].txt - [1026 octets] - [02/02/2015 13:18:29]
AdwCleaner[R4].txt - [1087 octets] - [02/02/2015 13:26:48]
AdwCleaner[S0].txt - [3552 octets] - [27/01/2015 09:42:06]
AdwCleaner[S1].txt - [1009 octets] - [02/02/2015 13:27:28]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1069 octets] ##########
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Home Premium x64
Ran by AGANDO on 02.02.2015 at 13:43:43,46
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files (x86)\myfree codec"



~~~ FireFox

Emptied folder: C:\Users\AGANDO\AppData\Roaming\mozilla\firefox\profiles\zl9ojpxi.default-1422433099013\minidumps [1 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 02.02.2015 at 13:45:34,06
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

schrauber 02.02.2015 17:56

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

Duplo15 02.02.2015 19:53
Hallo Schrauber
Die Pop ups sind verschwunden.
Brauch ich den ESET Scanner und den Security Check dennoch?
Gruß Duplo15

schrauber 03.02.2015 07:56
Ja, zur Kontrolle auf Reste und so :)

Duplo15 03.02.2015 17:21
Hallo Schrauber
ESET online scanner hat nach dem scan Vorgang den Fehler 202 gemeldet.
Im Folgenden FRST Log und check up Log:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015
Ran by AGANDO (administrator) on AGANDO-PC on 03-02-2015 17:16:15
Running from C:\Users\AGANDO\Downloads
Loaded Profiles: AGANDO (Available profiles: AGANDO)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
() C:\Program Files (x86)\Hardcopy\hcdll2_ex_x64.exe
() C:\Program Files (x86)\Hardcopy\hcdll2_ex_Win32.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
( ) C:\Windows\System32\lxbvcoms.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(VIA Technologies, Inc.) C:\VIA_XHCI\usb3Monitor.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(sw4you) C:\Program Files (x86)\Hardcopy\hardcopy.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Dropbox, Inc.) C:\Users\AGANDO\AppData\Roaming\Dropbox\bin\Dropbox.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
() C:\Windows\System32\spool\drivers\x64\3\usp01pi.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_296.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_296.exe
() C:\Users\AGANDO\Downloads\SecurityCheck.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Farbar) C:\Users\AGANDO\Downloads\FRST64(1).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [VIAxHCUtl] => C:\VIA_XHCI\usb3Monitor.exe [331776 2011-07-12] (VIA Technologies, Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2352072 2014-05-30] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5263504 2012-08-09] (VIA)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-20] (Intel Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-09] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-4230170062-206650724-3253433267-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30878816 2014-12-11] (Skype Technologies S.A.)
Startup: C:\Users\AGANDO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\AGANDO\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hardcopy.LNK
ShortcutTarget: Hardcopy.LNK -> C:\Program Files (x86)\Hardcopy\hardcopy.exe (sw4you)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hardcopy.LNK
ShortcutTarget: Hardcopy.LNK -> C:\Program Files (x86)\Hardcopy\hardcopy.exe (sw4you)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-4230170062-206650724-3253433267-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-4230170062-206650724-3253433267-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-4230170062-206650724-3253433267-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
HKU\S-1-5-21-4230170062-206650724-3253433267-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4230170062-206650724-3253433267-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\AGANDO\AppData\Roaming\Mozilla\Firefox\Profiles\zl9ojpxi.default-1422433099013
FF Homepage: hxxp://www.t-online.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @Sibelius.com/Scorch Plugin,version=6.2.0.88 -> C:\Program Files (x86)\Sibelius Software\Scorch\npsibelius.dll ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPSibelius.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\PDFNetC.dll (PDFTron Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ScorchAxPlugin.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ScorchPDFWrapper.dll ()
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-01-28]
FF HKU\S-1-5-21-4230170062-206650724-3253433267-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
FF HKU\S-1-5-21-4230170062-206650724-3253433267-1000\...\Firefox\Extensions: [SoundFrost@helper.com] - C:\Program Files (x86)\keepvid\SoundFrost.xpi

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [807672 2014-12-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [993584 2014-12-09] (Avira Operations GmbH & Co. KG)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2635552 2015-01-26] (IObit)
R2 lxbv_device; C:\Windows\system32\lxbvcoms.exe [566704 2007-04-25] ( )
R2 lxbv_device; C:\Windows\SysWOW64\lxbvcoms.exe [537520 2007-04-25] ( )
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1631008 2014-05-30] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21055432 2014-05-30] (NVIDIA Corporation)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27792 2012-08-03] (VIA Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-02-14] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [43064 2014-10-09] (Avira Operations GmbH & Co. KG)
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [110744 2012-07-19] (Qualcomm Atheros Co., Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-03] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-05-30] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
R3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [205312 2012-01-20] (VIA Technologies, Inc.)
R3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [254464 2012-01-20] (VIA Technologies, Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-03 17:13 - 2015-02-03 17:13 - 00852573 _____ () C:\Users\AGANDO\Downloads\SecurityCheck.exe
2015-02-03 16:22 - 2015-02-03 16:22 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-02-03 16:20 - 2015-02-03 16:22 - 02347384 _____ (ESET) C:\Users\AGANDO\Downloads\esetsmartinstaller_deu.exe
2015-02-02 14:00 - 2015-02-02 14:00 - 02131456 _____ (Farbar) C:\Users\AGANDO\Downloads\FRST64(1).exe
2015-02-02 13:45 - 2015-02-02 13:45 - 00000844 _____ () C:\Users\AGANDO\Desktop\JRT.txt
2015-02-02 13:43 - 2015-02-02 13:43 - 01707939 _____ (Thisisu) C:\Users\AGANDO\Downloads\JRT.exe
2015-02-02 13:43 - 2015-02-02 13:43 - 00000000 ____D () C:\Windows\ERUNT
2015-02-02 13:27 - 2015-02-02 13:27 - 00001149 _____ () C:\Users\AGANDO\Desktop\AdwCleaner[S1].txt
2015-02-02 13:12 - 2015-02-02 13:12 - 00001557 _____ () C:\Users\AGANDO\Desktop\mbam.txt
2015-02-02 12:39 - 2015-02-03 16:56 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-02 12:39 - 2015-02-02 13:02 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-02 12:39 - 2015-02-02 13:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-02 12:39 - 2015-02-02 13:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-02 12:39 - 2015-02-02 13:02 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-02 12:39 - 2015-02-02 12:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-02 12:39 - 2015-02-02 12:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-02 12:39 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-02 12:39 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-02 12:39 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-02 12:37 - 2015-02-02 12:38 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\AGANDO\Downloads\mbam-setup-2.0.4.1028.exe
2015-02-01 13:49 - 2015-02-01 13:49 - 00028327 _____ () C:\ComboFix.txt
2015-02-01 13:44 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-02-01 13:44 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-02-01 13:44 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-02-01 13:44 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-02-01 13:44 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-02-01 13:44 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-02-01 13:44 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-02-01 13:44 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-02-01 13:21 - 2015-02-01 13:49 - 00000000 ____D () C:\Qoobox
2015-02-01 13:20 - 2015-02-01 13:48 - 00000000 ____D () C:\Windows\erdnt
2015-02-01 13:18 - 2015-02-01 13:18 - 05611408 ____R (Swearware) C:\Users\AGANDO\Downloads\ComboFix.exe
2015-02-01 13:06 - 2015-02-01 13:06 - 00001264 _____ () C:\Users\AGANDO\Desktop\Revo Uninstaller.lnk
2015-02-01 13:06 - 2015-02-01 13:06 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-02-01 13:04 - 2015-02-01 13:04 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\AGANDO\Downloads\revosetup95.exe
2015-01-31 18:19 - 2015-01-31 18:19 - 00000000 ____D () C:\Users\AGANDO\Downloads\FRST-OlderVersion
2015-01-30 20:11 - 2015-01-30 20:12 - 00025137 _____ () C:\Users\AGANDO\Downloads\Addition.txt
2015-01-30 20:10 - 2015-02-03 17:16 - 00018724 _____ () C:\Users\AGANDO\Downloads\FRST.txt
2015-01-30 20:09 - 2015-02-03 17:16 - 00000000 ____D () C:\FRST
2015-01-30 20:09 - 2015-01-31 18:19 - 02130944 _____ (Farbar) C:\Users\AGANDO\Downloads\FRST64.exe
2015-01-28 09:18 - 2015-01-28 09:18 - 00000000 ____D () C:\Users\AGANDO\Desktop\Alte Firefox-Daten
2015-01-28 09:16 - 2015-01-28 09:16 - 00001697 _____ () C:\Users\AGANDO\Downloads\software_removal_tool.log
2015-01-28 09:13 - 2015-01-28 09:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-28 09:07 - 2015-01-28 09:07 - 02194432 _____ () C:\Users\AGANDO\Downloads\AdwCleaner_4.109(1).exe
2015-01-27 09:36 - 2015-02-02 13:40 - 00000000 ____D () C:\AdwCleaner
2015-01-27 09:36 - 2015-01-27 09:36 - 02194432 _____ () C:\Users\AGANDO\Downloads\adwcleaner_4.109.exe
2015-01-26 19:03 - 2015-01-26 19:03 - 00001532 _____ () C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
2015-01-26 19:03 - 2015-01-26 19:03 - 00001241 _____ () C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
2015-01-26 19:03 - 2015-01-26 19:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2015-01-26 19:03 - 2015-01-26 19:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2015-01-26 19:03 - 2015-01-26 19:03 - 00000000 ____D () C:\Program Files (x86)\Free Codec Pack
2015-01-26 19:03 - 2015-01-26 19:03 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2015-01-26 19:00 - 2015-01-28 20:21 - 00000000 ____D () C:\Users\AGANDO\AppData\Roaming\DVDVideoSoft
2015-01-26 18:59 - 2015-01-26 18:59 - 03534792 _____ (DVDVideoSoft Ltd. ) C:\Users\AGANDO\Downloads\FreeYouTubeToMP3Converter.exe
2015-01-26 18:33 - 2015-02-02 13:28 - 00006548 _____ () C:\Windows\PFRO.log
2015-01-26 14:24 - 2015-01-26 14:24 - 00000000 ____D () C:\Program Files\Google
2015-01-26 14:23 - 2015-02-03 16:33 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-26 14:23 - 2015-02-03 15:39 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-26 14:23 - 2015-01-26 14:28 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-01-26 14:23 - 2015-01-26 14:28 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-01-26 14:23 - 2015-01-26 14:24 - 00000000 ____D () C:\ProgramData\Google
2015-01-26 14:23 - 2015-01-26 14:24 - 00000000 ____D () C:\ProgramData\Google
2015-01-26 14:23 - 2015-01-26 14:23 - 02243616 _____ (Google Inc.) C:\Users\AGANDO\Downloads\GoogleToolbarInstaller_en32_signed.exe
2015-01-26 12:32 - 2015-01-26 12:32 - 00000226 _____ () C:\Users\AGANDO\Desktop\Eric Clapton & Friends - Call Me The Breeze (Official Music Video) - YouTube.URL
2015-01-26 12:26 - 2015-01-26 12:26 - 00000226 _____ () C:\Users\AGANDO\Desktop\PENTATONIC SCALE PATTERNS LESSON #1 TUTORIAL - YouTube.URL
2015-01-26 11:35 - 2015-01-26 14:53 - 00116660 _____ () C:\Users\AGANDO\AppData\Local\sinder.txt
2015-01-26 11:35 - 2015-01-26 11:35 - 00000000 ____D () C:\Program Files (x86)\WiredTools
2015-01-26 11:35 - 2014-07-16 11:47 - 00004520 _____ () C:\Windows\SysWOW64\WiredTools.ini
2015-01-26 11:35 - 2014-07-16 11:47 - 00002352 _____ () C:\Windows\SysWOW64\WiredToolsOff.ini
2015-01-26 11:35 - 2014-07-04 22:53 - 00338992 _____ (WiredTools Ltd.) C:\Windows\system32\WiredTools64.dll
2015-01-26 11:35 - 2014-07-04 22:53 - 00296080 _____ (WiredTools Ltd.) C:\Windows\SysWOW64\WiredTools.dll
2015-01-26 11:34 - 2015-01-26 14:53 - 00124476 _____ () C:\Users\AGANDO\AppData\Local\viewer.txt
2015-01-26 11:30 - 2014-04-20 04:40 - 13108224 _____ (Digia Plc and/or its subsidiary(-ies)) C:\Users\AGANDO\AppData\Local\QtWebKit4.dll
2015-01-26 11:30 - 2014-04-20 02:43 - 08587264 _____ (Digia Plc and/or its subsidiary(-ies)) C:\Users\AGANDO\AppData\Local\QtGui4.dll
2015-01-26 11:30 - 2014-04-20 02:38 - 01053184 _____ (Digia Plc and/or its subsidiary(-ies)) C:\Users\AGANDO\AppData\Local\QtNetwork4.dll
2015-01-26 10:29 - 2015-02-02 14:10 - 00002095 _____ () C:\Users\AGANDO\Downloads\mp3DirectCut.ini
2015-01-26 10:28 - 2015-01-26 10:28 - 00000716 _____ () C:\Users\AGANDO\Desktop\mp3DirectCut.lnk
2015-01-26 10:28 - 2015-01-26 10:28 - 00000000 ____D () C:\Users\AGANDO\Downloads\Languages
2015-01-26 10:28 - 2014-04-04 22:03 - 00004003 _____ () C:\Users\AGANDO\Downloads\Version.txt
2015-01-26 10:28 - 2014-04-04 20:42 - 00135200 _____ (Martin Pesch) C:\Users\AGANDO\Downloads\mp3DirectCut.exe
2015-01-26 10:28 - 2014-04-04 16:45 - 00029583 _____ () C:\Users\AGANDO\Downloads\Manual.htm
2015-01-26 10:28 - 2014-04-03 13:42 - 00001764 _____ () C:\Users\AGANDO\Downloads\License.txt
2015-01-26 10:28 - 2014-04-02 14:35 - 00016230 _____ () C:\Users\AGANDO\Downloads\FAQ.htm
2015-01-26 10:26 - 2015-01-26 10:26 - 00308709 _____ () C:\Users\AGANDO\Downloads\mp3DC220.exe
2015-01-26 10:18 - 2015-01-26 10:21 - 00000000 ____D () C:\ProgramData\iRinger
2015-01-26 10:18 - 2015-01-26 10:21 - 00000000 ____D () C:\ProgramData\iRinger
2015-01-26 10:18 - 2015-01-26 10:18 - 01191200 _____ () C:\Users\AGANDO\Downloads\iRinger - CHIP-Installer.exe
2015-01-26 09:59 - 2015-01-26 09:59 - 00000000 ____D () C:\Windows\Tasks\ImCleanDisabled
2015-01-26 09:59 - 2015-01-26 09:59 - 00000000 ____D () C:\Users\AGANDO\AppData\Roaming\Apple Computer
2015-01-26 09:59 - 2015-01-26 09:59 - 00000000 ____D () C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
2015-01-26 09:59 - 2015-01-26 09:59 - 00000000 ____D () C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
2015-01-26 09:58 - 2015-02-02 13:58 - 00002888 _____ () C:\Windows\System32\Tasks\Uninstaller_SkipUac_AGANDO
2015-01-26 09:58 - 2015-02-02 11:31 - 00000000 ____D () C:\ProgramData\ProductData
2015-01-26 09:58 - 2015-02-02 11:31 - 00000000 ____D () C:\ProgramData\ProductData
2015-01-26 09:58 - 2015-01-26 10:02 - 00000000 ____D () C:\Program Files (x86)\IObit
2015-01-26 09:58 - 2015-01-26 09:59 - 00000000 ____D () C:\ProgramData\IObit
2015-01-26 09:58 - 2015-01-26 09:59 - 00000000 ____D () C:\ProgramData\IObit
2015-01-26 09:58 - 2015-01-26 09:58 - 00001252 _____ () C:\Users\AGANDO\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk
2015-01-26 09:58 - 2015-01-26 09:58 - 00001228 _____ () C:\Users\Public\Desktop\IObit Uninstaller.lnk
2015-01-26 09:58 - 2015-01-26 09:58 - 00000000 ____D () C:\Users\AGANDO\AppData\Roaming\ProductData
2015-01-26 09:58 - 2015-01-26 09:58 - 00000000 ____D () C:\Users\AGANDO\AppData\Roaming\IObit
2015-01-26 09:58 - 2015-01-26 09:58 - 00000000 ____D () C:\Users\AGANDO\AppData\IObit
2015-01-26 09:56 - 2015-01-26 09:57 - 01191200 _____ () C:\Users\AGANDO\Downloads\IObit Uninstaller - CHIP-Installer.exe
2015-01-25 20:29 - 2015-01-25 20:30 - 00000049 ____H () C:\Users\AGANDO\Downloads\.picasa.ini
2015-01-24 11:16 - 2015-01-24 11:16 - 00000882 _____ () C:\Users\Public\Desktop\Metronome 4.0.lnk
2015-01-24 11:16 - 2015-01-24 11:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Metronome
2015-01-24 11:16 - 2015-01-24 11:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Metronome
2015-01-24 11:16 - 2015-01-24 11:16 - 00000000 ____D () C:\Program Files\Metronome 4.0
2015-01-24 11:11 - 2015-01-24 11:11 - 00000000 ____D () C:\Users\AGANDO\Documents\weirdmet
2015-01-24 09:48 - 2015-02-03 15:39 - 00006104 _____ () C:\Windows\setupact.log
2015-01-24 09:48 - 2015-01-24 09:48 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-23 14:23 - 2015-01-24 11:16 - 00000014 _____ () C:\Windows\mm.sys
2015-01-23 14:23 - 2015-01-23 14:23 - 00000030 ____H () C:\Windows\~mem001.sys
2015-01-23 14:23 - 2003-12-01 06:39 - 00024576 _____ () C:\Windows\Metronome 4.0 Uninstall.exe
2015-01-23 14:13 - 2015-01-23 14:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GCH Guitar academy
2015-01-23 14:13 - 2015-01-23 14:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GCH Guitar academy
2015-01-23 14:07 - 2015-01-23 14:10 - 10250969 _____ () C:\Users\AGANDO\Downloads\metronome.zip
2015-01-23 14:06 - 2015-01-23 14:06 - 01191200 _____ () C:\Users\AGANDO\Downloads\Metronome - CHIP-Installer.exe
2015-01-23 14:05 - 2015-01-23 14:05 - 00000000 ____D () C:\Users\AGANDO\AppData\Local\Temp5130868870d146a12d3c4c69ba9ca860
2015-01-23 14:02 - 2015-01-23 14:03 - 00000000 ____D () C:\Users\AGANDO\Downloads\Metronome-Plus
2015-01-23 14:01 - 2015-01-23 14:01 - 00000000 ____D () C:\Users\AGANDO\AppData\Roaming\NVIDIA
2015-01-23 08:46 - 2015-01-23 08:46 - 03244390 _____ (Igor Pavlov) C:\Users\AGANDO\Downloads\kamera-widget(1).exe
2015-01-22 20:40 - 2015-01-22 20:40 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2015-01-22 20:40 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2015-01-22 20:40 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2015-01-22 20:40 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2015-01-22 20:40 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2015-01-22 20:40 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2015-01-22 20:40 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2015-01-22 20:40 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2015-01-22 20:40 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2015-01-22 20:40 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2015-01-22 20:40 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2015-01-22 20:40 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2015-01-22 20:40 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2015-01-22 20:40 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2015-01-22 20:40 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2015-01-22 20:40 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2015-01-22 20:40 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2015-01-22 20:40 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2015-01-22 20:40 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2015-01-22 20:40 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2015-01-22 20:40 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2015-01-22 20:40 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2015-01-22 20:40 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2015-01-22 20:36 - 2015-01-24 17:56 - 00000000 ____D () C:\Program Files (x86)\Microsoft Games
2015-01-22 19:55 - 2015-01-22 19:55 - 00000000 __SHD () C:\Users\AGANDO\AppData\Local\EmieBrowserModeList
2015-01-22 19:54 - 2015-01-22 19:54 - 01191200 _____ () C:\Users\AGANDO\Downloads\Demo Flight Simulator X - CHIP-Installer.exe
2015-01-17 20:13 - 2015-01-17 20:13 - 04816704 _____ (Online Sheet Music, Inc. ) C:\Users\AGANDO\Downloads\OnlineSheetMusicViewer8.3.4.0.exe
2015-01-17 20:05 - 2015-01-17 20:05 - 00000000 ____D () C:\Users\AGANDO\AppData\Roaming\Sibelius Software
2015-01-17 19:56 - 2015-01-17 19:56 - 00000000 ____D () C:\Program Files (x86)\Sibelius Software
2015-01-17 19:55 - 2015-01-17 19:56 - 17795912 _____ (Sibelius Software, a division of Avid Technology, Inc.) C:\Users\AGANDO\Downloads\InstallScorch.exe
2015-01-16 19:36 - 2015-01-16 19:36 - 03244390 _____ (Igor Pavlov) C:\Users\AGANDO\Downloads\kamera-widget.exe
2015-01-14 14:06 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 14:06 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 14:06 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 14:06 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 14:06 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 14:06 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 14:06 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 14:06 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 14:06 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 14:06 - 2014-12-11 18:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 14:06 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 14:06 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 14:06 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-03 17:12 - 2014-06-08 18:08 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-03 16:47 - 2014-06-01 13:07 - 00000000 ____D () C:\Users\AGANDO\AppData\Roaming\Skype
2015-02-03 15:47 - 2009-07-14 05:45 - 00028720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-03 15:47 - 2009-07-14 05:45 - 00028720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-03 15:45 - 2011-04-12 08:43 - 00699868 _____ () C:\Windows\system32\perfh007.dat
2015-02-03 15:45 - 2011-04-12 08:43 - 00149750 _____ () C:\Windows\system32\perfc007.dat
2015-02-03 15:45 - 2009-07-14 06:13 - 01622228 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-03 15:42 - 2014-09-21 12:11 - 00003938 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{598AE1E5-34A6-4C87-8505-B40D7A1B3F57}
2015-02-03 15:40 - 2014-12-19 13:17 - 00000000 ___RD () C:\Users\AGANDO\Dropbox
2015-02-03 15:40 - 2014-12-19 13:15 - 00000000 ____D () C:\Users\AGANDO\AppData\Roaming\Dropbox
2015-02-03 15:39 - 2014-05-27 18:17 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-03 15:39 - 2014-05-27 18:17 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-03 15:39 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-03 15:36 - 2014-11-29 09:46 - 01165508 _____ () C:\Windows\WindowsUpdate.log
2015-02-01 13:49 - 2014-06-03 08:22 - 00000000 ____D () C:\Users\Hoffmann
2015-02-01 13:49 - 2014-01-14 15:48 - 00000000 ____D () C:\Users\All Users.WINDOWS
2015-02-01 13:49 - 2014-01-14 15:47 - 00000000 ____D () C:\Users\Administrator.TEST-BD004CB97B
2015-02-01 13:48 - 2014-05-27 18:01 - 00000000 ____D () C:\Users\AGANDO
2015-02-01 13:48 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-01-30 11:34 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-30 09:48 - 2014-06-01 08:51 - 00000000 ____D () C:\Users\AGANDO\AppData\Roaming\SoftGrid Client
2015-01-28 09:22 - 2014-05-31 09:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-27 09:18 - 2009-07-14 05:45 - 00298848 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-26 19:10 - 2014-05-27 18:14 - 00073776 _____ () C:\Users\AGANDO\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-26 19:09 - 2014-06-04 08:21 - 00000000 ____D () C:\Users\AGANDO\AppData\Roaming\Samsung
2015-01-26 19:09 - 2014-06-04 08:18 - 00000000 ____D () C:\ProgramData\Samsung
2015-01-26 19:09 - 2014-06-04 08:18 - 00000000 ____D () C:\ProgramData\Samsung
2015-01-26 19:09 - 2014-06-04 08:18 - 00000000 ____D () C:\Program Files (x86)\Samsung
2015-01-26 19:09 - 2014-05-27 18:06 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-01-26 19:06 - 2014-12-26 14:44 - 00000000 ____D () C:\ProgramData\tmp
2015-01-26 19:06 - 2014-12-26 14:44 - 00000000 ____D () C:\ProgramData\tmp
2015-01-26 19:06 - 2014-12-26 14:42 - 00000000 ____D () C:\Program Files\Pixum
2015-01-26 14:24 - 2014-05-31 09:45 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-26 12:09 - 2014-05-31 09:45 - 00000000 ____D () C:\Users\AGANDO\AppData\Local\Google
2015-01-26 10:29 - 2014-01-16 17:54 - 00000000 ____D () C:\Users\AGANDO\Documents\Exceldateien
2015-01-26 10:19 - 2014-06-08 18:08 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-26 10:19 - 2014-06-08 18:08 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-26 10:19 - 2014-06-08 18:08 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-24 17:55 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-01-24 17:55 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-01-24 11:04 - 2014-05-27 18:01 - 00000000 ____D () C:\Users\AGANDO\AppData\Local\VirtualStore
2015-01-21 13:13 - 2014-06-12 12:16 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-21 13:13 - 2014-06-12 12:16 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-21 13:13 - 2014-06-12 12:16 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-21 13:12 - 2014-08-11 08:24 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2015-01-21 13:12 - 2014-06-12 12:16 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2015-01-21 13:12 - 2014-06-12 12:16 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2015-01-21 13:12 - 2014-06-12 12:16 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-01-14 14:19 - 2014-06-10 12:53 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 14:16 - 2014-06-10 12:53 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-05 10:53 - 2014-10-09 12:01 - 00000000 ____D () C:\Program Files (x86)\ElsterFormular
2015-01-05 10:52 - 2014-10-09 12:03 - 00000000 ____D () C:\Users\AGANDO\AppData\Local\.elfohilfe

==================== Files in the root of some directories =======

2014-08-21 11:13 - 2014-12-08 10:51 - 0007680 _____ () C:\Users\AGANDO\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-26 11:30 - 2014-04-20 02:43 - 8587264 _____ (Digia Plc and/or its subsidiary(-ies)) C:\Users\AGANDO\AppData\Local\QtGui4.dll
2015-01-26 11:30 - 2014-04-20 02:38 - 1053184 _____ (Digia Plc and/or its subsidiary(-ies)) C:\Users\AGANDO\AppData\Local\QtNetwork4.dll
2015-01-26 11:30 - 2014-04-20 04:40 - 13108224 _____ (Digia Plc and/or its subsidiary(-ies)) C:\Users\AGANDO\AppData\Local\QtWebKit4.dll
2015-01-26 11:35 - 2015-01-26 14:53 - 0116660 _____ () C:\Users\AGANDO\AppData\Local\sinder.txt
2015-01-26 11:34 - 2015-01-26 14:53 - 0124476 _____ () C:\Users\AGANDO\AppData\Local\viewer.txt

Some content of TEMP:
====================
C:\Users\AGANDO\AppData\Local\Temp\avgnt.exe
C:\Users\AGANDO\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmptpd9c2.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-30 18:52

==================== End Of Log ============================
--- --- ---

Code:
Results of screen317's Security Check version 0.99.95 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop 
 Antivirus up to date!  (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
 Java 8 Update 31 
 Java version 32-bit out of Date!
  Java 64-bit 8 Update 31 
 Adobe Flash Player 16.0.0.296 
 Adobe Reader XI 
 Mozilla Firefox (Firefox,. Firefox out of Date! 
````````Process Check: objlist.exe by Laurent```````` 
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbam.exe 
 Avira Antivir avgnt.exe
 Avira Antivir avguard.exe
 Malwarebytes Anti-Malware mbamscheduler.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````
Ich probier nochmal den ESET (dauert ziemlich lang)
Gruß Duplo15

schrauber 03.02.2015 21:11
Lass ESET weg und mach das:

Lade Dir bitte von hier Emsisoft Emergency Kit Download Emsisoft Emergency Kit herunter.
  • Bitte installiere das Programm in den vorgegebenen Pfad.
  • Starte das Programm durch Doppelklick der Desktopverknüpfung.
  • Das EEK ist nach dem Laden der Malwaresignaturen für den Scan bereit.
  • Folge nun bitte der bebilderten Bildanleitung zu Emergency Kit, entferne alle Funde und poste am Ende des Scans bzw. der Bereinigung das Log.


Duplo15 04.02.2015 14:20
Hallo Schrauber
Habe den Emisoft durchlaufen lassen. Hier ist das Log:
Code:
Emsisoft Emergency Kit - Version 9.0
Letztes Update: 04.02.2015 13:41:53
Benutzerkonto: AGANDO-PC\AGANDO

Scan Einstellungen:

Scan Methode: Smart Scan
Objekte: Rootkits, Speicher, Traces, C:\Windows\, C:\Program Files\, C:\Program Files (x86)\

PUPs-Erkennung: An
Archiv Scan: Aus
ADS Scan: An
Dateitypen-Filter: Aus
Erweitertes Caching: An
Direkter Festplattenzugriff: Aus

Scan Beginn:        04.02.2015 13:43:00
Value: HKEY_USERS\S-1-5-21-4230170062-206650724-3253433267-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR        gefunden: Setting.DisableTaskMgr (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS        gefunden: Setting.DisableRegistryTools (A)
Value: HKEY_USERS\S-1-5-21-4230170062-206650724-3253433267-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS        gefunden: Setting.DisableRegistryTools (A)

Gescannt        157834
Gefunden        3

Scan Ende:        04.02.2015 14:14:14
Scan Zeit:        0:31:14

Value: HKEY_USERS\S-1-5-21-4230170062-206650724-3253433267-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS        Quarantäne Setting.DisableRegistryTools (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS        Quarantäne Setting.DisableRegistryTools (A)
Value: HKEY_USERS\S-1-5-21-4230170062-206650724-3253433267-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR        Quarantäne Setting.DisableTaskMgr (A)

Quarantäne        3
Gruß Duplo15


Alle Zeitangaben in WEZ +1. Es ist jetzt 10:49 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19