Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Firefox öffnet viele Werbebanner (https://www.trojaner-board.de/166172-firefox-oeffnet-viele-werbebanner.html)

skymaker18 16.04.2015 17:23
Firefox öffnet viele Werbebanner
 
Ich besitze ein Acer W511 Tablet mit Windows 8.1. Hier habe ich am 08.04.15 ein Update des Firefox gemacht, allerdings nicht von der offizellen Seite, sondern von Chip.de. Dieses Update war wohl virenverseucht und seitdem erscheinen beim Aufruf von Internetseiten jede Menge Werbebanner und es werden im Hintergrund mehrere Webseiten aufgerufen u.a. Tr553.com,S232.metrics.net,ad.adsv7.com, etc. Bitte um Lösung wie ich das Problem lösen kann. Gruß Andreas

schrauber 16.04.2015 17:43
hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


skymaker18 16.04.2015 18:16
#
FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-04-2015 04
Ran by Andreas (administrator) on TABLET on 16-04-2015 19:10:51
Running from C:\Users\Andreas\Downloads
Loaded Profiles: Andreas (Available profiles: Andreas & Nicole & Administrator)
Platform: Microsoft Windows 8.1 Pro (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\avmike.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Cloud\CCDMonitorService.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\certsrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX86\officeclicktorun.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantDisplayService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyConfigTDPService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe
(Garmin Ltd. or its subsidiaries) C:\Program Files\Garmin\Device Interaction Service\GarminService.exe
(Symantec Corporation) C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe
(NTI Corporation) C:\Program Files\NTI\Acer Backup Manager\IScheduleSvc.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe
() C:\Program Files\Synology\Assistant\UsbClientService.exe
(RealVNC Ltd.) C:\Program Files\RealVNC\VNC4\winvnc4.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
() C:\Program Files\Atmel\HIDMonitor\HidMonitor.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
(Microsoft Corporation) C:\Windows\System32\RuntimeBroker.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Symantec Corporation) C:\Program Files\Symantec\Norton Online Backup\NOBuClient.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
() C:\Users\Andreas\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe
(NTI Corporation) C:\Program Files\NTI\Acer Backup Manager\BackupManagerTray.exe
(T-Com) C:\Program Files\T-Home\Eumex 800 V1.30\ControlCenter.exe
(MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x86__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\WINDOWS\system32\DptfPolicyLpmServiceHelper.exe [73216 2012-10-16] (Intel Corporation)
HKLM\...\Run: [Norton Online Backup] => C:\Program Files\Symantec\Norton Online Backup\NOBuClient.exe [2304192 2012-08-15] (Symantec Corporation)
HKLM\...\Run: [BCSSync] => D:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [150208 2014-01-18] (IvoSoft)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [726320 2015-04-01] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-3707818198-1158306646-3350299682-1001\...\Run: [AmazonMP3DownloaderHelper] => C:\Users\Andreas\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()
HKU\S-1-5-21-3707818198-1158306646-3350299682-1001\...\Run: [GarminExpressTrayApp] => "C:\Program Files\Garmin\Express Tray\ExpressTray.exe"
HKU\S-1-5-21-3707818198-1158306646-3350299682-1001\...\Run: [DAEMON Tools Lite] => D:\Program Files\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-3707818198-1158306646-3350299682-1001\...\Run: [GoogleChromeAutoLaunch_46A172103AF55F16E10754CCD32BD34E] => C:\Program Files\Google\Chrome\Application\chrome.exe [809288 2015-03-30] (Google Inc.)
HKU\S-1-5-21-3707818198-1158306646-3350299682-1001\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [31682144 2015-03-25] (Skype Technologies S.A.)
HKU\S-1-5-21-3707818198-1158306646-3350299682-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [120832 2014-10-29] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\tray.exe [1010008 2015-04-08] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer Backup Manager Tray.lnk
ShortcutTarget: Acer Backup Manager Tray.lnk -> C:\Program Files\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ControlCenter.lnk
ShortcutTarget: ControlCenter.lnk -> C:\Program Files\T-Home\Eumex 800 V1.30\ControlCenter.exe (T-Com)
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3707818198-1158306646-3350299682-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3707818198-1158306646-3350299682-1001 -> URL hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3281675&CUI=UN31333608712089811&UM=2&UP=SP97993911-785C-4393-A841-6C859136AE0D&SSPV=
SearchScopes: HKU\S-1-5-21-3707818198-1158306646-3350299682-1001 -> SuggestionsURL_JSON hxxp://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
SearchScopes: HKU\S-1-5-21-3707818198-1158306646-3350299682-1001 -> {E1C55331-E312-4921-BDC8-B6CA412C6562} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-01-18] (IvoSoft)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> D:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-04-16] (Oracle Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-02] (Google Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> D:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-02-10] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-16] (Oracle Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2014-01-18] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-01-18] (IvoSoft)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-02] (Google Inc.)
DPF: {960DC750-7447-4CDE-BF1C-FB33F9129654} https://192.168.178.25:5002/webman/3rdparty/SurveillanceStation/object/SSObject3.cab?6.0-2713
DPF: {A4150320-98EC-4DB6-9BFB-EBF4B6FBEB16} hxxp://192.168.178.24/codebase/DVM_IPCam2.ocx
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{A72342F1-4DF7-4C19-8FFB-C0C5071581E4}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1

FireFox:
========
FF ProfilePath: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\q9e0slz6.default-1429198790779
FF Homepage: google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-14] ()
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll [2013-10-09] (GARMIN Corp.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-16] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-16] (Oracle Corporation)
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2014-06-22] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> D:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-06-22] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-02] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-02] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-02-05] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-02-05] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin: synology.com/SurveillanceHelper -> C:\Program Files\Synology\SurveillanceHelper\1.0.0.3\npSurveillanceHelper.dll [2013-11-11] (Synology)
FF Plugin: synology.com/SurveillancePlugin -> C:\Program Files\Synology\SurveillancePlugin\1.0.0.423\npSurveillancePlugin.dll [2014-08-04] (Synology)
FF Plugin HKU\S-1-5-21-3707818198-1158306646-3350299682-1001: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\Andreas\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll [2013-05-22] (Amazon.com, Inc.)
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
FF HKU\S-1-5-21-3707818198-1158306646-3350299682-1001\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\l5lcxr82.default-1400781181936\extensions\cliqz@cliqz.com
FF ExtraCheck: C:\Program Files\mozilla firefox\browser\defaults\preferences\my-prefs.js [2015-04-04] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files\mozilla firefox\my.cfg [2015-04-04] <==== ATTENTION

Chrome:
=======
CHR DefaultSearchKeyword: Default -> trovi.search
CHR Profile: C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-06-12]
CHR Extension: (Google Drive) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-12]
CHR Extension: (YouTube) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-12]
CHR Extension: (Google Search) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-06-12]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-04]
CHR Extension: (Google Wallet) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-27]
CHR Extension: (Gmail) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-12]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc7.exe [815920 2015-04-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [434424 2015-04-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [434424 2015-04-01] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe [1004280 2015-04-01] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)
R2 avmike; C:\Program Files\FRITZ!Fernzugang\avmike.exe [255904 2012-11-28] (AVM Berlin)
S3 BthHFSrv; C:\WINDOWS\System32\BthHFSrv.dll [250880 2014-10-29] (Microsoft Corporation)
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 CCDMonitorService; C:\Program Files\Acer\Acer Cloud\CCDMonitorService.exe [2449552 2012-10-25] (Acer Incorporated)
R2 certsrv; C:\Program Files\FRITZ!Fernzugang\certsrv.exe [122272 2012-11-28] (AVM Berlin)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX86\OfficeClickToRun.exe [1843896 2015-02-10] (Microsoft Corporation)
R2 DptfParticipantDisplayService; C:\WINDOWS\system32\DptfParticipantDisplayService.exe [103424 2012-10-16] (Intel Corporation)
R2 DptfParticipantProcessorService; C:\WINDOWS\system32\DptfParticipantProcessorService.exe [75776 2012-10-16] (Intel Corporation)
R2 DptfPolicyConfigTDPService; C:\Windows\system32\DptfPolicyConfigTDPService.exe [92672 2012-09-16] (Intel Corporation)
R2 DptfPolicyCriticalService; C:\WINDOWS\system32\DptfPolicyCriticalService.exe [68608 2012-10-16] (Intel Corporation)
S2 DptfPolicyLpmService; C:\WINDOWS\system32\DptfPolicyLpmService.exe [81920 2012-10-16] (Intel Corporation)
R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
R2 Garmin Device Interaction Service; C:\Program Files\Garmin\Device Interaction Service\GarminService.exe [708616 2015-04-08] (Garmin Ltd. or its subsidiaries)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
S3 Microsoft SharePoint Workspace Audit Service; D:\Program Files\Microsoft Office\Office14\GROOVE.EXE [30814400 2013-12-19] (Microsoft Corporation)
R2 NOBU; C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe [2952896 2012-08-15] (Symantec Corporation)
R2 NTI IScheduleSvc; C:\Program Files\NTI\Acer Backup Manager\IScheduleSvc.exe [259136 2012-10-31] (NTI Corporation)
R2 nwtsrv; C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe [155488 2013-06-10] (AVM Berlin)
S3 ScDeviceEnum; C:\WINDOWS\System32\ScDeviceEnum.dll [103936 2014-10-29] (Microsoft Corporation)
R2 UsbClientService; C:\Program Files\Synology\Assistant\UsbClientService.exe [248736 2014-02-25] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [284488 2015-02-04] (Microsoft Corporation)
S3 WEPHOSTSVC; C:\WINDOWS\system32\wephostsvc.dll [20992 2014-10-29] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [22200 2015-02-04] (Microsoft Corporation)
R2 WinVNC4; C:\Program Files\RealVNC\VNC4\WinVNC4.exe [439632 2008-10-15] (RealVNC Ltd.)
S3 workfolderssvc; C:\WINDOWS\system32\workfolderssvc.dll [1269248 2014-10-29] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [105864 2015-03-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [136216 2015-03-03] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [37352 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [37384 2015-03-03] (Avira Operations GmbH & Co. KG)
R1 BasicRender; C:\WINDOWS\System32\drivers\BasicRender.sys [25600 2014-02-22] (Microsoft Corporation)
R3 BcmGnssBus; C:\WINDOWS\System32\drivers\BcmGnssBus.sys [77384 2012-11-19] (Broadcom Corporation)
R3 BcmNfcIc; C:\WINDOWS\System32\drivers\BcmNfcIc.sys [62744 2013-03-29] (Broadcom Corporation.)
R3 BCMSDH43XX; C:\WINDOWS\system32\DRIVERS\bcmdhd63.sys [833816 2012-10-02] (Broadcom)
R3 BthLEEnum; C:\WINDOWS\System32\drivers\BthLEEnum.sys [186880 2013-12-04] (Microsoft Corporation)
R3 BthMini; C:\WINDOWS\System32\Drivers\BTHMINI.sys [23552 2014-10-29] (Microsoft Corporation)
S3 btwampfl; C:\WINDOWS\System32\drivers\btwampfl.sys [140152 2013-03-29] (Broadcom Corporation.)
R3 BtwSerialBus; C:\WINDOWS\System32\drivers\BtwSerialBus.sys [114968 2013-03-29] (Broadcom Corporation.)
R3 busenum; C:\WINDOWS\System32\drivers\busenum.sys [53728 2012-08-03] (Windows (R) Win 7 DDK provider)
R3 camera; C:\WINDOWS\system32\DRIVERS\camera.sys [189440 2012-11-20] (Intel Corporation)
R1 ccSet_NARA; C:\WINDOWS\system32\drivers\NARA\0401000.00E\ccSetx86.sys [134304 2012-05-26] (Symantec Corporation)
R0 ChaabiDriver; C:\WINDOWS\System32\drivers\ChaabiDriver.sys [72280 2012-11-19] (Intel Corporation)
R0 clvpep; C:\WINDOWS\System32\drivers\clvpep.sys [81648 2012-10-24] (Intel Corporation)
R3 DptfDevDisplay; C:\WINDOWS\System32\drivers\DptfDevDisplay.sys [43816 2012-10-16] (Intel Corporation)
R3 DptfDevGen; C:\WINDOWS\System32\drivers\DptfDevGen.sys [49448 2012-10-16] (Intel Corporation)
R3 DptfDevProc; C:\WINDOWS\System32\drivers\DptfDevProc.sys [68904 2012-10-16] (Intel Corporation)
R3 DptfManager; C:\WINDOWS\System32\drivers\DptfManager.sys [163112 2012-10-16] (Intel Corporation)
R1 dtsoftbus01; C:\WINDOWS\System32\drivers\dtsoftbus01.sys [243128 2014-05-13] (Disc Soft Ltd)
S3 FlashLed; C:\WINDOWS\System32\drivers\flashled.sys [27136 2012-09-18] (Intel Corporation)
S3 GPIO; C:\WINDOWS\System32\drivers\iaiogpio.sys [22016 2013-07-23] (Intel Corporation)
R3 GPIOCLV; C:\WINDOWS\System32\drivers\GPIOCLV.sys [22016 2012-09-21] (Intel Corporation)
R3 igdperf32; C:\WINDOWS\system32\DRIVERS\igdperf32.sys [4096 2013-11-14] ()
S3 imx175; C:\WINDOWS\System32\drivers\imx175.sys [53248 2012-09-18] (Intel Corporation)
R0 inteli2c; C:\WINDOWS\System32\drivers\inteli2c.sys [48880 2012-11-08] (Intel Corporation)
R3 IntelSST; C:\WINDOWS\system32\drivers\isstrtc.sys [236032 2012-11-23] (Intel(R) Corporation)
R0 Lm3554; C:\WINDOWS\System32\drivers\lm3554.sys [32768 2012-11-20] (Intel Corporation)
R0 LNWIPC; C:\WINDOWS\System32\drivers\LNWIPC.sys [25840 2012-09-21] (Intel Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-03-17] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [119512 2015-04-06] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [51928 2015-03-17] (Malwarebytes Corporation)
R0 MBI; C:\WINDOWS\System32\drivers\MBI.sys [16112 2012-08-22] (Intel Corporation)
R3 MSICReg; C:\WINDOWS\System32\drivers\MSICReg.sys [17408 2012-09-17] (Intel Corporation)
S3 mt9e013; C:\WINDOWS\System32\drivers\mt9e013.sys [49664 2012-09-18] (Intel Corporation)
R3 NWIM; C:\WINDOWS\system32\DRIVERS\avmnwim.sys [334712 2011-07-05] (AVM Berlin)
R3 ov2720; C:\WINDOWS\System32\drivers\ov2720.sys [35328 2012-11-20] (Intel Corporation)
R3 ov8830; C:\WINDOWS\System32\drivers\ov8830.sys [55808 2012-11-20] (Intel Corporation)
R3 rtii2sac; C:\WINDOWS\system32\DRIVERS\rtii2sac.sys [137800 2013-01-14] (Realtek Semiconductor Corp.)
R3 SensorsHIDClassDriver; C:\WINDOWS\System32\drivers\WUDFRd.sys [190976 2014-10-29] (Microsoft Corporation)
R3 SensorsServiceDriver; C:\WINDOWS\System32\drivers\WUDFRd.sys [190976 2014-10-29] (Microsoft Corporation)
R3 spi; C:\WINDOWS\System32\drivers\spi.sys [46592 2012-09-17] (Intel Corporation)
S1 ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [28520 2014-11-24] (Avira GmbH)
S3 ssti2c; C:\WINDOWS\System32\drivers\ssti2c.sys [10240 2012-09-26] (Intel(R) Corporation)
R3 Uart16550pc; C:\WINDOWS\System32\drivers\Uart16550pc.sys [40960 2012-10-05] (Intel Corporation)
S1 vflt; C:\WINDOWS\system32\DRIVERS\vfilter.sys [18944 2013-07-01] (Shrew Soft Inc) [File not signed]
S3 vnet; C:\WINDOWS\system32\DRIVERS\virtualnet.sys [13824 2013-07-01] (Shrew Soft Inc) [File not signed]
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [84800 2015-02-04] (Microsoft Corporation)
R3 wmbclass; C:\WINDOWS\System32\drivers\wmbclass.sys [224256 2013-11-01] (Microsoft Corporation)
R0 Wof; C:\WINDOWS\system32\Drivers\Wof.sys [138584 2014-03-13] (Microsoft Corporation)
R3 WUDFSensorLP; C:\WINDOWS\System32\drivers\WUDFRd.sys [190976 2014-10-29] (Microsoft Corporation)
R3 WUDFWpdMtp; C:\WINDOWS\System32\drivers\WUDFRd.sys [190976 2014-10-29] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-16 19:10 - 2015-04-16 19:11 - 00026313 _____ () C:\Users\Andreas\Downloads\FRST.txt
2015-04-16 19:10 - 2015-04-16 19:11 - 00000000 ____D () C:\FRST
2015-04-16 19:10 - 2015-04-16 19:10 - 01137152 _____ (Farbar) C:\Users\Andreas\Downloads\FRST.exe
2015-04-16 17:44 - 2015-04-16 17:44 - 02217984 _____ () C:\Users\Andreas\Downloads\adwcleaner_4.201.exe
2015-04-16 17:29 - 2015-04-16 17:29 - 00000000 ____D () C:\Program Files\Common Files\Java
2015-04-14 20:22 - 2015-01-06 04:19 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndproxy.sys
2015-04-14 20:22 - 2015-01-06 04:17 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
2015-04-14 20:22 - 2015-01-06 03:02 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascfg.dll
2015-04-14 19:54 - 2015-03-23 23:45 - 05782848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-04-14 19:54 - 2015-03-23 23:45 - 01468920 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-04-14 19:54 - 2015-03-23 23:45 - 00257216 _____ (Microsoft Corporation) C:\WINDOWS\system32\sechost.dll
2015-04-14 19:54 - 2015-03-20 05:25 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2015-04-14 19:54 - 2015-03-20 04:41 - 00369152 _____ (Microsoft Corporation) C:\WINDOWS\system32\tracerpt.exe
2015-04-14 19:54 - 2015-03-20 04:16 - 00749568 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2015-04-14 19:54 - 2015-03-13 05:42 - 19695616 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-04-14 19:53 - 2015-03-23 00:44 - 00202752 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-04-14 19:53 - 2015-03-23 00:07 - 00896000 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-04-14 19:53 - 2015-03-23 00:07 - 00859648 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-04-14 19:53 - 2015-03-23 00:07 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-04-14 19:53 - 2015-03-23 00:07 - 00576000 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-04-14 19:53 - 2015-03-23 00:07 - 00330752 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-04-14 19:53 - 2015-03-23 00:07 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-04-14 19:53 - 2015-03-14 10:40 - 00125472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-04-14 19:53 - 2015-03-14 03:14 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2015-04-14 19:53 - 2015-03-14 03:14 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-04-14 19:53 - 2015-03-14 03:11 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wu.upgrade.ps.dll
2015-04-14 19:53 - 2015-03-14 02:59 - 00183808 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2015-04-14 19:53 - 2015-03-14 02:03 - 03040768 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-04-14 19:53 - 2015-03-14 02:02 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-04-14 19:53 - 2015-03-14 02:02 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-04-14 19:53 - 2015-03-14 02:00 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2015-04-14 19:53 - 2015-03-14 01:59 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-04-14 19:53 - 2015-03-14 01:59 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-04-14 19:53 - 2015-03-14 01:59 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-04-14 19:53 - 2015-03-14 01:55 - 02309120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-04-14 19:53 - 2015-03-13 05:28 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-04-14 19:53 - 2015-03-13 05:22 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-04-14 19:53 - 2015-03-13 05:16 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-04-14 19:53 - 2015-03-13 04:50 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-04-14 19:53 - 2015-03-13 04:49 - 04305408 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-04-14 19:53 - 2015-03-13 04:44 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-04-14 19:53 - 2015-03-13 04:43 - 00685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-04-14 19:53 - 2015-03-13 04:37 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2015-04-14 19:53 - 2015-03-13 04:34 - 12825600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-04-14 19:53 - 2015-03-13 04:20 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-04-14 19:53 - 2015-03-13 04:16 - 01311232 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-04-14 19:53 - 2015-03-13 04:14 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-04-14 19:53 - 2015-02-24 10:20 - 00738112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2015-04-14 19:52 - 2015-02-21 01:24 - 00667648 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll
2015-04-14 19:51 - 2015-03-04 12:05 - 00279360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2015-04-14 19:51 - 2015-03-04 04:19 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\clfsw32.dll
2015-04-10 20:38 - 2015-04-10 20:38 - 00001880 _____ () C:\Users\Public\Desktop\Garmin Express.lnk
2015-04-10 20:38 - 2015-04-10 20:38 - 00000000 ____D () C:\Users\Default\AppData\Local\Garmin_Ltd._or_its_subsid
2015-04-10 20:38 - 2015-04-10 20:38 - 00000000 ____D () C:\Users\Default User\AppData\Local\Garmin_Ltd._or_its_subsid
2015-04-08 18:33 - 2015-04-16 17:58 - 00000000 ____D () C:\Users\Andreas\AppData\Roaming\Skype
2015-04-08 18:33 - 2015-04-12 18:45 - 00000000 ___RD () C:\Program Files\Skype
2015-04-08 18:33 - 2015-04-08 18:33 - 00002703 _____ () C:\Users\Public\Desktop\Skype.lnk
2015-04-08 18:33 - 2015-04-08 18:33 - 00000000 ____D () C:\Users\Andreas\AppData\Local\Skype
2015-04-08 18:33 - 2015-04-08 18:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-04-08 18:33 - 2015-04-08 18:33 - 00000000 ____D () C:\Program Files\Common Files\Skype
2015-04-08 18:32 - 2015-04-12 18:45 - 00000000 ____D () C:\ProgramData\Skype
2015-04-08 18:31 - 2015-04-08 18:31 - 00001137 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-04-08 18:31 - 2015-04-08 18:31 - 00001125 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-04-08 18:31 - 2015-04-08 18:31 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-04-08 18:31 - 2015-03-14 10:13 - 01124352 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2015-04-06 14:42 - 2015-04-06 14:42 - 00000000 ___SD () C:\WINDOWS\system32\GWX
2015-04-06 13:35 - 2015-04-06 14:16 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-04-06 13:35 - 2015-04-06 13:35 - 00001080 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-04-06 13:35 - 2015-04-06 13:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-06 13:35 - 2015-04-06 13:35 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-04-06 13:35 - 2015-03-17 06:15 - 00092888 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-04-06 13:35 - 2015-03-17 06:15 - 00051928 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-04-06 13:35 - 2015-03-17 06:15 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-04-05 14:18 - 2015-04-05 14:18 - 00001326 _____ () C:\Users\Andreas\Desktop\JRT.txt
2015-04-05 14:09 - 2015-04-05 14:09 - 00000207 _____ () C:\WINDOWS\tweaking.com-regbackup-TABLET-Windows-8.1-Pro-(32-bit).dat
2015-04-05 14:09 - 2015-04-05 14:09 - 00000000 ____D () C:\RegBackup
2015-04-05 14:03 - 2015-04-06 14:11 - 00000000 ____D () C:\Program Files\VS Revo Group
2015-04-05 14:03 - 2015-04-05 14:03 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Andreas\Downloads\revosetup95.exe
2015-04-04 21:50 - 2015-04-04 21:50 - 00000000 ____D () C:\Program Files\AVG
2015-04-04 21:48 - 2015-04-04 21:48 - 04464656 _____ (AVG Technologies) C:\TRANSLATE
2015-04-04 21:47 - 2015-04-06 14:03 - 00000000 ____D () C:\ProgramData\MFAData
2015-04-04 21:47 - 2015-04-04 21:47 - 00000000 ____D () C:\Users\Andreas\AppData\Local\MFAData
2015-04-04 21:45 - 2015-04-04 21:45 - 00684776 _____ (Reimage®) C:\Users\Andreas\Downloads\AntiToolbar03.exe
2015-04-04 21:45 - 2015-04-04 21:45 - 00684776 _____ (Reimage®) C:\Users\Andreas\Downloads\AntiToolbar03 (1).exe
2015-04-04 21:32 - 2015-04-04 21:32 - 02208768 _____ () C:\Users\Andreas\Downloads\adwcleaner_4.200.exe
2015-04-04 21:15 - 2015-04-16 17:51 - 00000000 ____D () C:\AdwCleaner
2015-04-04 20:56 - 2015-04-08 18:31 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-04-02 22:45 - 2015-04-16 17:52 - 00001010 _____ () C:\WINDOWS\Tasks\N6Iytlgw.job
2015-04-02 22:45 - 2015-04-16 17:52 - 00001008 _____ () C:\WINDOWS\Tasks\DXPAJlb.job
2015-04-01 17:06 - 2015-04-01 17:06 - 00243576 _____ () C:\Users\Andreas\Downloads\Firefox Setup Stub 37.0.exe
2015-03-31 10:14 - 2015-03-31 10:14 - 00005655 _____ () C:\Users\Andreas\AppData\Roaming\nxlLlvIkPexymBynvw
2015-03-31 10:14 - 2015-03-31 10:14 - 00005655 _____ () C:\Users\Andreas\AppData\Roaming\DXPAJlb
2015-03-31 10:14 - 2015-03-31 10:14 - 00004387 _____ () C:\Users\Andreas\AppData\Roaming\N6Iytlgw
2015-03-31 10:14 - 2015-03-31 10:14 - 00004387 _____ () C:\Users\Andreas\AppData\Roaming\dOP1CvgOyc7q

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-16 19:08 - 2014-05-21 22:30 - 01772986 _____ () C:\WINDOWS\WindowsUpdate.log
2015-04-16 19:08 - 2014-02-06 22:46 - 00000000 ____D () C:\Users\Andreas\AppData\Roaming\ClassicShell
2015-04-16 19:07 - 2013-12-25 11:11 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-04-16 19:02 - 2013-08-22 10:17 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-04-16 17:58 - 2013-10-17 19:22 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-04-16 17:53 - 2013-10-17 19:37 - 00000000 ___DO () C:\Users\Andreas\SkyDrive
2015-04-16 17:52 - 2014-05-29 21:29 - 00023954 _____ () C:\WINDOWS\setupact.log
2015-04-16 17:52 - 2013-08-22 09:23 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-04-16 17:52 - 2013-08-22 08:13 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-04-16 17:52 - 2013-06-12 14:39 - 00001116 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-16 17:30 - 2015-02-05 17:56 - 00000000 ____D () C:\ProgramData\Oracle
2015-04-16 17:29 - 2015-02-05 17:56 - 00000000 ____D () C:\Program Files\Java
2015-04-16 17:29 - 2014-01-03 17:49 - 00000000 ____D () C:\Users\Andreas\AppData\Roaming\gsak
2015-04-16 17:28 - 2015-02-05 17:57 - 00096680 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2015-04-16 17:26 - 2014-01-08 19:20 - 00000000 ____D () C:\Program Files\gsak
2015-04-16 17:19 - 2012-07-26 08:43 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-04-16 06:27 - 2013-08-22 10:17 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2015-04-15 20:37 - 2014-02-13 21:09 - 00000000 ____D () C:\Users\Nicole\AppData\Roaming\ClassicShell
2015-04-15 05:39 - 2013-08-22 10:17 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-04-14 23:03 - 2013-08-22 10:17 - 00000000 ____D () C:\WINDOWS\AppCompat
2015-04-14 23:02 - 2013-08-22 10:17 - 00000000 ____D () C:\WINDOWS\rescache
2015-04-14 22:01 - 2014-05-20 22:55 - 00000000 __RDO () C:\Users\Nicole\OneDrive
2015-04-14 21:03 - 2014-12-09 22:03 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2015-04-14 21:03 - 2014-07-08 19:43 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2015-04-14 21:03 - 2013-08-22 10:17 - 00000000 ____D () C:\WINDOWS\system32\de-DE
2015-04-14 20:24 - 2013-06-12 17:35 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-14 20:11 - 2013-07-19 03:00 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-04-14 19:57 - 2013-06-12 13:53 - 125832184 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-04-14 01:24 - 2014-08-12 22:31 - 00792056 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-04-14 01:24 - 2014-08-12 22:31 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-04-10 20:38 - 2014-04-26 13:13 - 00000000 ____D () C:\ProgramData\Garmin
2015-04-10 20:38 - 2014-04-26 13:12 - 00000000 ____D () C:\ProgramData\Package Cache
2015-04-10 20:38 - 2013-06-12 15:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2015-04-10 20:37 - 2013-06-12 15:02 - 00000000 ____D () C:\Program Files\Garmin
2015-04-10 20:33 - 2015-01-04 20:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-04-10 20:33 - 2015-01-04 20:38 - 00000000 ____D () C:\Program Files\Avira
2015-04-08 18:31 - 2013-06-12 14:40 - 00002221 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-08 15:40 - 2013-10-17 19:06 - 00000000 ____D () C:\Users\Andreas
2015-04-06 14:13 - 2014-05-21 23:14 - 00466588 _____ () C:\WINDOWS\PFRO.log
2015-04-06 14:09 - 2013-08-22 10:17 - 00000000 ____D () C:\WINDOWS\Web
2015-04-06 14:03 - 2012-07-26 08:53 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
2015-04-05 21:29 - 2015-02-01 23:35 - 00000000 ____D () C:\Users\Nicole\AppData\Roaming\Avira
2015-04-04 22:00 - 2013-08-22 08:13 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-04-04 21:52 - 2013-06-12 15:24 - 00000000 ____D () C:\Users\Andreas\AppData\Roaming\TuneUp Software
2015-04-01 12:52 - 2015-01-04 20:49 - 00000000 ____D () C:\Users\Andreas\AppData\Roaming\Avira
2015-04-01 12:50 - 2015-01-04 20:38 - 00000000 ____D () C:\ProgramData\Avira
2015-03-29 22:22 - 2013-10-17 19:06 - 00000000 ____D () C:\Users\Administrator
2015-03-29 20:29 - 2013-10-17 19:06 - 00000000 ____D () C:\Users\Nicole
2015-03-21 16:11 - 2013-08-22 10:17 - 00000000 ____D () C:\WINDOWS\LiveKernelReports

==================== Files in the root of some directories =======

2015-03-31 10:14 - 2015-03-31 10:14 - 0004387 _____ () C:\Users\Andreas\AppData\Roaming\dOP1CvgOyc7q
2015-03-31 10:14 - 2015-03-31 10:14 - 0005655 _____ () C:\Users\Andreas\AppData\Roaming\DXPAJlb
2015-03-31 10:14 - 2015-03-31 10:14 - 0004387 _____ () C:\Users\Andreas\AppData\Roaming\N6Iytlgw
2015-03-31 10:14 - 2015-03-31 10:14 - 0005655 _____ () C:\Users\Andreas\AppData\Roaming\nxlLlvIkPexymBynvw
2014-10-01 22:20 - 2014-09-23 20:17 - 0000034 _____ () C:\Users\Andreas\AppData\Roaming\pdfdrawcodec.dll
2014-03-17 20:26 - 2014-05-21 19:27 - 0000039 _____ () C:\Users\Andreas\AppData\Roaming\WB.CFG
2014-03-08 22:30 - 2014-03-08 22:30 - 0000218 _____ () C:\Users\Andreas\AppData\Local\recently-used.xbel
2013-10-10 12:33 - 2013-10-10 12:33 - 0000036 ___SH () C:\ProgramData\Shrew Soft VPN.dat

Files to move or delete:
====================
C:\ProgramData\Shrew Soft VPN.dat


Some content of TEMP:
====================
C:\Users\Andreas\AppData\Local\Temp\AntiToolbarPackage.exe
C:\Users\Andreas\AppData\Local\Temp\avgnt.exe
C:\Users\Andreas\AppData\Local\Temp\AVG_AV_Setup.exe
C:\Users\Andreas\AppData\Local\Temp\jre-8u45-windows-au.exe
C:\Users\Andreas\AppData\Local\Temp\Quarantine.exe
C:\Users\Andreas\AppData\Local\Temp\sqlite3.dll
C:\Users\Nicole\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-14 22:46

==================== End Of Log ============================
--- --- ---
FRST Additions Logfile:
Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15-04-2015 04
Ran by Andreas at 2015-04-16 19:13:09
Running from C:\Users\Andreas\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acer Backup Manager (HKLM\...\InstallShield_{9DDDF20E-9FD1-4434-A43E-E7889DBC9420}) (Version: 4.0.1.0069 - NTI Corporation)
Acer Recovery Management (HKLM\...\{D6B57AF2-2406-49E4-B219-EAA8B0B9F3CF}) (Version: 6.00.3015 - Acer Incorporated)
Acer System Information (HKLM\...\{72199E33-4F2A-4B7F-8E25-95DDDD50A678}) (Version: 1.0.0 - Acer)
AcerCloud (HKLM\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.01.3125 - Acer Incorporated)
AcerCloud Docs (HKLM\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.00.3204 - Acer Incorporated)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Ahnenblatt 2.74 (HKLM\...\Ahnenblatt_is1) (Version: 2.74.0.1 - Dirk Boettcher)
Amazon Kindle (HKLM\...\Amazon Kindle) (Version:  - Amazon)
Amazon MP3-Downloader 1.0.18 (HKU\S-1-5-21-3707818198-1158306646-3350299682-1001\...\Amazon MP3-Downloader) (Version: 1.0.18 - Amazon Services LLC)
ANT Drivers Installer x86 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Avira (HKLM\...\{b5675cc4-ab8b-4945-8c1d-4c5479556d6a}) (Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG)
Avira (Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM\...\Avira Antivirus) (Version: 15.0.9.504 - Avira Operations GmbH & Co. KG)
AVM FRITZ!Fernzugang (HKLM\...\{F2B03BB1-D679-4FFF-951D-3058A669A823}) (Version: 1.3.1 - AVM Berlin)
Backup Manager v4 (Version: 4.0.1.0069 - NTI Corporation) Hidden
Broadcom Location Sensor (HKLM\...\{8C3E72F2-7E87-4195-8415-AD113FEB696B}) (Version: 19.14.8401.4 - Broadcom Corporation)
calibre (HKLM\...\{092888A8-8F3B-4C31-8636-F9632030C971}) (Version: 2.5.0 - Kovid Goyal)
Canon MX310 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX310_series) (Version:  - )
Canon My Printer (HKLM\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Classic Shell (HKLM\...\{13793E6A-6DBC-4112-81B7-7554DFC5D959}) (Version: 4.0.4 - IvoSoft)
clear.fi Media (HKLM\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.01.3112 - Acer Incorporated)
clear.fi Photo (HKLM\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.01.3109 - Acer Incorporated)
clear.fi SDK - Video 2 (Version: 2.1.2128 - CyberLink Corp.) Hidden
clear.fi SDK- Movie 2 (Version: 2.1.2112 - CyberLink Corp.) Hidden
Cliqz (HKLM\...\{5A0C0737-6AFE-4DC6-A8B4-6DFE509ACD75}_is1) (Version: 0.5.22 - Cliqz.com)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
dm-Fotowelt (HKLM\...\dm-Fotowelt) (Version: 5.1.3 - CEWE Stiftung u Co. KGaA)
Elevated Installer (Version: 4.0.15.0 - Garmin Ltd or its subsidiaries) Hidden
Eumex 800 V1.30 (HKLM\...\InstallShield_{FACE9D51-E374-4DDB-857C-816FCB1D6B40}) (Version: 1.30.0000 - T-Home)
Eumex 800 V1.30 (Version: 1.30.0000 - T-Home) Hidden
Firebird SQL Server - MAGIX Edition (HKLM\...\{39AB2E37-1A55-4292-A5D3-971E9F70D0F8}) (Version: 2.1.32.0 - MAGIX AG)
Fotogalerie (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
FRITZ!Box-Fernzugang einrichten (HKLM\...\{EFADD989-D9F2-49F6-A280-675951CC78D3}) (Version: 1.0.3 - AVM Berlin)
Garmin Communicator Plugin (HKLM\...\{032A13FF-D26D-4844-9597-7EF698627985}) (Version: 4.1.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM\...\{50755d67-ae60-4e47-b3d6-ce44d01b5a95}) (Version: 4.0.15.0 - Garmin Ltd or its subsidiaries)
Garmin Express (Version: 4.0.15.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (Version: 4.0.15.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin USB Drivers (HKLM\...\{ABA5E381-EC46-425C-86C5-5CD15BBFB4BF}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Garmin WebUpdater (HKLM\...\{AE1EC58E-B2AC-4959-A4C2-C38202A25239}) (Version: 2.5.6 - Garmin Ltd or its subsidiaries)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Chrome (HKLM\...\Google Chrome) (Version: 41.0.2272.118 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
GSAK 8.5.1.31 (HKLM\...\GSAK_is1) (Version:  - CWE computer services)
HIDmonitor (HKLM\...\{45D64170-C929-4A80-9897-6A5206600870}) (Version: 1.23 - ACER)
Identity Card (HKLM\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3004 - Acer Incorporated)
Image Converter (HKLM\...\Image Converter Image Converter) (Version: 1.0.0 - Image Converter)
INSTAR Camera Tool (HKLM\...\{3B0795E8-95FE-43E9-B0C6-87E14BF340F6}) (Version: 1.3 - INSTAR)
INSTAR Camera Tool (HKLM\...\{630473B5-3AA9-4477-B6DD-F9EA5BEEDD42}) (Version: 2.0.1.0 - INSTAR)
InstarVision 1.3 (HKLM\...\InstarVision_is1) (Version: 1.3 - INSTAR)
Java 8 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Junk Mail filter update (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
LinuxLive USB Creator (HKLM\...\LinuxLive USB Creator) (Version: 2.8 - Thibaut Lauziere)
Live Updater (HKLM\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3006 - Acer Incorporated)
MAGIX Foto Designer 7 (HKLM\...\MAGIX_{2DCD52EE-1AE1-4128-9819-A79F7D09B6B3}) (Version: 7.0.1.1 - MAGIX AG)
MAGIX Foto Designer 7 (Version: 7.0.1.1 - MAGIX AG) Hidden
MAGIX Foto Manager 12 (HKLM\...\MX.{54E26D9B-21F5-470E-988B-4CB0A3938CB2}) (Version: 10.0.0.271 - MAGIX AG)
MAGIX Foto Manager 12 (Version: 10.0.0.271 - MAGIX AG) Hidden
Malwarebytes Anti-Malware Version 2.1.4.1018 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 - de-de (HKLM\...\ProPlusRetail - de-de) (Version: 15.0.4701.1002 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3707818198-1158306646-3350299682-1001\...\OneDriveSetup.exe) (Version: 17.3.4726.0226 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x86) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 37.0.1 (x86 de) (HKLM\...\Mozilla Firefox 37.0.1 (x86 de)) (Version: 37.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 37.0.1 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
Norton Online Backup (HKLM\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.2.3.51r - Symantec Corporation)
Norton Online Backup ARA (Version: 4.1.0.14 - Symantec Corporation) Hidden
Office 15 Click-to-Run Extensibility Component (Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
Office Addin (HKLM\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.01.3202 - Acer)
Office Addin 2003 (HKLM\...\{1FCC073B-CC01-4443-AD20-E559F66E6E83}) (Version: 2.01.3202 - Acer)
PDFBearbeiten V2.1 (HKLM\...\PDFBearbeiten_is1) (Version:  - hxxp://www.PDFBearbeiten.net)
RawTherapee Version 4.0.11 (HKLM\...\{128459AB-59A7-430A-8BD0-3D8803D50400}_is1) (Version: 4.0.11 - rawtherapee.com)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.3 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
Spotify (HKLM\...\Spotify) (Version: 0.8.4.99.ga249b5f1 - Spotify AB)
SurveillanceHelper (HKLM\...\{E8236305-76A1-4AE2-A35C-2498D6876912}) (Version: 1.0.0.3 - Synology)
SurveillancePlugin (HKLM\...\{B4637DBD-7E8E-46D4-BC9C-EC1C9F1DC561}) (Version: 1.0.0.423 - Synology)
Synology Assistant (remove only) (HKLM\...\Synology Assistant) (Version:  - )
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
VNC Free Edition 4.1.3 (HKLM\...\RealVNC_is1) (Version: 4.1.3 - RealVNC Ltd.)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows-Treiberpaket - Broadcom (bcmfn2) System  (08/30/2012 20.43.14.119) (HKLM\...\8ACEFA31AC73553F5EEFA5785AD8D4D0E850401F) (Version: 08/30/2012 20.43.14.119 - Broadcom)
Windows-Treiberpaket - Broadcom (BcmNfcIc) System  (11/20/2012 1.0.0.3900) (HKLM\...\F459CB4501C834872DA985412888B4BB6B41B4B0) (Version: 11/20/2012 1.0.0.3900 - Broadcom)
Windows-Treiberpaket - Broadcom (BCMSDH43XX) Net  (09/28/2012 5.93.97.76) (HKLM\...\1CFA0D541A51087D6800689D7476E5D7917C0496) (Version: 09/28/2012 5.93.97.76 - Broadcom)
Windows-Treiberpaket - Broadcom (BtwSerialBus) System  (10/30/2012 12.0.0.3323) (HKLM\...\3F272E3DF767649646788E1840B446238B2EFA9F) (Version: 10/30/2012 12.0.0.3323 - Broadcom)
Windows-Treiberpaket - Broadcom (WUDFRd) Proximity  (11/20/2012 1.0.0.3900) (HKLM\...\349970D3C7845512EED98B9726BCF407FDBB395B) (Version: 11/20/2012 1.0.0.3900 - Broadcom)
Windows-Treiberpaket - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows-Treiberpaket - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3707818198-1158306646-3350299682-1001_Classes\CLSID\{3f04dadf-6ea4-44d1-a507-03cad176f443}\InprocServer32 -> C:\Users\Andreas\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
CustomCLSID: HKU\S-1-5-21-3707818198-1158306646-3350299682-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Andreas\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncApi.dll (Microsoft Corporation)

==================== Restore Points  =========================

06-04-2015 14:01:28 Removed AVG 2013
10-04-2015 20:36:06 Garmin Express
14-04-2015 19:55:56 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:13 - 2013-08-22 08:13 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {010BE76C-4DB5-415A-B503-CC34C11AE760} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-02-03] (Microsoft Corporation)
Task: {05A4520E-A49D-4003-8B48-DE2D85FDF392} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {0C38EEDC-8F5D-4ABE-A1DE-06DDBADFA970} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\WINDOWS\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {0D842661-BAF8-4143-A3E0-382AFEC655D3} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {1279066A-CE37-4764-8912-615E526E6AC0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-06-12] (Google Inc.)
Task: {21BBB11E-02D3-473C-BC9A-B16C290FA93F} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX86\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation)
Task: {23BF0FBB-86E6-413A-904F-BB70AEEF951C} - System32\Tasks\ALUAgent => C:\Program Files\Acer\Live Updater\liveupdater_agent.exe [2012-06-21] ()
Task: {2A891D64-2BA7-49E3-A600-325988F1A0AB} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\WINDOWS\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {2E9EA12D-FD65-448A-AB2D-CFB16512841C} - System32\Tasks\DXPAJlb => C:\Users\Andreas\AppData\Roaming\DXPAJlb.exe <==== ATTENTION
Task: {35BC581D-9ABA-470F-ABFB-DC91775B8B4B} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX86\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation)
Task: {432B1F2E-B41E-4725-A0FE-4E475248929A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-06-12] (Google Inc.)
Task: {4AC39E46-3B93-42B4-BF47-5A7C2DE0F488} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\WINDOWS\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
Task: {5B6D9F93-8668-46E9-8BC2-5EA5993CD04F} - System32\Tasks\Microsoft Office 15 Sync Maintenance for TABLET-Andreas Tablet => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2015-02-10] (Microsoft Corporation)
Task: {7687D3FC-2EB3-43B3-901E-17B0BEE5EA05} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\WINDOWS\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {8757291D-33F3-4BF1-9C13-B865D554ED90} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-02-03] (Microsoft Corporation)
Task: {945D0BE6-3940-438D-9649-FFCD36A88832} - System32\Tasks\HIDMonitor => C:\Program Files\Atmel\HIDMonitor\HidMonitor.exe [2012-10-10] ()
Task: {A134406C-2692-4686-BE3A-5706A830B47F} - System32\Tasks\ALU => C:\Program Files\Acer\Live Updater\updater.exe [2012-11-06] ()
Task: {A9DB8815-D353-43A6-88EC-066371484DC9} - System32\Tasks\GarminUpdaterTask => C:\Program Files\Garmin\Express Self Updater\ExpressSelfUpdater.exe
Task: {B9E510FE-5182-46B5-8CD1-25DBF2AF9DCA} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-3707818198-1158306646-3350299682-1001 => %localappdata%\Microsoft\OneDrive\OneDrive.exe
Task: {C264ECBE-9895-4C94-A2D7-E927368CAA11} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-14] (Adobe Systems Incorporated)
Task: {F1AEE664-B64E-49C4-97B5-E00F4562CF64} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-04-14] (Microsoft Corporation)
Task: {FBB90CE2-D309-497D-B0ED-E38453494A04} - System32\Tasks\N6Iytlgw => C:\Users\Andreas\AppData\Roaming\N6Iytlgw.exe <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\DXPAJlb.job => C:\Users\Andreas\AppData\Roaming\DXPAJlb.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\N6Iytlgw.job => C:\Users\Andreas\AppData\Roaming\N6Iytlgw.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) ==============

2014-06-19 14:32 - 2014-05-20 03:11 - 00080040 _____ () C:\Program Files\Microsoft Office 15\ClientX86\ApiClient.dll
2012-10-31 00:17 - 2012-10-31 00:17 - 00465384 _____ () C:\Program Files\NTI\Acer Backup Manager\sqlite3.dll
2012-10-31 00:17 - 2012-10-31 00:17 - 00125504 _____ () C:\Program Files\NTI\Acer Backup Manager\MailConverter32.dll
2012-10-31 00:17 - 2012-10-31 00:17 - 00155712 _____ () C:\Program Files\NTI\Acer Backup Manager\VolumeSnapshot.dll
2012-10-31 00:17 - 2012-10-31 00:17 - 00118336 _____ () C:\Program Files\NTI\Acer Backup Manager\Online.dll
2012-10-31 00:16 - 2012-10-31 00:16 - 01081408 _____ () C:\Program Files\NTI\Acer Backup Manager\ACE.dll
2012-10-31 00:17 - 2012-10-31 00:17 - 00052288 _____ () C:\Program Files\NTI\Acer Backup Manager\OsSettingPort.dll
2012-10-31 00:17 - 2012-10-31 00:17 - 00727616 _____ () C:\Program Files\NTI\Acer Backup Manager\OutlookShadow.dll
2014-02-25 03:28 - 2014-02-25 03:28 - 00248736 _____ () C:\Program Files\Synology\Assistant\UsbClientService.exe
2012-10-10 21:53 - 2012-10-10 21:53 - 00805448 _____ () C:\Program Files\Atmel\HIDMonitor\HidMonitor.exe
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2013-05-22 20:50 - 2013-05-22 20:50 - 00400704 _____ () C:\Users\Andreas\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
2014-11-18 05:07 - 2014-11-18 05:07 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll
2015-04-14 20:07 - 2015-04-14 20:07 - 16863920 _____ () C:\WINDOWS\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Andreas\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Nicole\OneDrive:ms-properties
AlternateDataStreams: C:\Users\Nicole\OneDrive.old:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\gpioclv.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\inteli2c.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lnwipc.sys => ""="Driver"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3707818198-1158306646-3350299682-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Andreas\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\bä26m-061012.jpg
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-3707818198-1158306646-3350299682-500 - Administrator - Disabled) => C:\Users\Administrator
Andreas (S-1-5-21-3707818198-1158306646-3350299682-1001 - Administrator - Enabled) => C:\Users\Andreas
Gast (S-1-5-21-3707818198-1158306646-3350299682-501 - Limited - Disabled)
Nicole (S-1-5-21-3707818198-1158306646-3350299682-1004 - Limited - Enabled) => C:\Users\Nicole

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/16/2015 07:06:51 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TABLET)
Description: Bei der Aktivierung der App „52756PaulHenke.Abfahrtsmonitor_z6fr3e9yarz1a!App“ ist folgender Fehler aufgetreten: -2144927148. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (04/16/2015 06:52:37 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TABLET)
Description: Bei der Aktivierung der App „52756PaulHenke.Abfahrtsmonitor_z6fr3e9yarz1a!App“ ist folgender Fehler aufgetreten: -2144927148. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (04/16/2015 06:37:36 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TABLET)
Description: Bei der Aktivierung der App „52756PaulHenke.Abfahrtsmonitor_z6fr3e9yarz1a!App“ ist folgender Fehler aufgetreten: -2144927148. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (04/16/2015 06:22:35 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TABLET)
Description: Bei der Aktivierung der App „52756PaulHenke.Abfahrtsmonitor_z6fr3e9yarz1a!App“ ist folgender Fehler aufgetreten: -2144927148. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (04/16/2015 06:07:35 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TABLET)
Description: Bei der Aktivierung der App „52756PaulHenke.Abfahrtsmonitor_z6fr3e9yarz1a!App“ ist folgender Fehler aufgetreten: -2144927148. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (04/16/2015 05:53:47 PM) (Source: DptfPolicyLpmServiceHelper) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceHelperCreateSharedMemory:  CreateFileMapping() failed.Last error = [0x00000005]

Error: (04/16/2015 05:52:39 PM) (Source: DptfPolicyConfigTDPService) (EventID: 1) (User: )
Description: DptfPolicyConfigTDPServiceServiceMainThread:  NotifyServiceStatusRunning() failed.

Error: (04/16/2015 05:52:39 PM) (Source: DptfPolicyConfigTDPService) (EventID: 1) (User: )
Description: DptfPolicyConfigTDPServiceNotifyServiceStatusRunning:  DeviceIoControl() failed.Last error = [0x00000001]

Error: (04/16/2015 05:51:49 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TABLET)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (04/16/2015 05:50:08 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TABLET)
Description: Bei der Aktivierung der App „52756PaulHenke.Abfahrtsmonitor_z6fr3e9yarz1a!App“ ist folgender Fehler aufgetreten: -2144927148. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.


System errors:
=============
Error: (04/16/2015 05:52:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3

Error: (04/16/2015 05:51:44 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (04/16/2015 05:51:44 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Druckwarteschlange" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (04/16/2015 05:51:44 PM) (Source: DCOM) (EventID: 10010) (User: TABLET)
Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca

Error: (04/16/2015 05:51:44 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "UsbClientService" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 200 Millisekunden durchgeführt: Neustart des Diensts.

Error: (04/16/2015 05:51:44 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Microsoft Office-Klick-und-Los-Dienst" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.

Error: (04/16/2015 05:51:42 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "FABS - Helping agent for MAGIX media database" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (04/16/2015 05:51:41 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (04/16/2015 05:51:39 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (04/16/2015 05:51:39 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "VNC Server Version 4" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


Microsoft Office Sessions:
=========================
Error: (04/16/2015 07:06:51 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TABLET)
Description: 52756PaulHenke.Abfahrtsmonitor_z6fr3e9yarz1a!App-2144927148

Error: (04/16/2015 06:52:37 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TABLET)
Description: 52756PaulHenke.Abfahrtsmonitor_z6fr3e9yarz1a!App-2144927148

Error: (04/16/2015 06:37:36 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TABLET)
Description: 52756PaulHenke.Abfahrtsmonitor_z6fr3e9yarz1a!App-2144927148

Error: (04/16/2015 06:22:35 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TABLET)
Description: 52756PaulHenke.Abfahrtsmonitor_z6fr3e9yarz1a!App-2144927148

Error: (04/16/2015 06:07:35 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TABLET)
Description: 52756PaulHenke.Abfahrtsmonitor_z6fr3e9yarz1a!App-2144927148

Error: (04/16/2015 05:53:47 PM) (Source: DptfPolicyLpmServiceHelper) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceHelperCreateSharedMemory:  CreateFileMapping() failed.Last error = [0x00000005]

Error: (04/16/2015 05:52:39 PM) (Source: DptfPolicyConfigTDPService) (EventID: 1) (User: )
Description: DptfPolicyConfigTDPServiceServiceMainThread:  NotifyServiceStatusRunning() failed.

Error: (04/16/2015 05:52:39 PM) (Source: DptfPolicyConfigTDPService) (EventID: 1) (User: )
Description: DptfPolicyConfigTDPServiceNotifyServiceStatusRunning:  DeviceIoControl() failed.Last error = [0x00000001]

Error: (04/16/2015 05:51:49 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TABLET)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927141

Error: (04/16/2015 05:50:08 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TABLET)
Description: 52756PaulHenke.Abfahrtsmonitor_z6fr3e9yarz1a!App-2144927148


CodeIntegrity Errors:
===================================
  Date: 2015-04-16 17:52:21.558
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\Drivers\ssmdrv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-04-16 17:52:21.386
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\Drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-04-16 17:19:55.370
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\Drivers\ssmdrv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-04-16 17:19:55.198
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\Drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-04-14 21:04:52.495
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\Drivers\ssmdrv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-04-14 21:04:52.324
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\Drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-04-10 20:30:58.136
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\Drivers\ssmdrv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-04-10 20:30:57.964
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\Drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-04-08 18:38:04.322
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\Drivers\ssmdrv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-04-08 18:38:04.150
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\Drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel(R) Atom(TM) CPU Z2760 @ 1.80GHz
Percentage of memory in use: 78%
Total physical RAM: 2007.43 MB
Available physical RAM: 434.79 MB
Total Pagefile: 2938.86 MB
Available Pagefile: 691.18 MB
Total Virtual: 2047.88 MB
Available Virtual: 1858.54 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:47.24 GB) (Free:6.89 GB) NTFS
Drive d: () (Removable) (Total:59.45 GB) (Free:55.46 GB) exFAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 58.2 GB) (Disk ID: C4917D82)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 59.5 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================
--- --- ---

schrauber 17.04.2015 06:09
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

skymaker18 17.04.2015 19:17
Liste der Anhänge anzeigen (Anzahl: 2)
Guten abend lieber Schrauber,
im Anhang habe ich die gewünschten Dateien angefügt. Ich hoffe das hilft Dir weiter. Gruß Andreas

schrauber 18.04.2015 19:44
Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.
Ich kann auf Arbeit keine Anhänge öffnen, danke.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307





ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

skymaker18 19.04.2015 06:15
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=800383093c1756479f1a89a0ce81e6d7
# engine=23450
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-04-18 10:50:32
# local_time=2015-04-19 12:50:32 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 3388597 11915360 0 0
# scanned=212987
# found=53
# cleaned=53
# scan_time=12976
sh=4B56255AAD46767B3A6C96AA17B7924D5E0F75C5 ft=1 fh=86bbd9c315b4fbb0 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\$Recycle.Bin\S-1-5-21-3707818198-1158306646-3350299682-1001\$RNG3I1Q.exe"
sh=90D8681C10A4AFCB1C587B5894FC52ACF98731FB ft=0 fh=0000000000000000 vn="Win32/SearchPlugin.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\$Recycle.Bin\S-1-5-21-3707818198-1158306646-3350299682-1001\$R4HJBZZ\jnnkwbe8.default-1428174434918\searchplugins\Reimage Search.xml"
sh=C5AB873137D08AC1ADDF09273F3872FA2448C08A ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\$Recycle.Bin\S-1-5-21-3707818198-1158306646-3350299682-1001\$RAT1HDC\d2fhspae.default\extensions\webbooster@iminent.com.xpi"
sh=382074AAC419517C309A2B36A7227E89CD9ECEC7 ft=1 fh=f6f5126377959a90 vn="Win32/Toolbar.Montiera.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\$Recycle.Bin\S-1-5-21-3707818198-1158306646-3350299682-1001\$RAT1HDC\d2fhspae.default\extensions\ffxtlbr@iminent.com\uninstall.exe"
sh=97BCCD25561F44E9B13F05F6EEF083C9CE9BA529 ft=1 fh=641f1fb3d2e699c4 vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\Conduit\Community Alerts\Alert.dll.vir"
sh=C58417722C0B741EA8D55D06914E692180900885 ft=1 fh=f4976c33c2ff8570 vn="Win32/Toolbar.Conduit.V evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\entrusted\entrustedToolbarHelper.exe.vir"
sh=760FEFD40C6D57E025870D1751BB4866DB817A08 ft=1 fh=13ad7c67f4205b7d vn="Variante von Win64/Toolbar.Conduit.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\entrusted\hk64tbentr.dll.vir"
sh=7B6415B3484E7520346D23B37E9EA34213A501F8 ft=1 fh=82794b7fc5095fc2 vn="Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\entrusted\hktbentr.dll.vir"
sh=C5DF0797E02AE31378A4AC52D52BBF94A4B358F7 ft=1 fh=9c654b812c04fa3d vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\entrusted\ldrtbentr.dll.vir"
sh=ED94EBA402F6F7415A9ACFF41CD9CEF65011A296 ft=1 fh=0fefb0067dac2a55 vn="Win32/Toolbar.Conduit.N evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\entrusted\prxtbentr.dll.vir"
sh=6206C3DBAD446CC1CA2EB28160DB3ECDEC4AD5C9 ft=1 fh=e8940c9bac6f2233 vn="Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\entrusted\tbentr.dll.vir"
sh=93510E07EBD463BE51052EC8114EC16C5423103E ft=0 fh=0000000000000000 vn="Win32/Conduit.SearchProtect.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\Mozilla Firefox\browser\nsprotector.js.vir"
sh=605151B2EABB71AD5FA81E7513A43A0201AE8CAF ft=1 fh=48be24d62ce083a1 vn="Win32/AnyProtect.E evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Andreas\AppData\Local\AnyProtectScannerSetup.exe.vir"
sh=D86451022DDD8348105C1D52FBFD2ADB1E2DCC30 ft=1 fh=d3e706a6307522ba vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Andreas\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll.vir"
sh=314F703F0F190BF70F0386509C10998D4E2BD10B ft=1 fh=2f9f46df1834d950 vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Andreas\AppData\Local\Conduit\BackgroundContainer\TBUpdaterLogic_1.0.0.1.dll.vir"
sh=D3CBDD7C6ED2C9D81DA4FCF9AF57CDD5D3711ED3 ft=1 fh=86dbe26399c3d0fa vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Andreas\AppData\Local\Conduit\BackgroundContainer\TBUpdaterLogic_1.0.0.2.dll.vir"
sh=31CE21FE36C11E107A6E315EFE1875743809B4CC ft=1 fh=48abcfa6ce4a4014 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Andreas\AppData\Local\Temp\OCS\ocs_v71b.exe.vir"
sh=ECAAC2B22C5DF388FA3847749C931AEF458384B8 ft=1 fh=2876dfec7d92aded vn="Variante von Win64/Toolbar.Conduit.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Andreas\AppData\LocalLow\entrusted\hk64tbent0.dll.vir"
sh=068A54F966DB6AC14BCA0E39E2A99E3F0027304D ft=1 fh=39f7a16b0423d981 vn="Win64/Toolbar.Conduit.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Andreas\AppData\LocalLow\entrusted\hk64tbent2.dll.vir"
sh=760FEFD40C6D57E025870D1751BB4866DB817A08 ft=1 fh=13ad7c67f4205b7d vn="Variante von Win64/Toolbar.Conduit.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Andreas\AppData\LocalLow\entrusted\hk64tbentr.dll.vir"
sh=C325F9A28C049D03E23060686A70B398531CDB05 ft=1 fh=742ed93f69aeb6e1 vn="Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Andreas\AppData\LocalLow\entrusted\hktbent0.dll.vir"
sh=CC6AF3A384A61C1C621BA5AB43583E82FF281530 ft=1 fh=bbbd034bf7d0bf76 vn="Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Andreas\AppData\LocalLow\entrusted\hktbent2.dll.vir"
sh=7B6415B3484E7520346D23B37E9EA34213A501F8 ft=1 fh=82794b7fc5095fc2 vn="Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Andreas\AppData\LocalLow\entrusted\hktbentr.dll.vir"
sh=EFB534D515903744B9755391A417051902C16DE2 ft=1 fh=e331f9a91891a78b vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Andreas\AppData\LocalLow\entrusted\ldrtbent0.dll.vir"
sh=9B3B44428CC80CC43F085AE514E7E16F7963EACC ft=1 fh=4c03fc1250fa29f9 vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Andreas\AppData\LocalLow\entrusted\ldrtbent2.dll.vir"
sh=C5DF0797E02AE31378A4AC52D52BBF94A4B358F7 ft=1 fh=9c654b812c04fa3d vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Andreas\AppData\LocalLow\entrusted\ldrtbentr.dll.vir"
sh=19C0679FA65F480C9A0BC5C43396D2ADEC8BCAF9 ft=1 fh=bca908a16a338e6a vn="Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Andreas\AppData\LocalLow\entrusted\tbent0.dll.vir"
sh=81AF7CFB10091601ED1B82B92BDA2A254AA2B82F ft=1 fh=b76578e523b80dbc vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Andreas\AppData\LocalLow\entrusted\tbent1.dll.vir"
sh=33457E2F2405727124C107D6DEAF24C94E992463 ft=1 fh=e719e166edfd7994 vn="Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Andreas\AppData\LocalLow\entrusted\tbent2.dll.vir"
sh=6206C3DBAD446CC1CA2EB28160DB3ECDEC4AD5C9 ft=1 fh=e8940c9bac6f2233 vn="Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Andreas\AppData\LocalLow\entrusted\tbentr.dll.vir"
sh=B5C93DA0C608B26C9487ABC49CCB643C9A15ED33 ft=1 fh=75f1c65aa8a331ed vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Andreas\AppData\LocalLow\entrusted\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.12\bin\PriceGongIE.dll.vir"
sh=9E77E1D2FD7B77B0FD8A71A70C35DD5A16836CF3 ft=1 fh=b241df9fafd25e77 vn="Win32/Systweak.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Andreas\AppData\Roaming\Systweak\ssd\SSDPTstub.exe.vir"
sh=10FEE8E5DAC8050ACD59DCB8E73BAB4E8C751253 ft=1 fh=0c867f66b0a21d5d vn="Win32/VOPackage.H evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Andreas\AppData\Roaming\VOPackage\runasu.exe.vir"
sh=F2BC31A58A7DA0E16A01EBA80303C48B6A003A62 ft=1 fh=6e62fbdded7656e0 vn="Win32/Adware.ConvertAd.AQ Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Andreas\AppData\Roaming\VOPackage\Uninstall.exe.vir"
sh=760FEFD40C6D57E025870D1751BB4866DB817A08 ft=1 fh=13ad7c67f4205b7d vn="Variante von Win64/Toolbar.Conduit.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Nicole\AppData\LocalLow\entrusted\hk64tbentr.dll.vir"
sh=7B6415B3484E7520346D23B37E9EA34213A501F8 ft=1 fh=82794b7fc5095fc2 vn="Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Nicole\AppData\LocalLow\entrusted\hktbentr.dll.vir"
sh=C5DF0797E02AE31378A4AC52D52BBF94A4B358F7 ft=1 fh=9c654b812c04fa3d vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Nicole\AppData\LocalLow\entrusted\ldrtbentr.dll.vir"
sh=70E94C3740C0A11D19CB4D5D71D4B92F4C742571 ft=1 fh=9e7fba2aaf4b3dbf vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Nicole\AppData\LocalLow\entrusted\tbent1.dll.vir"
sh=6206C3DBAD446CC1CA2EB28160DB3ECDEC4AD5C9 ft=1 fh=e8940c9bac6f2233 vn="Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Nicole\AppData\LocalLow\entrusted\tbentr.dll.vir"
sh=B5C93DA0C608B26C9487ABC49CCB643C9A15ED33 ft=1 fh=75f1c65aa8a331ed vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Nicole\AppData\LocalLow\entrusted\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.12\bin\PriceGongIE.dll.vir"
sh=16A0BA300EF372FDC870CFB1C5F1B7A2F4712F80 ft=1 fh=59e368ecab7ca4e6 vn="Variante von Win32/ReImageRepair.D evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Andreas\AppData\Local\Microsoft\Windows\INetCache\IE\KB7105P7\AntiToolbarPackage1009a[1].exe"
sh=2EDA4CE367DF255BCF879163C9622941F086F0EA ft=1 fh=a15e77b2f2df4c30 vn="Win32/SearchPlugin.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Andreas\AppData\Local\Microsoft\Windows\INetCache\IE\L0SK79A5\AntiToolbar[1].exe"
sh=16A0BA300EF372FDC870CFB1C5F1B7A2F4712F80 ft=1 fh=59e368ecab7ca4e6 vn="Variante von Win32/ReImageRepair.D evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Andreas\AppData\Local\Temp\AntiToolbarPackage.exe"
sh=08131ADF7C15E801A902E72ADA9DBA8EF81AD101 ft=1 fh=0e19461b6ef503f8 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Andreas\AppData\Local\Temp\DMR\dmr_72.exe"
sh=65F1F0D076FEC3A794F84FE5CB355E525054128E ft=1 fh=c3ad2ea4cdaf915e vn="Variante von Win32/InstallCore.YX evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Andreas\AppData\Local\Temp\is45637729\1372592_stp\icc.dll"
sh=3C82A2E3557E1D6D778247DFEF0966C6D8883947 ft=1 fh=003b51f20285a43e vn="Win32/Systweak.D evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Andreas\AppData\Local\Temp\is45637729\1372896_stp\rcpsetup_adppi12_adppi12.exe"
sh=65F1F0D076FEC3A794F84FE5CB355E525054128E ft=1 fh=c3ad2ea4cdaf915e vn="Variante von Win32/InstallCore.YX evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Andreas\AppData\Local\Temp\is45637729\2578022_stp\icc.dll"
sh=171D0DFAD4ABC8BFCFC3DE6AD9EB03DBA9CB60AC ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Andreas\AppData\Roaming\dOP1CvgOyc7q"
sh=55D78AC37CF3425F3EFD8ACC3255C2CC92D26277 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Andreas\AppData\Roaming\DXPAJlb"
sh=171D0DFAD4ABC8BFCFC3DE6AD9EB03DBA9CB60AC ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Andreas\AppData\Roaming\N6Iytlgw"
sh=55D78AC37CF3425F3EFD8ACC3255C2CC92D26277 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Andreas\AppData\Roaming\nxlLlvIkPexymBynvw"
sh=16C8947926A98946746AC314B62A90C92DAD92FA ft=1 fh=1a17d913d6e553e7 vn="Win32/SearchPlugin.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Andreas\Downloads\AntiToolbar03 (1).exe"
sh=16C8947926A98946746AC314B62A90C92DAD92FA ft=1 fh=1a17d913d6e553e7 vn="Win32/SearchPlugin.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Andreas\Downloads\AntiToolbar03.exe"

Results of screen317's Security Check version 1.00
x86 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Avira Antivirus
Windows Defender
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java 8 Update 45
Java version 32-bit out of Date!
Adobe Flash Player 17.0.0.169
Adobe Reader XI
Mozilla Firefox (37.0.1)
Google Chrome (41.0.2272.118)
Google Chrome (42.0.2311.90)
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbam.exe
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
Malwarebytes Anti-Malware mbamscheduler.exe
Symantec Norton Online Backup NOBuAgent.exe
Symantec Norton Online Backup NOBuClient.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C::
````````````````````End of Log``````````````````````


FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-04-2015
Ran by Andreas (administrator) on TABLET on 19-04-2015 07:02:05
Running from C:\Users\Andreas\Downloads
Loaded Profiles: Andreas &  (Available profiles: Andreas & Nicole & Administrator)
Platform: Microsoft Windows 8.1 Pro (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forum

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\avmike.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Cloud\CCDMonitorService.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\certsrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX86\officeclicktorun.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantDisplayService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyConfigTDPService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe
(Garmin Ltd. or its subsidiaries) C:\Program Files\Garmin\Device Interaction Service\GarminService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
() C:\Program Files\Atmel\HIDMonitor\HidMonitor.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe
(NTI Corporation) C:\Program Files\NTI\Acer Backup Manager\IScheduleSvc.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe
() C:\Program Files\Synology\Assistant\UsbClientService.exe
(RealVNC Ltd.) C:\Program Files\RealVNC\VNC4\winvnc4.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x86__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\RuntimeBroker.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Symantec Corporation) C:\Program Files\Symantec\Norton Online Backup\NOBuClient.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
() C:\Users\Andreas\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(NTI Corporation) C:\Program Files\NTI\Acer Backup Manager\BackupManagerTray.exe
(T-Com) C:\Program Files\T-Home\Eumex 800 V1.30\ControlCenter.exe
(MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
() C:\Users\Andreas\Desktop\SecurityCheck.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\WINDOWS\system32\DptfPolicyLpmServiceHelper.exe [73216 2012-10-16] (Intel Corporation)
HKLM\...\Run: [Norton Online Backup] => C:\Program Files\Symantec\Norton Online Backup\NOBuClient.exe [2304192 2012-08-15] (Symantec Corporation)
HKLM\...\Run: [BCSSync] => D:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [150208 2014-01-18] (IvoSoft)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [726320 2015-04-01] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\tray.exe [1010008 2015-04-08] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
HKU\S-1-5-21-3707818198-1158306646-3350299682-1001\...\Run: [AmazonMP3DownloaderHelper] => C:\Users\Andreas\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()
HKU\S-1-5-21-3707818198-1158306646-3350299682-1001\...\Run: [GarminExpressTrayApp] => "C:\Program Files\Garmin\Express Tray\ExpressTray.exe"
HKU\S-1-5-21-3707818198-1158306646-3350299682-1001\...\Run: [DAEMON Tools Lite] => D:\Program Files\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-3707818198-1158306646-3350299682-1001\...\Run: [GoogleChromeAutoLaunch_46A172103AF55F16E10754CCD32BD34E] => C:\Program Files\Google\Chrome\Application\chrome.exe [812872 2015-04-13] (Google Inc.)
HKU\S-1-5-21-3707818198-1158306646-3350299682-1001\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [31682144 2015-03-25] (Skype Technologies S.A.)
HKU\S-1-5-21-3707818198-1158306646-3350299682-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [120832 2014-10-29] (Microsoft Corporation)
HKU\S-1-5-21-3707818198-1158306646-3350299682-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [AmazonMP3DownloaderHelper] => C:\Users\Andreas\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()
HKU\S-1-5-21-3707818198-1158306646-3350299682-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GarminExpressTrayApp] => "C:\Program Files\Garmin\Express Tray\ExpressTray.exe"
HKU\S-1-5-21-3707818198-1158306646-3350299682-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [DAEMON Tools Lite] => D:\Program Files\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-3707818198-1158306646-3350299682-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleChromeAutoLaunch_46A172103AF55F16E10754CCD32BD34E] => C:\Program Files\Google\Chrome\Application\chrome.exe [812872 2015-04-13] (Google Inc.)
HKU\S-1-5-21-3707818198-1158306646-3350299682-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [31682144 2015-03-25] (Skype Technologies S.A.)
HKU\S-1-5-21-3707818198-1158306646-3350299682-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [120832 2014-10-29] (Microsoft Corporation)
HKU\S-1-5-21-3707818198-1158306646-3350299682-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [514560 2014-10-29] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\tray.exe [1010008 2015-04-08] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer Backup Manager Tray.lnk
ShortcutTarget: Acer Backup Manager Tray.lnk -> C:\Program Files\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ControlCenter.lnk
ShortcutTarget: ControlCenter.lnk -> C:\Program Files\T-Home\Eumex 800 V1.30\ControlCenter.exe (T-Com)
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3707818198-1158306646-3350299682-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland ? mit Hotmail Nachfolger Outlook und Messenger Skype
HKU\S-1-5-21-3707818198-1158306646-3350299682-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland ? mit Hotmail Nachfolger Outlook und Messenger Skype
HKU\S-1-5-21-3707818198-1158306646-3350299682-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = Google
HKU\S-1-5-21-3707818198-1158306646-3350299682-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland ? mit Hotmail Nachfolger Outlook und Messenger Skype
HKU\S-1-5-21-3707818198-1158306646-3350299682-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland ? mit Hotmail Nachfolger Outlook und Messenger Skype
HKU\S-1-5-21-3707818198-1158306646-3350299682-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland ? mit Hotmail Nachfolger Outlook und Messenger Skype
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3707818198-1158306646-3350299682-1001 -> URL hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3281675&CUI=UN31333608712089811&UM=2&UP=SP97993911-785C-4393-A841-6C859136AE0D&SSPV=
SearchScopes: HKU\S-1-5-21-3707818198-1158306646-3350299682-1001 -> SuggestionsURL_JSON hxxp://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
SearchScopes: HKU\S-1-5-21-3707818198-1158306646-3350299682-1001 -> {E1C55331-E312-4921-BDC8-B6CA412C6562} URL =
SearchScopes: HKU\S-1-5-21-3707818198-1158306646-3350299682-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> URL hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3281675&CUI=UN31333608712089811&UM=2&UP=SP97993911-785C-4393-A841-6C859136AE0D&SSPV=
SearchScopes: HKU\S-1-5-21-3707818198-1158306646-3350299682-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> SuggestionsURL_JSON hxxp://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
SearchScopes: HKU\S-1-5-21-3707818198-1158306646-3350299682-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {E1C55331-E312-4921-BDC8-B6CA412C6562} URL =
SearchScopes: HKU\S-1-5-21-3707818198-1158306646-3350299682-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {E1C55331-E312-4921-BDC8-B6CA412C6562} URL =
SearchScopes: HKU\S-1-5-21-3707818198-1158306646-3350299682-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {E1C55331-E312-4921-BDC8-B6CA412C6562} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-01-18] (IvoSoft)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> D:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-04-16] (Oracle Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-02] (Google Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> D:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-02-10] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-16] (Oracle Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2014-01-18] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-01-18] (IvoSoft)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-02] (Google Inc.)
DPF: {960DC750-7447-4CDE-BF1C-FB33F9129654} https://192.168.178.25:5002/webman/3rdparty/SurveillanceStation/object/SSObject3.cab?6.0-2713
DPF: {A4150320-98EC-4DB6-9BFB-EBF4B6FBEB16} hxxp://192.168.178.24/codebase/DVM_IPCam2.ocx
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{A72342F1-4DF7-4C19-8FFB-C0C5071581E4}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1

FireFox:
========
FF ProfilePath: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\q9e0slz6.default-1429198790779
FF Homepage: google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-14] ()
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll [2013-10-09] (GARMIN Corp.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-16] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-16] (Oracle Corporation)
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2014-06-22] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> D:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-06-22] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-02] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-02] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-02-05] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-02-05] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin: synology.com/SurveillanceHelper -> C:\Program Files\Synology\SurveillanceHelper\1.0.0.3\npSurveillanceHelper.dll [2013-11-11] (Synology)
FF Plugin: synology.com/SurveillancePlugin -> C:\Program Files\Synology\SurveillancePlugin\1.0.0.423\npSurveillancePlugin.dll [2014-08-04] (Synology)
FF Plugin HKU\S-1-5-21-3707818198-1158306646-3350299682-1001: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\Andreas\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll [2013-05-22] (Amazon.com, Inc.)
FF Plugin HKU\S-1-5-21-3707818198-1158306646-3350299682-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\Andreas\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll [2013-05-22] (Amazon.com, Inc.)
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
FF HKU\S-1-5-21-3707818198-1158306646-3350299682-1001\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\l5lcxr82.default-1400781181936\extensions\cliqz@cliqz.com
FF HKU\S-1-5-21-3707818198-1158306646-3350299682-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\l5lcxr82.default-1400781181936\extensions\cliqz@cliqz.com

Chrome:
=======
CHR DefaultSearchKeyword: Default -> trovi.search
CHR Profile: C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-06-12]
CHR Extension: (Google Drive) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-12]
CHR Extension: (YouTube) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-12]
CHR Extension: (Google Search) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-06-12]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-04]
CHR Extension: (Google Wallet) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-27]
CHR Extension: (Gmail) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-12]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc7.exe [815920 2015-04-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [434424 2015-04-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [434424 2015-04-01] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe [1004280 2015-04-01] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)
R2 avmike; C:\Program Files\FRITZ!Fernzugang\avmike.exe [255904 2012-11-28] (AVM Berlin)
S3 BthHFSrv; C:\WINDOWS\System32\BthHFSrv.dll [250880 2014-10-29] (Microsoft Corporation)
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 CCDMonitorService; C:\Program Files\Acer\Acer Cloud\CCDMonitorService.exe [2449552 2012-10-25] (Acer Incorporated)
R2 certsrv; C:\Program Files\FRITZ!Fernzugang\certsrv.exe [122272 2012-11-28] (AVM Berlin)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX86\OfficeClickToRun.exe [1843896 2015-02-10] (Microsoft Corporation)
R2 DptfParticipantDisplayService; C:\WINDOWS\system32\DptfParticipantDisplayService.exe [103424 2012-10-16] (Intel Corporation)
R2 DptfParticipantProcessorService; C:\WINDOWS\system32\DptfParticipantProcessorService.exe [75776 2012-10-16] (Intel Corporation)
R2 DptfPolicyConfigTDPService; C:\Windows\system32\DptfPolicyConfigTDPService.exe [92672 2012-09-16] (Intel Corporation)
R2 DptfPolicyCriticalService; C:\WINDOWS\system32\DptfPolicyCriticalService.exe [68608 2012-10-16] (Intel Corporation)
S2 DptfPolicyLpmService; C:\WINDOWS\system32\DptfPolicyLpmService.exe [81920 2012-10-16] (Intel Corporation)
R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
R2 Garmin Device Interaction Service; C:\Program Files\Garmin\Device Interaction Service\GarminService.exe [708616 2015-04-08] (Garmin Ltd. or its subsidiaries)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
S3 Microsoft SharePoint Workspace Audit Service; D:\Program Files\Microsoft Office\Office14\GROOVE.EXE [30814400 2013-12-19] (Microsoft Corporation)
R2 NOBU; C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe [2952896 2012-08-15] (Symantec Corporation)
R2 NTI IScheduleSvc; C:\Program Files\NTI\Acer Backup Manager\IScheduleSvc.exe [259136 2012-10-31] (NTI Corporation)
R2 nwtsrv; C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe [155488 2013-06-10] (AVM Berlin)
S3 ScDeviceEnum; C:\WINDOWS\System32\ScDeviceEnum.dll [103936 2014-10-29] (Microsoft Corporation)
R2 UsbClientService; C:\Program Files\Synology\Assistant\UsbClientService.exe [248736 2014-02-25] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [284488 2015-02-04] (Microsoft Corporation)
S3 WEPHOSTSVC; C:\WINDOWS\system32\wephostsvc.dll [20992 2014-10-29] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [22200 2015-02-04] (Microsoft Corporation)
R2 WinVNC4; C:\Program Files\RealVNC\VNC4\WinVNC4.exe [439632 2008-10-15] (RealVNC Ltd.)
S3 workfolderssvc; C:\WINDOWS\system32\workfolderssvc.dll [1269248 2014-10-29] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [105864 2015-03-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [136216 2015-03-03] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [37352 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [37384 2015-03-03] (Avira Operations GmbH & Co. KG)
R1 BasicRender; C:\WINDOWS\System32\drivers\BasicRender.sys [25600 2014-02-22] (Microsoft Corporation)
R3 BcmGnssBus; C:\WINDOWS\System32\drivers\BcmGnssBus.sys [77384 2012-11-19] (Broadcom Corporation)
R3 BcmNfcIc; C:\WINDOWS\System32\drivers\BcmNfcIc.sys [62744 2013-03-29] (Broadcom Corporation.)
R3 BCMSDH43XX; C:\WINDOWS\system32\DRIVERS\bcmdhd63.sys [833816 2012-10-02] (Broadcom)
R3 BthLEEnum; C:\WINDOWS\System32\drivers\BthLEEnum.sys [186880 2013-12-04] (Microsoft Corporation)
R3 BthMini; C:\WINDOWS\System32\Drivers\BTHMINI.sys [23552 2014-10-29] (Microsoft Corporation)
S3 btwampfl; C:\WINDOWS\System32\drivers\btwampfl.sys [140152 2013-03-29] (Broadcom Corporation.)
R3 BtwSerialBus; C:\WINDOWS\System32\drivers\BtwSerialBus.sys [114968 2013-03-29] (Broadcom Corporation.)
R3 busenum; C:\WINDOWS\System32\drivers\busenum.sys [53728 2012-08-03] (Windows (R) Win 7 DDK provider)
R3 camera; C:\WINDOWS\system32\DRIVERS\camera.sys [189440 2012-11-20] (Intel Corporation)
R1 ccSet_NARA; C:\WINDOWS\system32\drivers\NARA\0401000.00E\ccSetx86.sys [134304 2012-05-26] (Symantec Corporation)
R0 ChaabiDriver; C:\WINDOWS\System32\drivers\ChaabiDriver.sys [72280 2012-11-19] (Intel Corporation)
R0 clvpep; C:\WINDOWS\System32\drivers\clvpep.sys [81648 2012-10-24] (Intel Corporation)
R3 DptfDevDisplay; C:\WINDOWS\System32\drivers\DptfDevDisplay.sys [43816 2012-10-16] (Intel Corporation)
R3 DptfDevGen; C:\WINDOWS\System32\drivers\DptfDevGen.sys [49448 2012-10-16] (Intel Corporation)
R3 DptfDevProc; C:\WINDOWS\System32\drivers\DptfDevProc.sys [68904 2012-10-16] (Intel Corporation)
R3 DptfManager; C:\WINDOWS\System32\drivers\DptfManager.sys [163112 2012-10-16] (Intel Corporation)
R1 dtsoftbus01; C:\WINDOWS\System32\drivers\dtsoftbus01.sys [243128 2014-05-13] (Disc Soft Ltd)
S3 FlashLed; C:\WINDOWS\System32\drivers\flashled.sys [27136 2012-09-18] (Intel Corporation)
S3 GPIO; C:\WINDOWS\System32\drivers\iaiogpio.sys [22016 2013-07-23] (Intel Corporation)
R3 GPIOCLV; C:\WINDOWS\System32\drivers\GPIOCLV.sys [22016 2012-09-21] (Intel Corporation)
R3 igdperf32; C:\WINDOWS\system32\DRIVERS\igdperf32.sys [4096 2013-11-14] ()
S3 imx175; C:\WINDOWS\System32\drivers\imx175.sys [53248 2012-09-18] (Intel Corporation)
R0 inteli2c; C:\WINDOWS\System32\drivers\inteli2c.sys [48880 2012-11-08] (Intel Corporation)
R3 IntelSST; C:\WINDOWS\system32\drivers\isstrtc.sys [236032 2012-11-23] (Intel(R) Corporation)
R0 Lm3554; C:\WINDOWS\System32\drivers\lm3554.sys [32768 2012-11-20] (Intel Corporation)
R0 LNWIPC; C:\WINDOWS\System32\drivers\LNWIPC.sys [25840 2012-09-21] (Intel Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-03-17] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [119512 2015-04-19] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [51928 2015-03-17] (Malwarebytes Corporation)
R0 MBI; C:\WINDOWS\System32\drivers\MBI.sys [16112 2012-08-22] (Intel Corporation)
R3 MSICReg; C:\WINDOWS\System32\drivers\MSICReg.sys [17408 2012-09-17] (Intel Corporation)
S3 mt9e013; C:\WINDOWS\System32\drivers\mt9e013.sys [49664 2012-09-18] (Intel Corporation)
R3 NWIM; C:\WINDOWS\system32\DRIVERS\avmnwim.sys [334712 2011-07-05] (AVM Berlin)
R3 ov2720; C:\WINDOWS\System32\drivers\ov2720.sys [35328 2012-11-20] (Intel Corporation)
R3 ov8830; C:\WINDOWS\System32\drivers\ov8830.sys [55808 2012-11-20] (Intel Corporation)
R3 rtii2sac; C:\WINDOWS\system32\DRIVERS\rtii2sac.sys [137800 2013-01-14] (Realtek Semiconductor Corp.)
R3 SensorsHIDClassDriver; C:\WINDOWS\System32\drivers\WUDFRd.sys [190976 2014-10-29] (Microsoft Corporation)
R3 SensorsServiceDriver; C:\WINDOWS\System32\drivers\WUDFRd.sys [190976 2014-10-29] (Microsoft Corporation)
R3 spi; C:\WINDOWS\System32\drivers\spi.sys [46592 2012-09-17] (Intel Corporation)
S1 ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [28520 2014-11-24] (Avira GmbH)
S3 ssti2c; C:\WINDOWS\System32\drivers\ssti2c.sys [10240 2012-09-26] (Intel(R) Corporation)
R3 Uart16550pc; C:\WINDOWS\System32\drivers\Uart16550pc.sys [40960 2012-10-05] (Intel Corporation)
S1 vflt; C:\WINDOWS\system32\DRIVERS\vfilter.sys [18944 2013-07-01] (Shrew Soft Inc) [File not signed]
S3 vnet; C:\WINDOWS\system32\DRIVERS\virtualnet.sys [13824 2013-07-01] (Shrew Soft Inc) [File not signed]
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [84800 2015-02-04] (Microsoft Corporation)
R3 wmbclass; C:\WINDOWS\System32\drivers\wmbclass.sys [224256 2013-11-01] (Microsoft Corporation)
R0 Wof; C:\WINDOWS\system32\Drivers\Wof.sys [138584 2014-03-13] (Microsoft Corporation)
R3 WUDFSensorLP; C:\WINDOWS\System32\drivers\WUDFRd.sys [190976 2014-10-29] (Microsoft Corporation)
R3 WUDFWpdMtp; C:\WINDOWS\System32\drivers\WUDFRd.sys [190976 2014-10-29] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-19 07:01 - 2015-04-19 07:01 - 00000000 ____D () C:\Users\Andreas\Downloads\FRST-OlderVersion
2015-04-18 21:41 - 2015-04-18 21:41 - 00852616 _____ () C:\Users\Andreas\Desktop\SecurityCheck.exe
2015-04-18 21:10 - 2015-04-18 21:10 - 00000000 ____D () C:\Program Files\ESET
2015-04-18 21:09 - 2015-04-18 21:09 - 02347384 _____ (ESET) C:\Users\Andreas\Downloads\esetsmartinstaller_deu.exe
2015-04-17 20:12 - 2015-04-17 20:12 - 00041759 _____ () C:\Users\Andreas\Desktop\FRST170415.txt
2015-04-17 20:08 - 2015-04-17 20:08 - 00000867 _____ () C:\Users\Andreas\Desktop\JRT.txt
2015-04-17 20:02 - 2015-04-17 20:02 - 02686254 _____ (Thisisu) C:\Users\Andreas\Downloads\JRT.exe
2015-04-17 19:56 - 2015-04-17 19:56 - 00001291 _____ () C:\Users\Andreas\Desktop\AdwCleaner[S3].txt
2015-04-17 18:03 - 2015-04-17 18:03 - 02217984 _____ () C:\Users\Andreas\Downloads\AdwCleaner_4.201 (1).exe
2015-04-17 17:49 - 2015-04-17 17:50 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Andreas\Downloads\mbam-setup-2.1.4.1018.exe
2015-04-16 19:13 - 2015-04-16 19:15 - 00035934 _____ () C:\Users\Andreas\Downloads\Addition.txt
2015-04-16 19:10 - 2015-04-19 07:02 - 00030762 _____ () C:\Users\Andreas\Downloads\FRST.txt
2015-04-16 19:10 - 2015-04-19 07:02 - 00000000 ____D () C:\FRST
2015-04-16 19:10 - 2015-04-19 07:01 - 01137664 _____ (Farbar) C:\Users\Andreas\Downloads\FRST.exe
2015-04-16 17:44 - 2015-04-16 17:44 - 02217984 _____ () C:\Users\Andreas\Downloads\adwcleaner_4.201.exe
2015-04-16 17:29 - 2015-04-16 17:29 - 00000000 ____D () C:\Program Files\Common Files\Java
2015-04-14 20:22 - 2015-01-06 04:19 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndproxy.sys
2015-04-14 20:22 - 2015-01-06 04:17 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
2015-04-14 20:22 - 2015-01-06 03:02 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascfg.dll
2015-04-14 19:54 - 2015-03-23 23:45 - 05782848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-04-14 19:54 - 2015-03-23 23:45 - 01468920 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-04-14 19:54 - 2015-03-23 23:45 - 00257216 _____ (Microsoft Corporation) C:\WINDOWS\system32\sechost.dll
2015-04-14 19:54 - 2015-03-20 05:25 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2015-04-14 19:54 - 2015-03-20 04:41 - 00369152 _____ (Microsoft Corporation) C:\WINDOWS\system32\tracerpt.exe
2015-04-14 19:54 - 2015-03-20 04:16 - 00749568 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2015-04-14 19:54 - 2015-03-13 05:42 - 19695616 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-04-14 19:53 - 2015-03-23 00:44 - 00202752 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-04-14 19:53 - 2015-03-23 00:07 - 00896000 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-04-14 19:53 - 2015-03-23 00:07 - 00859648 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-04-14 19:53 - 2015-03-23 00:07 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-04-14 19:53 - 2015-03-23 00:07 - 00576000 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-04-14 19:53 - 2015-03-23 00:07 - 00330752 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-04-14 19:53 - 2015-03-23 00:07 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-04-14 19:53 - 2015-03-14 10:40 - 00125472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-04-14 19:53 - 2015-03-14 03:14 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2015-04-14 19:53 - 2015-03-14 03:14 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-04-14 19:53 - 2015-03-14 03:11 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wu.upgrade.ps.dll
2015-04-14 19:53 - 2015-03-14 02:59 - 00183808 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2015-04-14 19:53 - 2015-03-14 02:03 - 03040768 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-04-14 19:53 - 2015-03-14 02:02 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-04-14 19:53 - 2015-03-14 02:02 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-04-14 19:53 - 2015-03-14 02:00 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2015-04-14 19:53 - 2015-03-14 01:59 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-04-14 19:53 - 2015-03-14 01:59 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-04-14 19:53 - 2015-03-14 01:59 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-04-14 19:53 - 2015-03-14 01:55 - 02309120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-04-14 19:53 - 2015-03-13 05:28 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-04-14 19:53 - 2015-03-13 05:22 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-04-14 19:53 - 2015-03-13 05:16 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-04-14 19:53 - 2015-03-13 04:50 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-04-14 19:53 - 2015-03-13 04:49 - 04305408 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-04-14 19:53 - 2015-03-13 04:44 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-04-14 19:53 - 2015-03-13 04:43 - 00685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-04-14 19:53 - 2015-03-13 04:37 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2015-04-14 19:53 - 2015-03-13 04:34 - 12825600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-04-14 19:53 - 2015-03-13 04:20 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-04-14 19:53 - 2015-03-13 04:16 - 01311232 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-04-14 19:53 - 2015-03-13 04:14 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-04-14 19:53 - 2015-02-24 10:20 - 00738112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2015-04-14 19:52 - 2015-02-21 01:24 - 00667648 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll
2015-04-14 19:51 - 2015-03-04 12:05 - 00279360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2015-04-14 19:51 - 2015-03-04 04:19 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\clfsw32.dll
2015-04-10 20:38 - 2015-04-10 20:38 - 00001880 _____ () C:\Users\Public\Desktop\Garmin Express.lnk
2015-04-10 20:38 - 2015-04-10 20:38 - 00000000 ____D () C:\Users\Default\AppData\Local\Garmin_Ltd._or_its_subsid
2015-04-10 20:38 - 2015-04-10 20:38 - 00000000 ____D () C:\Users\Default User\AppData\Local\Garmin_Ltd._or_its_subsid
2015-04-08 18:33 - 2015-04-18 21:08 - 00000000 ____D () C:\Users\Andreas\AppData\Roaming\Skype
2015-04-08 18:33 - 2015-04-12 18:45 - 00000000 ___RD () C:\Program Files\Skype
2015-04-08 18:33 - 2015-04-08 18:33 - 00002703 _____ () C:\Users\Public\Desktop\Skype.lnk
2015-04-08 18:33 - 2015-04-08 18:33 - 00000000 ____D () C:\Users\Andreas\AppData\Local\Skype
2015-04-08 18:33 - 2015-04-08 18:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-04-08 18:33 - 2015-04-08 18:33 - 00000000 ____D () C:\Program Files\Common Files\Skype
2015-04-08 18:32 - 2015-04-12 18:45 - 00000000 ____D () C:\ProgramData\Skype
2015-04-08 18:31 - 2015-04-08 18:31 - 00001137 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-04-08 18:31 - 2015-04-08 18:31 - 00001125 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-04-08 18:31 - 2015-04-08 18:31 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-04-08 18:31 - 2015-03-14 10:13 - 01124352 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2015-04-06 14:42 - 2015-04-06 14:42 - 00000000 ___SD () C:\WINDOWS\system32\GWX
2015-04-06 13:35 - 2015-04-19 03:13 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-04-06 13:35 - 2015-04-17 17:51 - 00001080 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-04-06 13:35 - 2015-04-17 17:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-06 13:35 - 2015-04-17 17:51 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-04-06 13:35 - 2015-03-17 06:15 - 00092888 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-04-06 13:35 - 2015-03-17 06:15 - 00051928 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-04-06 13:35 - 2015-03-17 06:15 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-04-05 14:09 - 2015-04-05 14:09 - 00000207 _____ () C:\WINDOWS\tweaking.com-regbackup-TABLET-Windows-8.1-Pro-(32-bit).dat
2015-04-05 14:09 - 2015-04-05 14:09 - 00000000 ____D () C:\RegBackup
2015-04-05 14:03 - 2015-04-06 14:11 - 00000000 ____D () C:\Program Files\VS Revo Group
2015-04-05 14:03 - 2015-04-05 14:03 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Andreas\Downloads\revosetup95.exe
2015-04-04 21:50 - 2015-04-04 21:50 - 00000000 ____D () C:\Program Files\AVG
2015-04-04 21:48 - 2015-04-04 21:48 - 04464656 _____ (AVG Technologies) C:\TRANSLATE
2015-04-04 21:47 - 2015-04-06 14:03 - 00000000 ____D () C:\ProgramData\MFAData
2015-04-04 21:47 - 2015-04-04 21:47 - 00000000 ____D () C:\Users\Andreas\AppData\Local\MFAData
2015-04-04 21:15 - 2015-04-17 19:46 - 00000000 ____D () C:\AdwCleaner
2015-04-04 20:56 - 2015-04-17 20:07 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-04-02 22:45 - 2015-04-18 22:45 - 00001010 _____ () C:\WINDOWS\Tasks\N6Iytlgw.job
2015-04-02 22:45 - 2015-04-18 22:45 - 00001008 _____ () C:\WINDOWS\Tasks\DXPAJlb.job
2015-04-01 17:06 - 2015-04-01 17:06 - 00243576 _____ () C:\Users\Andreas\Downloads\Firefox Setup Stub 37.0.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-19 07:02 - 2013-08-22 10:17 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-04-19 06:53 - 2014-02-06 22:46 - 00000000 ____D () C:\Users\Andreas\AppData\Roaming\ClassicShell
2015-04-19 06:18 - 2013-08-22 10:17 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2015-04-19 06:07 - 2013-12-25 11:11 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-04-19 04:09 - 2013-06-12 14:39 - 00001116 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-19 01:24 - 2014-05-21 22:30 - 01213946 _____ () C:\WINDOWS\WindowsUpdate.log
2015-04-18 23:42 - 2013-08-22 10:17 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-04-18 21:10 - 2013-10-17 19:22 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-04-18 21:06 - 2013-10-17 19:37 - 00000000 ___DO () C:\Users\Andreas\SkyDrive
2015-04-18 21:03 - 2014-05-29 21:29 - 00024108 _____ () C:\WINDOWS\setupact.log
2015-04-18 21:03 - 2013-08-22 09:23 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-04-18 21:03 - 2013-08-22 08:13 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-04-17 02:17 - 2013-06-12 14:40 - 00002145 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-16 17:30 - 2015-02-05 17:56 - 00000000 ____D () C:\ProgramData\Oracle
2015-04-16 17:29 - 2015-02-05 17:56 - 00000000 ____D () C:\Program Files\Java
2015-04-16 17:29 - 2014-01-03 17:49 - 00000000 ____D () C:\Users\Andreas\AppData\Roaming\gsak
2015-04-16 17:28 - 2015-02-05 17:57 - 00096680 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2015-04-16 17:26 - 2014-01-08 19:20 - 00000000 ____D () C:\Program Files\gsak
2015-04-16 17:19 - 2012-07-26 08:43 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-04-15 20:37 - 2014-02-13 21:09 - 00000000 ____D () C:\Users\Nicole\AppData\Roaming\ClassicShell
2015-04-14 23:03 - 2013-08-22 10:17 - 00000000 ____D () C:\WINDOWS\AppCompat
2015-04-14 23:02 - 2013-08-22 10:17 - 00000000 ____D () C:\WINDOWS\rescache
2015-04-14 22:01 - 2014-05-20 22:55 - 00000000 __RDO () C:\Users\Nicole\OneDrive
2015-04-14 21:03 - 2014-12-09 22:03 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2015-04-14 21:03 - 2014-07-08 19:43 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2015-04-14 21:03 - 2013-08-22 10:17 - 00000000 ____D () C:\WINDOWS\system32\de-DE
2015-04-14 20:24 - 2013-06-12 17:35 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-14 20:11 - 2013-07-19 03:00 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-04-14 19:57 - 2013-06-12 13:53 - 125832184 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-04-14 01:24 - 2014-08-12 22:31 - 00792056 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-04-14 01:24 - 2014-08-12 22:31 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-04-10 20:38 - 2014-04-26 13:13 - 00000000 ____D () C:\ProgramData\Garmin
2015-04-10 20:38 - 2014-04-26 13:12 - 00000000 ____D () C:\ProgramData\Package Cache
2015-04-10 20:38 - 2013-06-12 15:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2015-04-10 20:37 - 2013-06-12 15:02 - 00000000 ____D () C:\Program Files\Garmin
2015-04-10 20:33 - 2015-01-04 20:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-04-10 20:33 - 2015-01-04 20:38 - 00000000 ____D () C:\Program Files\Avira
2015-04-08 15:40 - 2013-10-17 19:06 - 00000000 ____D () C:\Users\Andreas
2015-04-06 14:13 - 2014-05-21 23:14 - 00466588 _____ () C:\WINDOWS\PFRO.log
2015-04-06 14:09 - 2013-08-22 10:17 - 00000000 ____D () C:\WINDOWS\Web
2015-04-06 14:03 - 2012-07-26 08:53 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
2015-04-05 21:29 - 2015-02-01 23:35 - 00000000 ____D () C:\Users\Nicole\AppData\Roaming\Avira
2015-04-04 22:00 - 2013-08-22 08:13 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-04-04 21:52 - 2013-06-12 15:24 - 00000000 ____D () C:\Users\Andreas\AppData\Roaming\TuneUp Software
2015-04-01 12:52 - 2015-01-04 20:49 - 00000000 ____D () C:\Users\Andreas\AppData\Roaming\Avira
2015-04-01 12:50 - 2015-01-04 20:38 - 00000000 ____D () C:\ProgramData\Avira
2015-03-29 22:22 - 2013-10-17 19:06 - 00000000 ____D () C:\Users\Administrator
2015-03-29 20:29 - 2013-10-17 19:06 - 00000000 ____D () C:\Users\Nicole
2015-03-21 16:11 - 2013-08-22 10:17 - 00000000 ____D () C:\WINDOWS\LiveKernelReports

==================== Files in the root of some directories =======

2014-10-01 22:20 - 2014-09-23 20:17 - 0000034 _____ () C:\Users\Andreas\AppData\Roaming\pdfdrawcodec.dll
2014-03-17 20:26 - 2014-05-21 19:27 - 0000039 _____ () C:\Users\Andreas\AppData\Roaming\WB.CFG
2014-03-08 22:30 - 2014-03-08 22:30 - 0000218 _____ () C:\Users\Andreas\AppData\Local\recently-used.xbel
2013-10-10 12:33 - 2013-10-10 12:33 - 0000036 ___SH () C:\ProgramData\Shrew Soft VPN.dat

Files to move or delete:
====================
C:\ProgramData\Shrew Soft VPN.dat


Some content of TEMP:
====================
C:\Users\Andreas\AppData\Local\Temp\avgnt.exe
C:\Users\Andreas\AppData\Local\Temp\AVG_AV_Setup.exe
C:\Users\Andreas\AppData\Local\Temp\jre-8u45-windows-au.exe
C:\Users\Andreas\AppData\Local\Temp\Quarantine.exe
C:\Users\Andreas\AppData\Local\Temp\sqlite3.dll
C:\Users\Nicole\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-19 00:52

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

--- --- ---


FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-04-2015
Ran by Andreas (administrator) on TABLET on 19-04-2015 07:02:05
Running from C:\Users\Andreas\Downloads
Loaded Profiles: Andreas &  (Available profiles: Andreas & Nicole & Administrator)
Platform: Microsoft Windows 8.1 Pro (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forum

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\avmike.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Cloud\CCDMonitorService.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\certsrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX86\officeclicktorun.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantDisplayService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyConfigTDPService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe
(Garmin Ltd. or its subsidiaries) C:\Program Files\Garmin\Device Interaction Service\GarminService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
() C:\Program Files\Atmel\HIDMonitor\HidMonitor.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe
(NTI Corporation) C:\Program Files\NTI\Acer Backup Manager\IScheduleSvc.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe
() C:\Program Files\Synology\Assistant\UsbClientService.exe
(RealVNC Ltd.) C:\Program Files\RealVNC\VNC4\winvnc4.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x86__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\RuntimeBroker.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Symantec Corporation) C:\Program Files\Symantec\Norton Online Backup\NOBuClient.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
() C:\Users\Andreas\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(NTI Corporation) C:\Program Files\NTI\Acer Backup Manager\BackupManagerTray.exe
(T-Com) C:\Program Files\T-Home\Eumex 800 V1.30\ControlCenter.exe
(MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
() C:\Users\Andreas\Desktop\SecurityCheck.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\WINDOWS\system32\DptfPolicyLpmServiceHelper.exe [73216 2012-10-16] (Intel Corporation)
HKLM\...\Run: [Norton Online Backup] => C:\Program Files\Symantec\Norton Online Backup\NOBuClient.exe [2304192 2012-08-15] (Symantec Corporation)
HKLM\...\Run: [BCSSync] => D:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [150208 2014-01-18] (IvoSoft)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [726320 2015-04-01] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\tray.exe [1010008 2015-04-08] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
HKU\S-1-5-21-3707818198-1158306646-3350299682-1001\...\Run: [AmazonMP3DownloaderHelper] => C:\Users\Andreas\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()
HKU\S-1-5-21-3707818198-1158306646-3350299682-1001\...\Run: [GarminExpressTrayApp] => "C:\Program Files\Garmin\Express Tray\ExpressTray.exe"
HKU\S-1-5-21-3707818198-1158306646-3350299682-1001\...\Run: [DAEMON Tools Lite] => D:\Program Files\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-3707818198-1158306646-3350299682-1001\...\Run: [GoogleChromeAutoLaunch_46A172103AF55F16E10754CCD32BD34E] => C:\Program Files\Google\Chrome\Application\chrome.exe [812872 2015-04-13] (Google Inc.)
HKU\S-1-5-21-3707818198-1158306646-3350299682-1001\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [31682144 2015-03-25] (Skype Technologies S.A.)
HKU\S-1-5-21-3707818198-1158306646-3350299682-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [120832 2014-10-29] (Microsoft Corporation)
HKU\S-1-5-21-3707818198-1158306646-3350299682-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [AmazonMP3DownloaderHelper] => C:\Users\Andreas\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()
HKU\S-1-5-21-3707818198-1158306646-3350299682-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GarminExpressTrayApp] => "C:\Program Files\Garmin\Express Tray\ExpressTray.exe"
HKU\S-1-5-21-3707818198-1158306646-3350299682-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [DAEMON Tools Lite] => D:\Program Files\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-3707818198-1158306646-3350299682-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleChromeAutoLaunch_46A172103AF55F16E10754CCD32BD34E] => C:\Program Files\Google\Chrome\Application\chrome.exe [812872 2015-04-13] (Google Inc.)
HKU\S-1-5-21-3707818198-1158306646-3350299682-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [31682144 2015-03-25] (Skype Technologies S.A.)
HKU\S-1-5-21-3707818198-1158306646-3350299682-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [120832 2014-10-29] (Microsoft Corporation)
HKU\S-1-5-21-3707818198-1158306646-3350299682-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [514560 2014-10-29] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\tray.exe [1010008 2015-04-08] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer Backup Manager Tray.lnk
ShortcutTarget: Acer Backup Manager Tray.lnk -> C:\Program Files\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ControlCenter.lnk
ShortcutTarget: ControlCenter.lnk -> C:\Program Files\T-Home\Eumex 800 V1.30\ControlCenter.exe (T-Com)
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3707818198-1158306646-3350299682-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland ? mit Hotmail Nachfolger Outlook und Messenger Skype
HKU\S-1-5-21-3707818198-1158306646-3350299682-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland ? mit Hotmail Nachfolger Outlook und Messenger Skype
HKU\S-1-5-21-3707818198-1158306646-3350299682-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = Google
HKU\S-1-5-21-3707818198-1158306646-3350299682-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland ? mit Hotmail Nachfolger Outlook und Messenger Skype
HKU\S-1-5-21-3707818198-1158306646-3350299682-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland ? mit Hotmail Nachfolger Outlook und Messenger Skype
HKU\S-1-5-21-3707818198-1158306646-3350299682-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland ? mit Hotmail Nachfolger Outlook und Messenger Skype
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3707818198-1158306646-3350299682-1001 -> URL hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3281675&CUI=UN31333608712089811&UM=2&UP=SP97993911-785C-4393-A841-6C859136AE0D&SSPV=
SearchScopes: HKU\S-1-5-21-3707818198-1158306646-3350299682-1001 -> SuggestionsURL_JSON hxxp://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
SearchScopes: HKU\S-1-5-21-3707818198-1158306646-3350299682-1001 -> {E1C55331-E312-4921-BDC8-B6CA412C6562} URL =
SearchScopes: HKU\S-1-5-21-3707818198-1158306646-3350299682-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> URL hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3281675&CUI=UN31333608712089811&UM=2&UP=SP97993911-785C-4393-A841-6C859136AE0D&SSPV=
SearchScopes: HKU\S-1-5-21-3707818198-1158306646-3350299682-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> SuggestionsURL_JSON hxxp://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
SearchScopes: HKU\S-1-5-21-3707818198-1158306646-3350299682-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {E1C55331-E312-4921-BDC8-B6CA412C6562} URL =
SearchScopes: HKU\S-1-5-21-3707818198-1158306646-3350299682-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {E1C55331-E312-4921-BDC8-B6CA412C6562} URL =
SearchScopes: HKU\S-1-5-21-3707818198-1158306646-3350299682-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {E1C55331-E312-4921-BDC8-B6CA412C6562} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-01-18] (IvoSoft)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> D:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-04-16] (Oracle Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-02] (Google Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> D:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-02-10] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-16] (Oracle Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2014-01-18] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-01-18] (IvoSoft)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-02] (Google Inc.)
DPF: {960DC750-7447-4CDE-BF1C-FB33F9129654} https://192.168.178.25:5002/webman/3rdparty/SurveillanceStation/object/SSObject3.cab?6.0-2713
DPF: {A4150320-98EC-4DB6-9BFB-EBF4B6FBEB16} hxxp://192.168.178.24/codebase/DVM_IPCam2.ocx
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{A72342F1-4DF7-4C19-8FFB-C0C5071581E4}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1

FireFox:
========
FF ProfilePath: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\q9e0slz6.default-1429198790779
FF Homepage: google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-14] ()
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll [2013-10-09] (GARMIN Corp.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-16] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-16] (Oracle Corporation)
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2014-06-22] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> D:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-06-22] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-02] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-02] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-02-05] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-02-05] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin: synology.com/SurveillanceHelper -> C:\Program Files\Synology\SurveillanceHelper\1.0.0.3\npSurveillanceHelper.dll [2013-11-11] (Synology)
FF Plugin: synology.com/SurveillancePlugin -> C:\Program Files\Synology\SurveillancePlugin\1.0.0.423\npSurveillancePlugin.dll [2014-08-04] (Synology)
FF Plugin HKU\S-1-5-21-3707818198-1158306646-3350299682-1001: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\Andreas\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll [2013-05-22] (Amazon.com, Inc.)
FF Plugin HKU\S-1-5-21-3707818198-1158306646-3350299682-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\Andreas\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll [2013-05-22] (Amazon.com, Inc.)
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
FF HKU\S-1-5-21-3707818198-1158306646-3350299682-1001\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\l5lcxr82.default-1400781181936\extensions\cliqz@cliqz.com
FF HKU\S-1-5-21-3707818198-1158306646-3350299682-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\l5lcxr82.default-1400781181936\extensions\cliqz@cliqz.com

Chrome:
=======
CHR DefaultSearchKeyword: Default -> trovi.search
CHR Profile: C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-06-12]
CHR Extension: (Google Drive) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-12]
CHR Extension: (YouTube) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-12]
CHR Extension: (Google Search) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-06-12]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-04]
CHR Extension: (Google Wallet) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-27]
CHR Extension: (Gmail) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-12]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc7.exe [815920 2015-04-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [434424 2015-04-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [434424 2015-04-01] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe [1004280 2015-04-01] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)
R2 avmike; C:\Program Files\FRITZ!Fernzugang\avmike.exe [255904 2012-11-28] (AVM Berlin)
S3 BthHFSrv; C:\WINDOWS\System32\BthHFSrv.dll [250880 2014-10-29] (Microsoft Corporation)
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 CCDMonitorService; C:\Program Files\Acer\Acer Cloud\CCDMonitorService.exe [2449552 2012-10-25] (Acer Incorporated)
R2 certsrv; C:\Program Files\FRITZ!Fernzugang\certsrv.exe [122272 2012-11-28] (AVM Berlin)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX86\OfficeClickToRun.exe [1843896 2015-02-10] (Microsoft Corporation)
R2 DptfParticipantDisplayService; C:\WINDOWS\system32\DptfParticipantDisplayService.exe [103424 2012-10-16] (Intel Corporation)
R2 DptfParticipantProcessorService; C:\WINDOWS\system32\DptfParticipantProcessorService.exe [75776 2012-10-16] (Intel Corporation)
R2 DptfPolicyConfigTDPService; C:\Windows\system32\DptfPolicyConfigTDPService.exe [92672 2012-09-16] (Intel Corporation)
R2 DptfPolicyCriticalService; C:\WINDOWS\system32\DptfPolicyCriticalService.exe [68608 2012-10-16] (Intel Corporation)
S2 DptfPolicyLpmService; C:\WINDOWS\system32\DptfPolicyLpmService.exe [81920 2012-10-16] (Intel Corporation)
R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
R2 Garmin Device Interaction Service; C:\Program Files\Garmin\Device Interaction Service\GarminService.exe [708616 2015-04-08] (Garmin Ltd. or its subsidiaries)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
S3 Microsoft SharePoint Workspace Audit Service; D:\Program Files\Microsoft Office\Office14\GROOVE.EXE [30814400 2013-12-19] (Microsoft Corporation)
R2 NOBU; C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe [2952896 2012-08-15] (Symantec Corporation)
R2 NTI IScheduleSvc; C:\Program Files\NTI\Acer Backup Manager\IScheduleSvc.exe [259136 2012-10-31] (NTI Corporation)
R2 nwtsrv; C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe [155488 2013-06-10] (AVM Berlin)
S3 ScDeviceEnum; C:\WINDOWS\System32\ScDeviceEnum.dll [103936 2014-10-29] (Microsoft Corporation)
R2 UsbClientService; C:\Program Files\Synology\Assistant\UsbClientService.exe [248736 2014-02-25] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [284488 2015-02-04] (Microsoft Corporation)
S3 WEPHOSTSVC; C:\WINDOWS\system32\wephostsvc.dll [20992 2014-10-29] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [22200 2015-02-04] (Microsoft Corporation)
R2 WinVNC4; C:\Program Files\RealVNC\VNC4\WinVNC4.exe [439632 2008-10-15] (RealVNC Ltd.)
S3 workfolderssvc; C:\WINDOWS\system32\workfolderssvc.dll [1269248 2014-10-29] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [105864 2015-03-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [136216 2015-03-03] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [37352 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [37384 2015-03-03] (Avira Operations GmbH & Co. KG)
R1 BasicRender; C:\WINDOWS\System32\drivers\BasicRender.sys [25600 2014-02-22] (Microsoft Corporation)
R3 BcmGnssBus; C:\WINDOWS\System32\drivers\BcmGnssBus.sys [77384 2012-11-19] (Broadcom Corporation)
R3 BcmNfcIc; C:\WINDOWS\System32\drivers\BcmNfcIc.sys [62744 2013-03-29] (Broadcom Corporation.)
R3 BCMSDH43XX; C:\WINDOWS\system32\DRIVERS\bcmdhd63.sys [833816 2012-10-02] (Broadcom)
R3 BthLEEnum; C:\WINDOWS\System32\drivers\BthLEEnum.sys [186880 2013-12-04] (Microsoft Corporation)
R3 BthMini; C:\WINDOWS\System32\Drivers\BTHMINI.sys [23552 2014-10-29] (Microsoft Corporation)
S3 btwampfl; C:\WINDOWS\System32\drivers\btwampfl.sys [140152 2013-03-29] (Broadcom Corporation.)
R3 BtwSerialBus; C:\WINDOWS\System32\drivers\BtwSerialBus.sys [114968 2013-03-29] (Broadcom Corporation.)
R3 busenum; C:\WINDOWS\System32\drivers\busenum.sys [53728 2012-08-03] (Windows (R) Win 7 DDK provider)
R3 camera; C:\WINDOWS\system32\DRIVERS\camera.sys [189440 2012-11-20] (Intel Corporation)
R1 ccSet_NARA; C:\WINDOWS\system32\drivers\NARA\0401000.00E\ccSetx86.sys [134304 2012-05-26] (Symantec Corporation)
R0 ChaabiDriver; C:\WINDOWS\System32\drivers\ChaabiDriver.sys [72280 2012-11-19] (Intel Corporation)
R0 clvpep; C:\WINDOWS\System32\drivers\clvpep.sys [81648 2012-10-24] (Intel Corporation)
R3 DptfDevDisplay; C:\WINDOWS\System32\drivers\DptfDevDisplay.sys [43816 2012-10-16] (Intel Corporation)
R3 DptfDevGen; C:\WINDOWS\System32\drivers\DptfDevGen.sys [49448 2012-10-16] (Intel Corporation)
R3 DptfDevProc; C:\WINDOWS\System32\drivers\DptfDevProc.sys [68904 2012-10-16] (Intel Corporation)
R3 DptfManager; C:\WINDOWS\System32\drivers\DptfManager.sys [163112 2012-10-16] (Intel Corporation)
R1 dtsoftbus01; C:\WINDOWS\System32\drivers\dtsoftbus01.sys [243128 2014-05-13] (Disc Soft Ltd)
S3 FlashLed; C:\WINDOWS\System32\drivers\flashled.sys [27136 2012-09-18] (Intel Corporation)
S3 GPIO; C:\WINDOWS\System32\drivers\iaiogpio.sys [22016 2013-07-23] (Intel Corporation)
R3 GPIOCLV; C:\WINDOWS\System32\drivers\GPIOCLV.sys [22016 2012-09-21] (Intel Corporation)
R3 igdperf32; C:\WINDOWS\system32\DRIVERS\igdperf32.sys [4096 2013-11-14] ()
S3 imx175; C:\WINDOWS\System32\drivers\imx175.sys [53248 2012-09-18] (Intel Corporation)
R0 inteli2c; C:\WINDOWS\System32\drivers\inteli2c.sys [48880 2012-11-08] (Intel Corporation)
R3 IntelSST; C:\WINDOWS\system32\drivers\isstrtc.sys [236032 2012-11-23] (Intel(R) Corporation)
R0 Lm3554; C:\WINDOWS\System32\drivers\lm3554.sys [32768 2012-11-20] (Intel Corporation)
R0 LNWIPC; C:\WINDOWS\System32\drivers\LNWIPC.sys [25840 2012-09-21] (Intel Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-03-17] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [119512 2015-04-19] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [51928 2015-03-17] (Malwarebytes Corporation)
R0 MBI; C:\WINDOWS\System32\drivers\MBI.sys [16112 2012-08-22] (Intel Corporation)
R3 MSICReg; C:\WINDOWS\System32\drivers\MSICReg.sys [17408 2012-09-17] (Intel Corporation)
S3 mt9e013; C:\WINDOWS\System32\drivers\mt9e013.sys [49664 2012-09-18] (Intel Corporation)
R3 NWIM; C:\WINDOWS\system32\DRIVERS\avmnwim.sys [334712 2011-07-05] (AVM Berlin)
R3 ov2720; C:\WINDOWS\System32\drivers\ov2720.sys [35328 2012-11-20] (Intel Corporation)
R3 ov8830; C:\WINDOWS\System32\drivers\ov8830.sys [55808 2012-11-20] (Intel Corporation)
R3 rtii2sac; C:\WINDOWS\system32\DRIVERS\rtii2sac.sys [137800 2013-01-14] (Realtek Semiconductor Corp.)
R3 SensorsHIDClassDriver; C:\WINDOWS\System32\drivers\WUDFRd.sys [190976 2014-10-29] (Microsoft Corporation)
R3 SensorsServiceDriver; C:\WINDOWS\System32\drivers\WUDFRd.sys [190976 2014-10-29] (Microsoft Corporation)
R3 spi; C:\WINDOWS\System32\drivers\spi.sys [46592 2012-09-17] (Intel Corporation)
S1 ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [28520 2014-11-24] (Avira GmbH)
S3 ssti2c; C:\WINDOWS\System32\drivers\ssti2c.sys [10240 2012-09-26] (Intel(R) Corporation)
R3 Uart16550pc; C:\WINDOWS\System32\drivers\Uart16550pc.sys [40960 2012-10-05] (Intel Corporation)
S1 vflt; C:\WINDOWS\system32\DRIVERS\vfilter.sys [18944 2013-07-01] (Shrew Soft Inc) [File not signed]
S3 vnet; C:\WINDOWS\system32\DRIVERS\virtualnet.sys [13824 2013-07-01] (Shrew Soft Inc) [File not signed]
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [84800 2015-02-04] (Microsoft Corporation)
R3 wmbclass; C:\WINDOWS\System32\drivers\wmbclass.sys [224256 2013-11-01] (Microsoft Corporation)
R0 Wof; C:\WINDOWS\system32\Drivers\Wof.sys [138584 2014-03-13] (Microsoft Corporation)
R3 WUDFSensorLP; C:\WINDOWS\System32\drivers\WUDFRd.sys [190976 2014-10-29] (Microsoft Corporation)
R3 WUDFWpdMtp; C:\WINDOWS\System32\drivers\WUDFRd.sys [190976 2014-10-29] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-19 07:01 - 2015-04-19 07:01 - 00000000 ____D () C:\Users\Andreas\Downloads\FRST-OlderVersion
2015-04-18 21:41 - 2015-04-18 21:41 - 00852616 _____ () C:\Users\Andreas\Desktop\SecurityCheck.exe
2015-04-18 21:10 - 2015-04-18 21:10 - 00000000 ____D () C:\Program Files\ESET
2015-04-18 21:09 - 2015-04-18 21:09 - 02347384 _____ (ESET) C:\Users\Andreas\Downloads\esetsmartinstaller_deu.exe
2015-04-17 20:12 - 2015-04-17 20:12 - 00041759 _____ () C:\Users\Andreas\Desktop\FRST170415.txt
2015-04-17 20:08 - 2015-04-17 20:08 - 00000867 _____ () C:\Users\Andreas\Desktop\JRT.txt
2015-04-17 20:02 - 2015-04-17 20:02 - 02686254 _____ (Thisisu) C:\Users\Andreas\Downloads\JRT.exe
2015-04-17 19:56 - 2015-04-17 19:56 - 00001291 _____ () C:\Users\Andreas\Desktop\AdwCleaner[S3].txt
2015-04-17 18:03 - 2015-04-17 18:03 - 02217984 _____ () C:\Users\Andreas\Downloads\AdwCleaner_4.201 (1).exe
2015-04-17 17:49 - 2015-04-17 17:50 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Andreas\Downloads\mbam-setup-2.1.4.1018.exe
2015-04-16 19:13 - 2015-04-16 19:15 - 00035934 _____ () C:\Users\Andreas\Downloads\Addition.txt
2015-04-16 19:10 - 2015-04-19 07:02 - 00030762 _____ () C:\Users\Andreas\Downloads\FRST.txt
2015-04-16 19:10 - 2015-04-19 07:02 - 00000000 ____D () C:\FRST
2015-04-16 19:10 - 2015-04-19 07:01 - 01137664 _____ (Farbar) C:\Users\Andreas\Downloads\FRST.exe
2015-04-16 17:44 - 2015-04-16 17:44 - 02217984 _____ () C:\Users\Andreas\Downloads\adwcleaner_4.201.exe
2015-04-16 17:29 - 2015-04-16 17:29 - 00000000 ____D () C:\Program Files\Common Files\Java
2015-04-14 20:22 - 2015-01-06 04:19 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndproxy.sys
2015-04-14 20:22 - 2015-01-06 04:17 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
2015-04-14 20:22 - 2015-01-06 03:02 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascfg.dll
2015-04-14 19:54 - 2015-03-23 23:45 - 05782848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-04-14 19:54 - 2015-03-23 23:45 - 01468920 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-04-14 19:54 - 2015-03-23 23:45 - 00257216 _____ (Microsoft Corporation) C:\WINDOWS\system32\sechost.dll
2015-04-14 19:54 - 2015-03-20 05:25 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2015-04-14 19:54 - 2015-03-20 04:41 - 00369152 _____ (Microsoft Corporation) C:\WINDOWS\system32\tracerpt.exe
2015-04-14 19:54 - 2015-03-20 04:16 - 00749568 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2015-04-14 19:54 - 2015-03-13 05:42 - 19695616 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-04-14 19:53 - 2015-03-23 00:44 - 00202752 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-04-14 19:53 - 2015-03-23 00:07 - 00896000 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-04-14 19:53 - 2015-03-23 00:07 - 00859648 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-04-14 19:53 - 2015-03-23 00:07 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-04-14 19:53 - 2015-03-23 00:07 - 00576000 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-04-14 19:53 - 2015-03-23 00:07 - 00330752 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-04-14 19:53 - 2015-03-23 00:07 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-04-14 19:53 - 2015-03-14 10:40 - 00125472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-04-14 19:53 - 2015-03-14 03:14 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2015-04-14 19:53 - 2015-03-14 03:14 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-04-14 19:53 - 2015-03-14 03:11 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wu.upgrade.ps.dll
2015-04-14 19:53 - 2015-03-14 02:59 - 00183808 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2015-04-14 19:53 - 2015-03-14 02:03 - 03040768 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-04-14 19:53 - 2015-03-14 02:02 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-04-14 19:53 - 2015-03-14 02:02 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-04-14 19:53 - 2015-03-14 02:00 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2015-04-14 19:53 - 2015-03-14 01:59 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-04-14 19:53 - 2015-03-14 01:59 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-04-14 19:53 - 2015-03-14 01:59 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-04-14 19:53 - 2015-03-14 01:55 - 02309120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-04-14 19:53 - 2015-03-13 05:28 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-04-14 19:53 - 2015-03-13 05:22 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-04-14 19:53 - 2015-03-13 05:16 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-04-14 19:53 - 2015-03-13 04:50 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-04-14 19:53 - 2015-03-13 04:49 - 04305408 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-04-14 19:53 - 2015-03-13 04:44 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-04-14 19:53 - 2015-03-13 04:43 - 00685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-04-14 19:53 - 2015-03-13 04:37 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2015-04-14 19:53 - 2015-03-13 04:34 - 12825600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-04-14 19:53 - 2015-03-13 04:20 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-04-14 19:53 - 2015-03-13 04:16 - 01311232 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-04-14 19:53 - 2015-03-13 04:14 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-04-14 19:53 - 2015-02-24 10:20 - 00738112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2015-04-14 19:52 - 2015-02-21 01:24 - 00667648 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll
2015-04-14 19:51 - 2015-03-04 12:05 - 00279360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2015-04-14 19:51 - 2015-03-04 04:19 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\clfsw32.dll
2015-04-10 20:38 - 2015-04-10 20:38 - 00001880 _____ () C:\Users\Public\Desktop\Garmin Express.lnk
2015-04-10 20:38 - 2015-04-10 20:38 - 00000000 ____D () C:\Users\Default\AppData\Local\Garmin_Ltd._or_its_subsid
2015-04-10 20:38 - 2015-04-10 20:38 - 00000000 ____D () C:\Users\Default User\AppData\Local\Garmin_Ltd._or_its_subsid
2015-04-08 18:33 - 2015-04-18 21:08 - 00000000 ____D () C:\Users\Andreas\AppData\Roaming\Skype
2015-04-08 18:33 - 2015-04-12 18:45 - 00000000 ___RD () C:\Program Files\Skype
2015-04-08 18:33 - 2015-04-08 18:33 - 00002703 _____ () C:\Users\Public\Desktop\Skype.lnk
2015-04-08 18:33 - 2015-04-08 18:33 - 00000000 ____D () C:\Users\Andreas\AppData\Local\Skype
2015-04-08 18:33 - 2015-04-08 18:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-04-08 18:33 - 2015-04-08 18:33 - 00000000 ____D () C:\Program Files\Common Files\Skype
2015-04-08 18:32 - 2015-04-12 18:45 - 00000000 ____D () C:\ProgramData\Skype
2015-04-08 18:31 - 2015-04-08 18:31 - 00001137 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-04-08 18:31 - 2015-04-08 18:31 - 00001125 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-04-08 18:31 - 2015-04-08 18:31 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-04-08 18:31 - 2015-03-14 10:13 - 01124352 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2015-04-06 14:42 - 2015-04-06 14:42 - 00000000 ___SD () C:\WINDOWS\system32\GWX
2015-04-06 13:35 - 2015-04-19 03:13 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-04-06 13:35 - 2015-04-17 17:51 - 00001080 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-04-06 13:35 - 2015-04-17 17:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-06 13:35 - 2015-04-17 17:51 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-04-06 13:35 - 2015-03-17 06:15 - 00092888 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-04-06 13:35 - 2015-03-17 06:15 - 00051928 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-04-06 13:35 - 2015-03-17 06:15 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-04-05 14:09 - 2015-04-05 14:09 - 00000207 _____ () C:\WINDOWS\tweaking.com-regbackup-TABLET-Windows-8.1-Pro-(32-bit).dat
2015-04-05 14:09 - 2015-04-05 14:09 - 00000000 ____D () C:\RegBackup
2015-04-05 14:03 - 2015-04-06 14:11 - 00000000 ____D () C:\Program Files\VS Revo Group
2015-04-05 14:03 - 2015-04-05 14:03 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Andreas\Downloads\revosetup95.exe
2015-04-04 21:50 - 2015-04-04 21:50 - 00000000 ____D () C:\Program Files\AVG
2015-04-04 21:48 - 2015-04-04 21:48 - 04464656 _____ (AVG Technologies) C:\TRANSLATE
2015-04-04 21:47 - 2015-04-06 14:03 - 00000000 ____D () C:\ProgramData\MFAData
2015-04-04 21:47 - 2015-04-04 21:47 - 00000000 ____D () C:\Users\Andreas\AppData\Local\MFAData
2015-04-04 21:15 - 2015-04-17 19:46 - 00000000 ____D () C:\AdwCleaner
2015-04-04 20:56 - 2015-04-17 20:07 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-04-02 22:45 - 2015-04-18 22:45 - 00001010 _____ () C:\WINDOWS\Tasks\N6Iytlgw.job
2015-04-02 22:45 - 2015-04-18 22:45 - 00001008 _____ () C:\WINDOWS\Tasks\DXPAJlb.job
2015-04-01 17:06 - 2015-04-01 17:06 - 00243576 _____ () C:\Users\Andreas\Downloads\Firefox Setup Stub 37.0.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-19 07:02 - 2013-08-22 10:17 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-04-19 06:53 - 2014-02-06 22:46 - 00000000 ____D () C:\Users\Andreas\AppData\Roaming\ClassicShell
2015-04-19 06:18 - 2013-08-22 10:17 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2015-04-19 06:07 - 2013-12-25 11:11 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-04-19 04:09 - 2013-06-12 14:39 - 00001116 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-19 01:24 - 2014-05-21 22:30 - 01213946 _____ () C:\WINDOWS\WindowsUpdate.log
2015-04-18 23:42 - 2013-08-22 10:17 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-04-18 21:10 - 2013-10-17 19:22 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-04-18 21:06 - 2013-10-17 19:37 - 00000000 ___DO () C:\Users\Andreas\SkyDrive
2015-04-18 21:03 - 2014-05-29 21:29 - 00024108 _____ () C:\WINDOWS\setupact.log
2015-04-18 21:03 - 2013-08-22 09:23 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-04-18 21:03 - 2013-08-22 08:13 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-04-17 02:17 - 2013-06-12 14:40 - 00002145 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-16 17:30 - 2015-02-05 17:56 - 00000000 ____D () C:\ProgramData\Oracle
2015-04-16 17:29 - 2015-02-05 17:56 - 00000000 ____D () C:\Program Files\Java
2015-04-16 17:29 - 2014-01-03 17:49 - 00000000 ____D () C:\Users\Andreas\AppData\Roaming\gsak
2015-04-16 17:28 - 2015-02-05 17:57 - 00096680 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2015-04-16 17:26 - 2014-01-08 19:20 - 00000000 ____D () C:\Program Files\gsak
2015-04-16 17:19 - 2012-07-26 08:43 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-04-15 20:37 - 2014-02-13 21:09 - 00000000 ____D () C:\Users\Nicole\AppData\Roaming\ClassicShell
2015-04-14 23:03 - 2013-08-22 10:17 - 00000000 ____D () C:\WINDOWS\AppCompat
2015-04-14 23:02 - 2013-08-22 10:17 - 00000000 ____D () C:\WINDOWS\rescache
2015-04-14 22:01 - 2014-05-20 22:55 - 00000000 __RDO () C:\Users\Nicole\OneDrive
2015-04-14 21:03 - 2014-12-09 22:03 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2015-04-14 21:03 - 2014-07-08 19:43 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2015-04-14 21:03 - 2013-08-22 10:17 - 00000000 ____D () C:\WINDOWS\system32\de-DE
2015-04-14 20:24 - 2013-06-12 17:35 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-14 20:11 - 2013-07-19 03:00 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-04-14 19:57 - 2013-06-12 13:53 - 125832184 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-04-14 01:24 - 2014-08-12 22:31 - 00792056 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-04-14 01:24 - 2014-08-12 22:31 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-04-10 20:38 - 2014-04-26 13:13 - 00000000 ____D () C:\ProgramData\Garmin
2015-04-10 20:38 - 2014-04-26 13:12 - 00000000 ____D () C:\ProgramData\Package Cache
2015-04-10 20:38 - 2013-06-12 15:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2015-04-10 20:37 - 2013-06-12 15:02 - 00000000 ____D () C:\Program Files\Garmin
2015-04-10 20:33 - 2015-01-04 20:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-04-10 20:33 - 2015-01-04 20:38 - 00000000 ____D () C:\Program Files\Avira
2015-04-08 15:40 - 2013-10-17 19:06 - 00000000 ____D () C:\Users\Andreas
2015-04-06 14:13 - 2014-05-21 23:14 - 00466588 _____ () C:\WINDOWS\PFRO.log
2015-04-06 14:09 - 2013-08-22 10:17 - 00000000 ____D () C:\WINDOWS\Web
2015-04-06 14:03 - 2012-07-26 08:53 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
2015-04-05 21:29 - 2015-02-01 23:35 - 00000000 ____D () C:\Users\Nicole\AppData\Roaming\Avira
2015-04-04 22:00 - 2013-08-22 08:13 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-04-04 21:52 - 2013-06-12 15:24 - 00000000 ____D () C:\Users\Andreas\AppData\Roaming\TuneUp Software
2015-04-01 12:52 - 2015-01-04 20:49 - 00000000 ____D () C:\Users\Andreas\AppData\Roaming\Avira
2015-04-01 12:50 - 2015-01-04 20:38 - 00000000 ____D () C:\ProgramData\Avira
2015-03-29 22:22 - 2013-10-17 19:06 - 00000000 ____D () C:\Users\Administrator
2015-03-29 20:29 - 2013-10-17 19:06 - 00000000 ____D () C:\Users\Nicole
2015-03-21 16:11 - 2013-08-22 10:17 - 00000000 ____D () C:\WINDOWS\LiveKernelReports

==================== Files in the root of some directories =======

2014-10-01 22:20 - 2014-09-23 20:17 - 0000034 _____ () C:\Users\Andreas\AppData\Roaming\pdfdrawcodec.dll
2014-03-17 20:26 - 2014-05-21 19:27 - 0000039 _____ () C:\Users\Andreas\AppData\Roaming\WB.CFG
2014-03-08 22:30 - 2014-03-08 22:30 - 0000218 _____ () C:\Users\Andreas\AppData\Local\recently-used.xbel
2013-10-10 12:33 - 2013-10-10 12:33 - 0000036 ___SH () C:\ProgramData\Shrew Soft VPN.dat

Files to move or delete:
====================
C:\ProgramData\Shrew Soft VPN.dat


Some content of TEMP:
====================
C:\Users\Andreas\AppData\Local\Temp\avgnt.exe
C:\Users\Andreas\AppData\Local\Temp\AVG_AV_Setup.exe
C:\Users\Andreas\AppData\Local\Temp\jre-8u45-windows-au.exe
C:\Users\Andreas\AppData\Local\Temp\Quarantine.exe
C:\Users\Andreas\AppData\Local\Temp\sqlite3.dll
C:\Users\Nicole\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-19 00:52

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

Guten morgen Schrauber,
sorry das ich Dir die Daten als Anhang geschickt habe, ich hatte nur gedacht, das es dadurch einfacher wird. Ich habe die empfohlenen Schritte durchgeführt und habe bein Eset online Scanner 54 verdächtige Dateien gefunden. Ich habe die Ergebnisse in der Antwort angehängt. Wenn ich Firefox aktuell starte, öffnen sich keine weiteren Fenster. Heißt das, das das Problem nun behoben ist? Gruß Skymaker18

schrauber 19.04.2015 07:59
Sieht gut aus :)


Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
FF HKU\S-1-5-21-3707818198-1158306646-3350299682-1001\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\l5lcxr82.default-1400781181936\extensions\cliqz@cliqz.com
FF HKU\S-1-5-21-3707818198-1158306646-3350299682-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\l5lcxr82.default-1400781181936\extensions\cliqz@cliqz.com

Emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.





http://deeprybka.trojaner-board.de/b...cleanupneu.png
Cleanup:
(Die Reihenfolge ist hier entscheidend)

Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken.

Falls Combofix verwendet wurde:
http://deeprybka.trojaner-board.de/b.../combofix2.pngCombofix deinstallieren
  • Wichtig: Bitte Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.
  • Drücke bitte die http://deeprybka.trojaner-board.de/b...ne/revo/w7.png + R Taste und schreibe Combofix /Uninstall in das Ausführen-Fenster.
  • Klicke auf OK.
    Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert.
  • Nun die eben deaktivierten Programme wieder aktivieren.

Alle Logs gepostet? Dann lade Dir bitte http://filepony.de/icon/tiny/delfix.pngDelFix herunter.
  • Schließe alle offenen Programme.
  • Starte die delfix.exe mit einem Doppelklick.
  • Setze vor jede Funktion ein Häkchen.
  • Klicke auf Start.

Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...:dankeschoen:und/oder das Forum mit einer kleinen Spende http://www.trojaner-board.de/extra/spende.png unterstützen. :applaus:

http://deeprybka.trojaner-board.de/b...ast/schild.png
Absicherung:
Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen:

Browser
Java
 Flash-Player
PDF-Reader

Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.
Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen.

Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.

Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank.
Meine Empfehlung:
http://filepony.de/icon/emsisoft_anti_malware.png
Emsisoft

Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen.

Optional:
http://filepony.de/icon/noscript.png NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen.
http://filepony.de/icon/malwarebytes_anti_exploit.pngMalwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.


Lade Software von einem sauberen Portal wie http://filepony.de/images/microbanner.gif.
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner .


Abschließend noch ein paar grundsätzliche Bemerkungen:
Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems.
Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.

skymaker18 19.04.2015 08:31
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 19-04-2015
Ran by Andreas at 2015-04-19 09:21:35 Run:1
Running from C:\Users\Andreas\Downloads
Loaded Profiles: Andreas (Available profiles: Andreas & Nicole & Administrator)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
FF HKU\S-1-5-21-3707818198-1158306646-3350299682-1001\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\l5lcxr82.default-1400781181936\extensions\cliqz@cliqz.com
FF HKU\S-1-5-21-3707818198-1158306646-3350299682-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\l5lcxr82.default-1400781181936\extensions\cliqz@cliqz.com

Emptytemp:

*****************

HKU\S-1-5-21-3707818198-1158306646-3350299682-1001\Software\Mozilla\Firefox\Extensions\\cliqz@cliqz.com => value deleted successfully.
HKU\S-1-5-21-3707818198-1158306646-3350299682-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Mozilla\Firefox\Extensions\\cliqz@cliqz.com => Value not found.
EmptyTemp: => Removed 2.3 GB temporary data.


The system needed a reboot.

==== End of Fixlog 09:24:04 ====

schrauber 19.04.2015 16:04
fertig :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 01:14 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131