Avira hat Trojaner gefunden

slatini · 22.11.2014, 14:51

HI Habe folgendes Problem beim starten des Laptop erscheinen;
(Das Programm kann nicht gestartet werden ,da MSVCR110.dll auf dem Computer fehlt.) und (Problem beim starten von d3c2c110.cpp das angegebene Modul wurde nicht gefunden.)und (HP Support Assistant funktioniert nicht mehr.)

M-K-D-B · 22.11.2014, 14:53

Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.

Bitte beachte folgende Hinweise:

Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.
Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo. Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
Während der Bereinigung bitte nichts installieren oder deinstallieren, außer ich bitte dich darum!
Bitte beachten: Download bei filepony.de: So ladet Ihr unsere Tools richtig!
Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!

Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke aauf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Danke für deine Mitarbeit!

Zur ersten Analyse bitte FRST ausführen:

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

slatini · 25.11.2014, 01:36

[CODE][/CODExportierte Ereignisse:

22.11.2014 13:34 [Echtzeit-Scanner] Echtzeit-Scanner deaktiviert
Echtzeit-Scanner wurde deaktiviert.

21.11.2014 10:34 [Updater] Update nicht ausgeführt
Das Update von Computer SLATI-HP (10.0.0.4) von
"hxxp://prempeak.avira-update.com/update" ist fehlgeschlagen.
Während des Herunterladens ist ein Fehler aufgetreten.
Es wurden keine neuen Dateien geladen.

19.11.2014 16:49 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Windows\Installer\MSIB55A.tmp'
wurde ein Virus oder unerwünschtes Programm 'APPL/Downloader.Gen4' [program]
gefunden.
Ausgeführte Aktion: Zugriff verweigern

19.11.2014 16:49 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Windows\Installer\MSIBF6A.tmp'
wurde ein Virus oder unerwünschtes Programm 'APPL/Downloader.Gen4' [program]
gefunden.
Ausgeführte Aktion: Zugriff verweigern

18.11.2014 18:10 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Windows\Installer\MSIA134.tmp'
wurde ein Virus oder unerwünschtes Programm 'APPL/Downloader.Gen4' [program]
gefunden.
Ausgeführte Aktion: Zugriff verweigern

18.11.2014 18:10 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Windows\Installer\MSIACC9.tmp'
wurde ein Virus oder unerwünschtes Programm 'APPL/Downloader.Gen4' [program]
gefunden.
Ausgeführte Aktion: Zugriff verweigern

18.11.2014 15:02 [Updater] Update nicht ausgeführt
Das Update von Computer SLATI-HP (10.0.0.4) von
"hxxp://prempeak.avira-update.com/update" ist fehlgeschlagen.
Während des Herunterladens ist ein Fehler aufgetreten.
Es wurden keine neuen Dateien geladen.

18.11.2014 07:45 [System-Scanner] Malware gefunden
Die Datei 'C:\ProgramData\011C2C3D.dot'
enthielt einen Virus oder unerwünschtes Programm 'TR/Reveton.906248' [trojan].
Durchgeführte Aktion(en):
Beim Versuch eine Sicherungskopie der Datei anzulegen ist ein Fehler
aufgetreten und die Datei wurde nicht gelöscht. Fehlernummer: 26004.
Die Quelldatei konnte nicht gefunden werden.
Es wird versucht die Aktion mit Hilfe der ARK Library durchzuführen.
Die Datei konnte nicht ins Quarantäneverzeichnis verschoben werden!
Die Datei existiert nicht!

18.11.2014 07:40 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\ProgramData\011C2C3D.dot'
wurde ein Virus oder unerwünschtes Programm 'TR/Reveton.906248' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern

12.11.2014 10:22 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Windows\Installer\MSI63B2.tmp'
wurde ein Virus oder unerwünschtes Programm 'APPL/Downloader.Gen4' [program]
gefunden.
Ausgeführte Aktion: Zugriff verweigern

12.11.2014 10:22 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Windows\Installer\MSI6EDA.tmp'
wurde ein Virus oder unerwünschtes Programm 'APPL/Downloader.Gen4' [program]
gefunden.
Ausgeführte Aktion: Zugriff verweigern

11.11.2014 09:43 [System-Scanner] Malware gefunden
Die Datei 'C:\HP\Bin\EndProcess.exe'
enthielt einen Virus oder unerwünschtes Programm 'APPL/KillApp.A' [program].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '510d5c9a.qua'
verschoben!

11.11.2014 09:40 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\HP\Bin\EndProcess.exe'
wurde ein Virus oder unerwünschtes Programm 'APPL/KillApp.A' [program] gefunden.
Ausgeführte Aktion: Zugriff verweigern

11.11.2014 09:25 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Windows\Installer\MSIA1DB.tmp'
wurde ein Virus oder unerwünschtes Programm 'APPL/Downloader.Gen4' [program]
gefunden.
Ausgeführte Aktion: Zugriff verweigern

11.11.2014 09:25 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Windows\Installer\MSI94FF.tmp'
wurde ein Virus oder unerwünschtes Programm 'APPL/Downloader.Gen4' [program]
gefunden.
Ausgeführte Aktion: Zugriff verweigern

10.11.2014 22:49 [Updater] Update nicht ausgeführt
Das Update von Computer SLATI-HP (10.0.0.4) von
"hxxp://prempeak.avira-update.com/update" ist fehlgeschlagen.
Während des Herunterladens ist ein Fehler aufgetreten.
Es wurden keine neuen Dateien geladen.

10.11.2014 21:57 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\HP\Bin\EndProcess.exe'
wurde ein Virus oder unerwünschtes Programm 'APPL/KillApp.A' [program] gefunden.
Ausgeführte Aktion: Zugriff verweigern

05.11.2014 16:21 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Windows\Installer\MSIE42E.tmp'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/Agent.Widgi.G.8' [adware]
gefunden.
Ausgeführte Aktion: Zugriff verweigern

05.11.2014 16:21 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Windows\Installer\MSIDC1F.tmp'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/Agent.Widgi.G.8' [adware]
gefunden.
Ausgeführte Aktion: Zugriff verweigern

05.11.2014 16:21 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Windows\Installer\MSIE017.tmp'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/Agent.Widgi.G.8' [adware]
gefunden.
Ausgeführte Aktion: Zugriff verweigern

05.11.2014 16:20 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Windows\Installer\MSID0D5.tmp'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/Agent.Widgi.G.8' [adware]
gefunden.
Ausgeführte Aktion: Zugriff verweigern

05.11.2014 16:20 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Windows\Installer\MSIB97B.tmp'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/Agent.Widgi.G.8' [adware]
gefunden.
Ausgeführte Aktion: Zugriff verweigern

05.11.2014 16:20 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Windows\Installer\MSIBF17.tmp'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/Agent.Widgi.G.8' [adware]
gefunden.
Ausgeführte Aktion: Zugriff verweigern

05.11.2014 14:01 [Updater] Update nicht ausgeführt
Das Update von Computer SLATI-HP (10.0.0.4) von "hxxp://89.105.213.25/update"
ist fehlgeschlagen.
Während des Herunterladens ist ein Fehler aufgetreten.
Es wurden keine neuen Dateien geladen.

04.11.2014 16:20 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Windows\Installer\MSI4D12.tmp'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/Agent.Widgi.G.8' [adware]
gefunden.
Ausgeführte Aktion: Zugriff verweigern

04.11.2014 16:20 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Windows\Installer\MSI3FC8.tmp'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/Agent.Widgi.G.8' [adware]
gefunden.
Ausgeführte Aktion: Zugriff verweigern

04.11.2014 16:20 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Windows\Installer\MSI2FFE.tmp'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/Agent.Widgi.G.8' [adware]
gefunden.
Ausgeführte Aktion: Zugriff verweigern

04.11.2014 16:20 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Windows\Installer\MSI1604.tmp'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/Agent.Widgi.G.8' [adware]
gefunden.
Ausgeführte Aktion: Zugriff verweigern

04.11.2014 16:20 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Windows\Installer\MSIDFD4.tmp'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/Agent.Widgi.G.8' [adware]
gefunden.
Ausgeführte Aktion: Zugriff verweigern

04.11.2014 16:20 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Windows\Installer\MSIEA50.tmp'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/Agent.Widgi.G.8' [adware]
gefunden.
Ausgeführte Aktion: Zugriff verweigern

01.11.2014 20:43 [System-Scanner] Malware gefunden
Die Datei 'C:\Users\slati\AppData\Local\Temp\Low\sWfR.dll'
enthielt einen Virus oder unerwünschtes Programm 'TR/Reveton.A.3571' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5155ad6e.qua'
verschoben!

01.11.2014 19:08 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\slati\AppData\Local\Temp\Low\sWfR.dll'
wurde ein Virus oder unerwünschtes Programm 'TR/Reveton.A.3571' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern

01.11.2014 09:04 [System-Scanner] Malware gefunden
Die Datei
'C:\Users\slati\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\5170ac2-4799e03
d'
enthielt einen Virus oder unerwünschtes Programm 'Java/Agent.4941' [virus].
Durchgeführte Aktion(en):
Beim Versuch eine Sicherungskopie der Datei anzulegen ist ein Fehler
aufgetreten und die Datei wurde nicht gelöscht. Fehlernummer: 26004.
Die Quelldatei konnte nicht gefunden werden.
Die Datei wurde zum Löschen nach einem Neustart markiert.
Für die abschliessende Reparatur wird ein Neustart des Computers eingeleitet.

01.11.2014 09:04 [System-Scanner] Malware gefunden
Die Datei
'C:\Users\slati\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\5170ac2-4799e03
d'
enthielt einen Virus oder unerwünschtes Programm 'Java/Agent.4941' [virus].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '517837b3.qua'
verschoben!

01.11.2014 02:03 [Echtzeit-Scanner] Registry blockiert
Der Administrator hat per Sicherheitsrichtlinie den Zugriff auf die Registry
blockiert.

31.10.2014 13:14 [System-Scanner] Malware gefunden
Die Datei 'C:\Users\slati\AppData\Local\Temp\Low\3byz.dll'
enthielt einen Virus oder unerwünschtes Programm 'TR/Crypt.Xpack.105002'
[trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '519beca2.qua'
verschoben!

31.10.2014 13:05 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\slati\AppData\Local\Temp\Low\3byz.dll'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.Xpack.105002' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern

31.10.2014 11:52 [System-Scanner] Malware gefunden
Die Datei 'C:\ProgramData\D3C2C110.cpp'
enthielt einen Virus oder unerwünschtes Programm 'TR/Crypt.ZPACK.104175'
[trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '1b9ab1c6.qua'
verschoben!

31.10.2014 11:49 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\slati\AppData\Local\Temp\Low\aUcx.dll'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.ZPACK.104175' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern

31.10.2014 11:44 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Windows\Installer\MSI7092.tmp'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/Agent.Widgi.G.8' [adware]
gefunden.
Ausgeführte Aktion: Zugriff verweigern

31.10.2014 11:44 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Windows\Installer\MSI6F1A.tmp'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/Agent.Widgi.G.8' [adware]
gefunden.
Ausgeführte Aktion: Zugriff verweigern

31.10.2014 11:41 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Windows\Installer\MSI2.tmp'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/Agent.Widgi.G.8' [adware]
gefunden.
Ausgeführte Aktion: Zugriff verweigern

31.10.2014 11:41 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Windows\Installer\MSIFB6F.tmp'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/Agent.Widgi.G.8' [adware]
gefunden.
Ausgeführte Aktion: Zugriff verweigern

30.10.2014 17:23 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\slati\AppData\Local\Temp\Low\3byz.dll'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.Xpack.105002' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern

30.10.2014 14:48 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\ProgramData\D3C2C110.cpp'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.Xpack.105002' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern

29.10.2014 19:45 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\ProgramData\D3C2C110.cpp'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.Xpack.105002' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern

28.10.2014 23:42 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Windows\Installer\MSIBE02.tmp'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/Agent.Widgi.G.8' [adware]
gefunden.
Ausgeführte Aktion: Zugriff verweigern

28.10.2014 23:42 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Windows\Installer\MSIBA98.tmp'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/Agent.Widgi.G.8' [adware]
gefunden.
Ausgeführte Aktion: Zugriff verweigern

28.10.2014 23:42 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Windows\Installer\MSIB671.tmp'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/Agent.Widgi.G.8' [adware]
gefunden.
Ausgeführte Aktion: Zugriff verweigern

28.10.2014 23:42 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Windows\Installer\MSI9B20.tmp'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/Agent.Widgi.G.8' [adware]
gefunden.
Ausgeführte Aktion: Zugriff verweigern

28.10.2014 23:42 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Windows\Installer\MSI7C28.tmp'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/Agent.Widgi.G.8' [adware]
gefunden.
Ausgeführte Aktion: Zugriff verweigern

28.10.2014 23:42 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Windows\Installer\MSI70F1.tmp'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/Agent.Widgi.G.8' [adware]
gefunden.
Ausgeführte Aktion: Zugriff verweigern

27.10.2014 17:34 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Windows\Installer\MSI298E.tmp'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/Agent.Widgi.G.8' [adware]
gefunden.
Ausgeführte Aktion: Zugriff verweigern

27.10.2014 17:34 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Windows\Installer\MSI24DC.tmp'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/Agent.Widgi.G.8' [adware]
gefunden.
Ausgeführte Aktion: Zugriff verweigern

27.10.2014 17:34 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Windows\Installer\MSI2190.tmp'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/Agent.Widgi.G.8' [adware]
gefunden.
Ausgeführte Aktion: Zugriff verweigern

27.10.2014 17:34 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Windows\Installer\MSI15C9.tmp'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/Agent.Widgi.G.8' [adware]
gefunden.
Ausgeführte Aktion: Zugriff verweigern

27.10.2014 17:34 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Windows\Installer\MSI8DB.tmp'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/Agent.Widgi.G.8' [adware]
gefunden.
Ausgeführte Aktion: Zugriff verweigern

27.10.2014 17:34 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Windows\Installer\MSI71.tmp'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/Agent.Widgi.G.8' [adware]
gefunden.
Ausgeführte Aktion: Zugriff verweigern

26.10.2014 17:29 [Echtzeit-Scanner] Lizenzfehler
Lizenzfehler

26.10.2014 09:00 [Updater] Update nicht ausgeführt
Das Update von Computer SLATI-HP (10.0.0.4) von
"hxxp://prempeak.avira-update.com/update" ist fehlgeschlagen.
Während des Herunterladens ist ein Fehler aufgetreten.
Es wurden keine neuen Dateien geladen.

E]

M-K-D-B · 25.11.2014, 19:03

Zur ersten Analyse bitte FRST ausführen:

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

slatini · 26.11.2014, 12:18

Hallo Matthias (FRST) läuft jetzt schon 12 stunden,der vortschrittbalken bewegt sich nicht mehr,oberhalb steht(Getting Office Sessions Errors 2538)

M-K-D-B · 26.11.2014, 20:29

Servus,

wenn du FRST ausgeführt hast, finden sich am gleichen Ort die zwei Logdateien FRST.txt und Addition.txt.
Beide bitte posten.

slatini · 27.11.2014, 10:08

Hallo Matthias, FRST läuft jetzt schon über 30 stunden ohne Fortschritt! links oben im Fenster blinkt (Getting Office Sessions Errors 2538)

M-K-D-B · 27.11.2014, 17:37

Zitat:

Zitat von slatini

Hallo Matthias, FRST läuft jetzt schon über 30 stunden ohne Fortschritt! links oben im Fenster blinkt (Getting Office Sessions Errors 2538)

Nochmal... beende FRST und poste die beiden Logdateien.

Auch wenn FRST sich bei der letzten Sektion anscheinend aufgehängt hat, befinden sich im gleichen Ordner, in dem sich die FRST.exe befindet, die beiden Dateien FRST.txt und Addition.txt.

Den Inhalt von beiden bitte posten.

slatini · 28.11.2014, 01:36

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-11-2014 01
Ran by slati at 2014-11-28 00:57:13
Running from C:\Users\slati\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9130 - Adobe Systems Inc.)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
Antivirus Pro (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.342 - Avira)
Atheros Bluetooth Filter Driver Package (HKLM\...\{65486209-5C54-439C-8383-8AC9BBE25932}) (Version: 2.0.0.27 - Qualcomm Atheros)
Atheros Bluetooth Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.4.0.100 - Atheros)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.2 - Atheros)
ATI Catalyst Install Manager (HKLM\...\{E04A3037-2F82-C518-D6CA-A63497D3872F}) (Version: 3.0.808.0 - ATI Technologies, Inc.)
Avira System Speedup (HKLM-x32\...\AviraSpeedup) (Version: 1.3.1.9970 - Avira System Speedup)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Big Rig Europe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
ccc-core-static (x32 Version: 2011.0304.1135.20703 - Ihr Firmenname) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Crazy Chicken Kart 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.2.1.3726 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Delta Chrome Toolbar (HKLM-x32\...\{177586E7-E42E-4F38-83D1-D15B4AF5B714}) (Version: 1.0.0.0 - DeltaInstaller) <==== ATTENTION
Delta toolbar   (HKLM-x32\...\delta) (Version: 1.8.10.0 - Delta) <==== ATTENTION
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
Evernote v. 4.2.2 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.2.3979 - Evernote Corp.)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
Fishdom (x32 Version: 2.2.0.95 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.71 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
HDVidCodec (HKLM-x32\...\1ClickDownload) (Version: 2.1 Build 26473 - hdvidcodec.com) <==== ATTENTION
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Deskjet 3050 J610 series - Grundlegende Software für das Gerät (HKLM\...\{EF3293DE-FCAC-4742-91BF-AD0174143FC3}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Deskjet 3050 J610 series Hilfe (HKLM-x32\...\{F7632A9B-661E-4FD9-B1A4-3B86BC99847F}) (Version: 140.0.63.63 - Hewlett Packard)
HP Documentation (HKLM-x32\...\{2BF8B295-A214-42AC-B4EC-2AE15E08B0E7}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.4 - WildTangent)
HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Power Manager (HKLM-x32\...\{872B1C80-38EC-4A31-A25C-980820593900}) (Version: 1.2.3 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{53B17A98-5BF0-40BC-AAFF-850A357975AC}) (Version: 2.7.2 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{03046EBB-CB7C-4B98-BEFB-690EB955DA22}) (Version: 8.5.4526.3645 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{D2462056-BA75-4B2C-8267-DFEA2B6AC4AE}) (Version: 4.6.10.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{904822F1-6C7D-4B91-B936-6A1C0810544C}) (Version: 7.7.34.34 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{23CCE784-A812-4647-AEFF-1DCCD4E57478}) (Version: 11.50.0000 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
HP Wireless Assistant (HKLM\...\{9EA86AD9-FB32-4B9E-BD56-3068F9B8031F}) (Version: 4.0.10.0 - Hewlett-Packard)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Jewel Quest Solitaire (x32 Version: 2.2.0.95 - WildTangent) Hidden
Keyboard & Mouse Driver (HKLM-x32\...\InstallShield_{B910DD1A-49B1-4068-9C08-E3C3AEC0C30A}) (Version: 5.1 - Driver Builder)
Keyboard & Mouse Driver (x32 Version: 5.1 - Driver Builder) Hidden
kmspctv (HKU\S-1-5-21-2041310051-869951282-1756680703-1001\...\56735e9401cc6ddb) (Version: 1.0.0.2 - kmspctv)
Landwirtschafts Simulator 2011 (HKLM-x32\...\FarmingSimulator2011_PLATINUMDE_is1) (Version: 1.0 - GIANTS Software)
LG United Mobile Driver (HKLM-x32\...\{2A3A4BD6-6CE0-4e2a-80D2-1D0FF6ACBFBA}) (Version: 3.11.3.0 - LG Electronics)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.258 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.258 - LogMeIn, Inc.) Hidden
LoiLo Game Recorder (HKLM\...\{89E4163C-BD19-45A9-BCEB-980741786799}_is1) (Version: 1.1.0.0 - LoiLo inc.)
LoiLoScope 2 (HKLM-x32\...\{CAB75FFC-2377-4B95-A8FA-C9234B812A92}_is1) (Version: 2.5.3.2 - LoiLo inc)
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft_VC90_CRT_x86 (HKLM-x32\...\{DF2035BE-5820-4965-BD97-7FAF8D4A7879}) (Version: 1.0.0 - Microsoft Corporation)
MORE! 2 Grammar Practice (HKLM-x32\...\MoreGrammarPractice2.3409B17F0A9FD11E2FADD014AA775CBB274BFE20.1) (Version: V1.0 - Helbling Verlag GmbH)
MORE! 2 Grammar Practice (x32 Version: 1.0 - Helbling Verlag GmbH) Hidden
Mouse Driver (HKLM-x32\...\InstallShield_{55BFC356-5A7B-482F-A213-9ACFDDFF6037}) (Version: 5.1 - Driver Builder)
Mouse Driver (x32 Version: 5.1 - Driver Builder) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystery P.I. - The London Caper (x32 Version: 2.2.0.95 - WildTangent) Hidden
Namco All-Stars PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden
Notificatoin (HKLM-x32\...\{A88DE8D3-9C38-4F0D-8981-A4C17F7677A1}) (Version: 1.0.0 - Notificatoin)
NVIDIA PhysX (HKLM-x32\...\{1C4551A6-4743-4093-91E4-1477CD655043}) (Version: 9.09.0203 - NVIDIA Corporation)
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.34 - PDF Complete, Inc)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.42.304.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7272 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7600.77 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 1.0.22 - Hewlett-Packard) Hidden
RewardsArcade (HKU\S-1-5-21-2041310051-869951282-1756680703-1001\...\RewardsArcade) (Version:  - 215 Apps)
Robocraft (HKLM-x32\...\Steam App 301520) (Version:  - Freejam)
Schnapsen (HKLM-x32\...\ST4UNST #1) (Version:  - )
Shanghai: Great Moments version 2.0 (HKLM-x32\...\Shanghai: Great Moments) (Version:  - )
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.9.9216 - Skype Technologies S.A.)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Slingo Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Studie zur Verbesserung von HP Deskjet 3050 J610 series Produkten (HKLM\...\{7ABE6772-4A13-47F7-A09A-1D4CCB5981D9}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
SuperEasy Driver Updater v.1.1.1 (HKLM-x32\...\{039BC111-D60F-A6FF-85F4-7992EA886B8D}_is1) (Version: 1.1.1 - SuperEasy Software GmbH & Co. KG)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
TeamSpeak 3 Client (HKU\S-1-5-21-2041310051-869951282-1756680703-1001\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
Unturned (HKLM-x32\...\Steam App 304930) (Version:  - Nelson Sexton)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Virtual DJ Pro Full - Atomix Productions (HKLM-x32\...\Virtual DJ Pro Full - Atomix Productions) (Version:  - )
Virtual Villagers - The Secret City (x32 Version: 2.2.0.95 - WildTangent) Hidden
VLC media player 1.1.11 (HKLM-x32\...\VLC media player) (Version: 1.1.11 - VideoLAN)
Vuze (HKLM-x32\...\8461-7759-5462-8226) (Version: 4.7 - Vuze Inc.)
Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games App für HP (x32 Version: 4.0.11.9 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
WinRAR 4.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
WMV9/VC-1 Video Playback (Version: 1.00.0000 - ATI Technologies Inc.) Hidden
Xobni (HKLM-x32\...\XobniMain) (Version: 1.9.5.13209 - Xobni Corp.)
Xobni Core (x32 Version: 1.0.0 - Xobni, Inc.) Hidden
YTD Toolbar v9.9 (HKLM-x32\...\{B7C0431E-3876-4757-B281-D635F3473FCC}) (Version: 9.9 - Spigot, Inc.) <==== ATTENTION
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2041310051-869951282-1756680703-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\slati\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File

==================== Restore Points  =========================

Could not list Restore Points. Check "winmgmt" service or repair WMI.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {124E33FD-2267-4F76-96E9-76D2899B0CB5} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-02-09] (CyberLink)
Task: {1B88277C-1D6C-4BF9-8D01-482341909A15} - System32\Tasks\AviraSpeedup => C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe [2014-10-02] (Avira)
Task: {34A572C1-82DB-4890-B9E0-787B8AA71EC8} - System32\Tasks\GoforFilesUpdate => C:\Program Files (x86)\GoforFiles\GFFUpdater.exe <==== ATTENTION
Task: {40EA8E46-8B57-4F87-8C39-27738C165566} - System32\Tasks\SuperEasyDriverUpdater_UPDATES => C:\Program Files (x86)\SuperEasy Software\Driver Updater\supereasydu.exe [2013-11-01] (SuperEasy Software)
Task: {4A37FC88-7DE2-471D-8C7A-C86820109C78} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-26] (Adobe Systems Incorporated)
Task: {57ACB57D-EB17-49D0-895D-F7FD2DD66833} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {5E3DC189-AFFC-4039-893C-DFE6DCDE46FA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-26] (Google Inc.)
Task: {64770B1A-4FF3-4FA7-AA68-B4537735FF4F} - System32\Tasks\{697A4168-5125-49D3-BCDA-DE6828BE7C8C} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.115/de/abandoninstall?page=tsProgressBar
Task: {68F5D154-A480-40C1-87BF-8C98C46D481D} - System32\Tasks\{19ED4A93-2FDF-44AC-B042-AD9B39135116} => C:\Users\slati\Downloads\Sprüche--und-Zitate-Lexikon\slx400.exe
Task: {6CFDB6FA-D8CF-40CF-88F7-1DE0E6A41928} - System32\Tasks\HPCeeScheduleForslati => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {75932DA9-A790-4FDA-AD08-E587CCB20C9A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-08-21] (Hewlett-Packard Company)
Task: {7B24E341-BD99-4D2A-B35C-95AA7DF1C9A4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-08-21] (Hewlett-Packard Company)
Task: {914E8D18-5153-4C33-8FE0-AF3F6CB9EE57} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2041310051-869951282-1756680703-1001UA => C:\Users\slati\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
Task: {ACDEC3D6-F50F-477C-830C-1DAA712661D9} - System32\Tasks\{D1F1D4D9-8964-43C7-9E03-C3D5CEF06300} => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-08-21] (Hewlett-Packard Company)
Task: {DBEC0D97-0076-41D4-B7FC-7AD1B4F5D127} - System32\Tasks\{2BC744D4-802C-4288-9B7D-019052A112BD} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.115/de/abandoninstall?page=tsProgressBar
Task: {DC0B6C32-F81A-478B-A118-7F2366FED449} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2041310051-869951282-1756680703-1001Core => C:\Users\slati\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
Task: {DFFA0BC6-9270-4920-8600-AE1B34BB4711} - System32\Tasks\HPCustParticipation HP Deskjet 3050 J610 series => C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {E90EF638-C722-4AB2-BFA1-33FDDEB55802} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-26] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2041310051-869951282-1756680703-1001Core.job => C:\Users\slati\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2041310051-869951282-1756680703-1001UA.job => C:\Users\slati\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForslati.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\SuperEasyDriverUpdater_UPDATES.job => C:\Program Files (x86)\SuperEasy Software\Driver Updater\supereasydu.exe

==================== Loaded Modules (whitelisted) =============

2011-03-04 11:43 - 2011-03-04 11:43 - 00079872 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Services.dll
2011-03-04 11:44 - 2011-03-04 11:44 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2011-12-12 12:12 - 2011-05-28 22:05 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll
2011-03-04 11:44 - 2011-03-04 11:44 - 00102912 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2011-03-11 14:32 - 2011-03-11 14:32 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2011-10-25 20:07 - 2012-08-23 10:53 - 00087520 _____ () C:\Program Files (x86)\Vuze\aereg.dll
2011-10-26 11:52 - 2011-12-01 22:59 - 00028160 _____ () C:\Users\slati\AppData\Roaming\Azureus\plugins\azutp\win32\utp.dll
2011-10-25 20:07 - 2012-06-03 18:16 - 00102400 _____ () C:\Program Files (x86)\Vuze\plugins\azitunes\jacob-1.14.3-x86.dll
2009-02-26 12:46 - 2009-02-26 12:46 - 00064344 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
2011-02-25 01:04 - 2011-02-25 01:04 - 00004608 _____ () C:\Program Files (x86)\Xobni\ManagedAggregator.dll
2011-02-25 01:08 - 2011-02-25 01:08 - 00062184 _____ () C:\Program Files (x86)\Xobni\XobniMainConnector.dll
2011-05-10 08:48 - 2011-05-10 08:48 - 00003072 _____ () C:\Windows\assembly\GAC_MSIL\Extensibility\7.0.3300.0__6298d2d1fcfb5d85\Extensibility.dll
2014-09-11 07:56 - 2014-09-11 07:56 - 01028608 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.In#\a9f2279a2e4e83d1a38cc86cf7225a2d\Microsoft.Office.Interop.Outlook.ni.dll
2011-02-25 01:08 - 2011-02-25 01:08 - 00045056 _____ () C:\Program Files (x86)\Xobni\XobniFailsafeUpdateChecker.dll
2014-10-17 15:01 - 2014-10-17 15:01 - 01120256 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\Xobni.XMapiAccessor\cc95e7f1f231c64b3e5ff35750168d25\Xobni.XMapiAccessor.ni.dll
2011-05-10 08:48 - 2011-05-10 08:48 - 00516096 _____ () C:\Windows\assembly\GAC_32\Xobni.XMapiAccessor\1.9.5.13209__6298d2d1fcfb5d85\Xobni.XMapiAccessor.dll
2011-02-15 18:32 - 2011-02-15 18:32 - 00904704 _____ () C:\Program Files (x86)\Xobni\System.Data.SQLite.dll
2014-09-11 07:56 - 2014-09-11 07:56 - 00506880 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\office\6a382239195d16a1828fd6a1a25eab59\office.ni.dll
2014-09-11 07:56 - 2014-09-11 07:56 - 00438272 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\LinqBridge\a83ddf9c7be78d1e84bf7ed3e8a26c2e\LinqBridge.ni.dll
2013-07-10 17:07 - 2013-07-10 17:07 - 00756888 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
2011-02-25 01:03 - 2011-02-25 01:03 - 00124416 _____ () C:\Program Files (x86)\Xobni\WindowDriver.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: (default) => 
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AtherosBtStack => "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
MSCONFIG\startupreg: avgnt => "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: HP Quick Launch => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: HPOSD => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
MSCONFIG\startupreg: HPWirelessAssistant => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: PDF Complete => C:\Program Files (x86)\PDF Complete\pdfsty.exe
MSCONFIG\startupreg: SearchSettings => "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

========================= Accounts: ==========================

Administrator (S-1-5-21-2041310051-869951282-1756680703-500 - Administrator - Disabled)
Gast (S-1-5-21-2041310051-869951282-1756680703-501 - Limited - Disabled)
slati (S-1-5-21-2041310051-869951282-1756680703-1001 - Administrator - Enabled) => C:\Users\slati

==================== Faulty Device Manager Devices =============

Could not list Devices. Check "winmgmt" service or repair WMI.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/28/2014 00:43:51 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm FRST64.exe, Version 23.11.2014.1 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 124c

Startzeit: 01d0090ab5154656

Endzeit: 9

Anwendungspfad: C:\Users\slati\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6RNGPCIW\FRST64.exe

Berichts-ID:

Error: (11/27/2014 09:00:21 AM) (Source: MsiInstaller) (EventID: 11723) (User: slati-HP)
Description: Produkt: YTD Toolbar v10.3 -- Fehler 1723. Es liegt ein dieses Windows Installer-Paket betreffendes Problem vor. Eine für den Abschluss der Installation erforderliche DLL konnte nicht ausgeführt werden. Wenden Sie sich an das Supportpersonal oder den Hersteller des Pakets. Aktion: caCheckAllowedOperations, Eintrag: CheckAllowedOperations, Bibliothek: C:\Windows\Installer\MSIE7C5.tmp

Error: (11/26/2014 00:39:57 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: atieclxx.exe, Version: 6.14.11.1154, Zeitstempel: 0x517c7e3a
Name des fehlerhaften Moduls: atieclxx.exe, Version: 6.14.11.1154, Zeitstempel: 0x517c7e3a
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000002e749
ID des fehlerhaften Prozesses: 0x49c
Startzeit der fehlerhaften Anwendung: 0xatieclxx.exe0
Pfad der fehlerhaften Anwendung: atieclxx.exe1
Pfad des fehlerhaften Moduls: atieclxx.exe2
Berichtskennung: atieclxx.exe3

Error: (11/26/2014 00:39:50 AM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description: ATI EEU Client has failed to start

Error: (11/26/2014 00:39:50 AM) (Source: ATIeRecord) (EventID: 16388) (User: )
Description: ATI EEU Client event error

Error: (11/25/2014 09:28:11 PM) (Source: MsiInstaller) (EventID: 11723) (User: slati-HP)
Description: Produkt: YTD Toolbar v10.3 -- Fehler 1723. Es liegt ein dieses Windows Installer-Paket betreffendes Problem vor. Eine für den Abschluss der Installation erforderliche DLL konnte nicht ausgeführt werden. Wenden Sie sich an das Supportpersonal oder den Hersteller des Pakets. Aktion: caCheckAllowedOperations, Eintrag: CheckAllowedOperations, Bibliothek: C:\Windows\Installer\MSI68D2.tmp

Error: (11/25/2014 09:22:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: atieclxx.exe, Version: 6.14.11.1154, Zeitstempel: 0x517c7e3a
Name des fehlerhaften Moduls: atieclxx.exe, Version: 6.14.11.1154, Zeitstempel: 0x517c7e3a
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000002e749
ID des fehlerhaften Prozesses: 0x4c8
Startzeit der fehlerhaften Anwendung: 0xatieclxx.exe0
Pfad der fehlerhaften Anwendung: atieclxx.exe1
Pfad des fehlerhaften Moduls: atieclxx.exe2
Berichtskennung: atieclxx.exe3

Error: (11/25/2014 09:22:39 PM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description: ATI EEU Client has failed to start

Error: (11/25/2014 09:22:39 PM) (Source: ATIeRecord) (EventID: 16388) (User: )
Description: ATI EEU Client event error

Error: (11/25/2014 01:08:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: atieclxx.exe, Version: 6.14.11.1154, Zeitstempel: 0x517c7e3a
Name des fehlerhaften Moduls: atieclxx.exe, Version: 6.14.11.1154, Zeitstempel: 0x517c7e3a
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000002e749
ID des fehlerhaften Prozesses: 0x4a8
Startzeit der fehlerhaften Anwendung: 0xatieclxx.exe0
Pfad der fehlerhaften Anwendung: atieclxx.exe1
Pfad des fehlerhaften Moduls: atieclxx.exe2
Berichtskennung: atieclxx.exe3


System errors:
=============
Error: (11/28/2014 01:01:16 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%2

Error: (11/28/2014 01:00:46 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%2

Error: (11/28/2014 01:00:16 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%2

Error: (11/28/2014 00:59:46 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%2

Error: (11/28/2014 00:59:46 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error: (11/28/2014 00:59:16 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%2

Error: (11/28/2014 00:58:46 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%2

Error: (11/28/2014 00:58:14 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%2

Error: (11/28/2014 00:57:44 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%2

Error: (11/28/2014 00:57:14 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%2


Microsoft Office Sessions:
=========================

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-11-2014 01
Ran by slati (administrator) on SLATI-HP on 28-11-2014 00:54:27
Running from C:\Users\slati\Desktop
Loaded Profile: slati (Available profiles: slati)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Advanced Micro Devices) C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Spigot, Inc.) C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Avira) C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Azureus Software, Inc) C:\Program Files (x86)\Vuze\Azureus.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_15_0_0_239_ActiveX.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [799904 2011-10-13] (Atheros Commnucations)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7634288 2014-06-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1386712 2014-06-12] (Realtek Semiconductor)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-03-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-11-18] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-2041310051-869951282-1756680703-1001\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2041310051-869951282-1756680703-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-2041310051-869951282-1756680703-1001\...\MountPoints2: {25a63c88-ec53-11e2-a3ae-d0df9a56f3d5} - G:\LGAutoRun.exe
HKU\S-1-5-21-2041310051-869951282-1756680703-1001\...\MountPoints2: {98c64bbd-11b2-11e4-a3bd-d0df9a56f3d5} - I:\LGAutoRun.exe
AppInit_DLLs-x32: c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll => "c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll" File Not Found
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2041310051-869951282-1756680703-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
URLSearchHook: HKU\S-1-5-21-2041310051-869951282-1756680703-1001 - (No Name) - {D8278076-BC68-4484-9233-6E7F1628B56C} - No File
URLSearchHook: HKU\S-1-5-21-2041310051-869951282-1756680703-1001 - YTD Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\9.9\ytdToolbarIE64.dll (Spigot, Inc.)
URLSearchHook: HKU\S-1-5-21-2041310051-869951282-1756680703-1001 - YTD Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\9.9\ytdToolbarIE.dll (Spigot, Inc.)
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=CMNTDF
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=CMNTDF
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
SearchScopes: HKU\.DEFAULT -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = 
SearchScopes: HKU\S-1-5-21-2041310051-869951282-1756680703-1001 -> DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.delta-search.com/?q={searchTerms}&affID=119293&babsrc=SP_ss&mntrId=6eacef29000000000000f2df9a568445
SearchScopes: HKU\S-1-5-21-2041310051-869951282-1756680703-1001 -> {0EBD028D-67EE-4B28-B385-2CA85B3D7C91} URL = hxxp://at.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2041310051-869951282-1756680703-1001 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.delta-search.com/?q={searchTerms}&affID=119293&babsrc=SP_ss&mntrId=6eacef29000000000000f2df9a568445
SearchScopes: HKU\S-1-5-21-2041310051-869951282-1756680703-1001 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=CMNTDF
SearchScopes: HKU\S-1-5-21-2041310051-869951282-1756680703-1001 -> {71E7B8AD-3CD6-4BDA-8E1F-1DB27269D14B} URL = hxxp://www.search.ask.com/web?p2=%5EADN%5EOSJ000%5EYY%5EAT&gct=&itbv=12.0.1.100&o=APN10616&tpid=ORJ-V7&apn_uid=EBF24365-640B-4CCB-A184-45219E339E73&apn_ptnrs=ADN&apn_dtid=%5EOSJ000%5EYY%5EAT&apn_dbr=ie_10.0.9200.16611&doi=2013-07-04&trgb=IE&q={searchTerms}&psv=
SearchScopes: HKU\S-1-5-21-2041310051-869951282-1756680703-1001 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: delta Helper Object -> {C1AF5FA5-852C-4C90-812E-A7F75E011D87} -> C:\Program Files (x86)\Delta\delta\1.8.10.0\bh\delta.dll (Delta-search.com)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
BHO-x32: YTD Toolbar -> {F3FEE66E-E034-436a-86E4-9690573BEE8A} -> C:\Program Files (x86)\YTD Toolbar\IE\9.9\ytdToolbarIE.dll (Spigot, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - YTD Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\9.9\ytdToolbarIE64.dll (Spigot, Inc.)
Toolbar: HKLM-x32 - Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.10.0\deltaTlbr.dll (Delta-search.com)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - YTD Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\9.9\ytdToolbarIE.dll (Spigot, Inc.)
Toolbar: HKU\S-1-5-21-2041310051-869951282-1756680703-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpIdfPlugin.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\11\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2041310051-869951282-1756680703-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\slati\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF HKLM-x32\...\Firefox\Extensions: [crossriderapp498@crossrider.com] - C:\Users\slati\AppData\Local\RewardsArcade\498\Firefox
FF Extension: RewardsArcade - C:\Users\slati\AppData\Local\RewardsArcade\498\Firefox [2011-12-15]

Chrome: 
=======
CHR Plugin: (Shockwave Flash) - C:\program files (x86)\google\chrome\application\36.0.1985.143\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\program files (x86)\google\chrome\application\36.0.1985.143\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\program files (x86)\google\chrome\application\36.0.1985.143\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U17) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (WildTangent Games App V2 Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\10\NP_wtapp.dll No File
CHR Plugin: (Windows LiveÂ™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\slati\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.170.2) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Profile: C:\Users\slati\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Movie2kDownloader) - C:\Users\slati\AppData\Local\Google\Chrome\User Data\Default\Extensions\blaofbhgbmeikidhlkmjhbkbfohpgekf [2013-04-07]
CHR Extension: (Notificatoin) - C:\Users\slati\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmhfbmpdiffkamakhdbcgojfnbnlcenm [2013-11-26]
CHR Profile: C:\Users\slati\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Theme Creator) - C:\Users\slati\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\akpelnjfckgfiplcikojhomllgombffc [2013-04-28]
CHR Extension: (Turn Off the Lights) - C:\Users\slati\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn [2013-04-28]
CHR Extension: (Movie2kDownloader) - C:\Users\slati\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blaofbhgbmeikidhlkmjhbkbfohpgekf [2013-04-07]
CHR Extension: (YouTube) - C:\Users\slati\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-04-28]
CHR Extension: (RewardsArcade) - C:\Users\slati\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dcmagccbogebndpoodhhhafmofelpffh [2012-08-04]
CHR Extension: (Maze Manor Free) - C:\Users\slati\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ddmlblgpnpnnpmoegdiadppoehapkkej [2013-04-28]
CHR Extension: (Schoener Fernsehen) - C:\Users\slati\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\efeockcajocplcngjmdkajcgipgmjjih [2013-04-28]
CHR Extension: (Delta Toolbar) - C:\Users\slati\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eooncjejnppfjjklapaamhcdmjbilmde [2013-02-20]
CHR Extension: (PicMonkey) - C:\Users\slati\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fgdgokchhicmaiacmgegjnppjkgogdhm [2013-04-28]
CHR Extension: (Stupeflix Video Maker) - C:\Users\slati\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fkdmcfnoimoilncpjchamnenebopocem [2013-04-28]
CHR Extension: (Facebook for Chrome) - C:\Users\slati\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gdalhedleemkkdjddjgfjmcnbpejpapp [2013-04-28]
CHR Extension: (iPiccy Photo Editor) - C:\Users\slati\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\imokeandodnlammaoenbgcnbhigjbpjh [2013-04-28]
CHR Extension: (Little Alchemy) - C:\Users\slati\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd [2013-04-28]
CHR Extension: (Webcam Toy) - C:\Users\slati\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lfbgimoladefibpklnfmkpknadbklade [2013-04-28]
CHR Extension: (Skype Click to Call) - C:\Users\slati\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2012-08-04]
CHR Extension: (AudioSauna) - C:\Users\slati\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lkgfemnodkdnenmfkblebnkjpckkjcae [2013-04-28]
CHR Extension: (The Fancy Pants Adventure: World 2) - C:\Users\slati\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\loamdenijebhollnjgehcfbnpeelfhlk [2013-04-28]
CHR Extension: (Boomerang for Gmail) - C:\Users\slati\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mdanidgdpmkimeiiojknlnekblgmpdll [2013-04-28]
CHR Extension: (Google Mail-Checker) - C:\Users\slati\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2013-04-28]
CHR Extension: (Lieblings-Doodle) - C:\Users\slati\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nedjejdfkkjgebciefdfofjhmeogiaga [2013-04-28]
CHR Extension: (Google Chrome to Phone Extension) - C:\Users\slati\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\oadboiipflhobonjjffjbfekfjcgkhco [2013-04-28]
CHR Extension: (BrowserProtect) - C:\Users\slati\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pgafcinpmmpklohkojmllohdhomoefph [2013-02-20]
CHR Extension: (Akinator Web Genius) - C:\Users\slati\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\phjbcelanfbmkoghofajgepjabdbgncf [2013-04-28]
CHR Extension: (Google Mail) - C:\Users\slati\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-04-28]
CHR Extension: (Learn Spanish - Qué Onda Spanish) - C:\Users\slati\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pmcdjmebmeoobmdghjbjhbifoocbcmaj [2013-04-28]
CHR Profile: C:\Users\slati\AppData\Local\Google\Chrome\User Data\Profile 2
CHR Extension: (Google Docs) - C:\Users\slati\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2013-04-29]
CHR Extension: (Google Drive) - C:\Users\slati\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-04-29]
CHR Extension: (Movie2kDownloader 2) - C:\Users\slati\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blaofbhgbmeikidhlkmjhbkbfohpgekf [2013-04-29]
CHR Extension: (YouTube) - C:\Users\slati\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-04-29]
CHR Extension: (Google-Suche) - C:\Users\slati\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-04-29]
CHR Extension: (RewardsArcade) - C:\Users\slati\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\dcmagccbogebndpoodhhhafmofelpffh [2013-04-29]
CHR Extension: (Delta Toolbar) - C:\Users\slati\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\eooncjejnppfjjklapaamhcdmjbilmde [2013-04-29]
CHR Extension: (Notificatoin) - C:\Users\slati\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\hmhfbmpdiffkamakhdbcgojfnbnlcenm [2013-12-24]
CHR Extension: (Skype Click to Call) - C:\Users\slati\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-04-29]
CHR Extension: (Google Wallet) - C:\Users\slati\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-06]
CHR Extension: (Google Mail) - C:\Users\slati\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-04-29]
CHR HKLM-x32\...\Chrome\Extension: [blaofbhgbmeikidhlkmjhbkbfohpgekf] - C:\Program Files (x86)\Movie2KDownloader.com\Movie2KDownloader10.crx [2012-12-13]
CHR HKLM-x32\...\Chrome\Extension: [dcmagccbogebndpoodhhhafmofelpffh] - C:\Users\slati\AppData\Local\RewardsArcade\498\Chrome\rewardsarcade.crx [2011-11-04]
CHR HKLM-x32\...\Chrome\Extension: [eooncjejnppfjjklapaamhcdmjbilmde] - C:\Users\slati\AppData\Roaming\Delta\delta.crx [2012-11-25]
CHR HKLM-x32\...\Chrome\Extension: [hmhfbmpdiffkamakhdbcgojfnbnlcenm] - C:\ProgramData\Microsoft\Windows\DRM\Server\notificatoin_1.0.0.crx [2013-10-28]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-01-17]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [354304 2011-03-04] (Advanced Micro Devices, Inc.) [File not signed]
R2 AMD Reservation Manager; C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [194496 2010-06-17] (Advanced Micro Devices)
R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [804144 2014-11-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2014-11-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2014-11-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [993584 2014-11-18] (Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [105120 2011-10-13] (Atheros Commnucations) [File not signed]
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-04-24] (WildTangent)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [93184 2014-08-21] (Hewlett-Packard Company) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [46904 2013-12-17] (Hewlett-Packard Company)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [1817088 2010-12-28] (Realsil Microelectronics Inc.) [File not signed]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2014-10-21] (LogMeIn, Inc.)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1127448 2011-02-01] (PDF Complete Inc)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor)
S2 Winmgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S2 Winmgmt; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S2 XobniService; C:\Program Files (x86)\Xobni\XobniService.exe [62184 2011-02-25] (Xobni Corporation)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [158880 2011-10-13] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag64.sys [29184 2014-03-28] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem64.sys [36352 2014-03-28] (LG Electronics Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-01] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-01] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG)
S3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [848384 2011-02-11] (Realtek Semiconductor Corporation                           )
S3 ss_bserd; C:\Windows\System32\DRIVERS\ss_bserd.sys [128000 2009-09-19] (MCCI Corporation)
S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2013-04-24] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [28160 2013-04-24] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [34816 2013-04-24] (LG Electronics Inc.)
S3 andnetndis; system32\DRIVERS\lgandnetndis64.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-28 00:54 - 2014-11-28 00:55 - 00028454 _____ () C:\Users\slati\Desktop\FRST.txt
2014-11-28 00:52 - 2014-11-28 00:52 - 02117632 _____ (Farbar) C:\Users\slati\Desktop\FRST64.exe
2014-11-26 13:05 - 2014-11-26 13:05 - 04443312 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-11-26 00:51 - 2014-11-28 00:54 - 00000000 ____D () C:\FRST
2014-11-24 11:32 - 2014-11-24 11:32 - 00000000 ____D () C:\Users\slati\Documents\Neuer Ordner (3)
2014-11-24 09:45 - 2014-11-24 09:45 - 00000000 ___RH () C:\Users\slati\AppData\Roaming\21c8b215a9d21b840dde1eac0a3f63972
2014-11-23 15:16 - 2014-11-23 15:16 - 00000000 ____D () C:\Users\slati\Documents\LoiLo
2014-11-23 15:13 - 2014-11-23 15:14 - 00000000 ____D () C:\Users\slati\AppData\Local\LoiLo
2014-11-23 15:13 - 2014-11-23 15:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LoiLoScope 2
2014-11-23 15:13 - 2014-11-23 15:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LoiLo Game Recorder
2014-11-23 15:13 - 2014-11-23 15:13 - 00000000 ____D () C:\Program Files\LoiLo
2014-11-23 15:12 - 2014-11-23 15:12 - 00000000 ____D () C:\Program Files (x86)\LoiLo
2014-11-23 15:06 - 2014-11-23 15:09 - 74612920 _____ (LoiLo inc. ) C:\Users\slati\Downloads\LoiLoGameRecorder1.1.0.0.exe
2014-11-22 19:13 - 2014-11-25 01:28 - 00032870 _____ () C:\Users\slati\Documents\Ereignisse.txt
2014-11-21 17:16 - 2014-11-21 17:16 - 00001283 _____ () C:\Users\slati\Desktop\Landwirtschafts Simulator 2011  Platin-Edition.lnk
2014-11-21 17:16 - 2014-11-21 17:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Landwirtschafts Simulator 2011
2014-11-21 17:14 - 2014-11-21 17:16 - 00000000 ____D () C:\Program Files (x86)\Landwirtschafts Simulator 2011
2014-11-18 22:09 - 2014-11-26 00:39 - 00000920 _____ () C:\Windows\PFRO.log
2014-11-18 20:32 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-18 20:32 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-18 20:32 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-18 20:32 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-15 00:57 - 2014-11-15 00:54 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-11-15 00:57 - 2014-11-15 00:54 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-11-15 00:57 - 2014-11-15 00:54 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-11-14 08:23 - 2014-11-26 00:39 - 00001344 _____ () C:\Windows\setupact.log
2014-11-14 08:23 - 2014-11-14 08:23 - 00000000 _____ () C:\Windows\setuperr.log
2014-11-13 12:37 - 2014-11-13 12:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2014-11-13 11:08 - 2014-11-13 11:08 - 00000000 ____D () C:\ProgramData\{65AB91D4-DDD0-48D4-804D-C24E1FC90D44}
2014-11-13 11:03 - 2014-11-13 11:04 - 37602760 _____ (Hewlett-Packard ) C:\Users\slati\Downloads\sp68201.exe
2014-11-12 12:27 - 2014-11-12 12:27 - 00003132 _____ () C:\Windows\System32\Tasks\{5225E1FC-9766-4764-8295-4CA1137F474E}
2014-11-12 12:26 - 2014-11-12 12:26 - 00003268 _____ () C:\Windows\System32\Tasks\{C68B1895-9181-4DDA-9FBD-C12AA809F0EC}
2014-11-12 12:24 - 2014-11-12 12:24 - 05073240 _____ (Microsoft Corporation) C:\Users\slati\Downloads\vcredist_x86.exe
2014-11-12 12:14 - 2014-11-12 12:14 - 00000000 __SHD () C:\Users\slati\AppData\Local\EmieBrowserModeList
2014-11-12 11:00 - 2014-11-07 20:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-12 11:00 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-12 11:00 - 2014-11-06 05:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-12 11:00 - 2014-11-06 05:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-12 11:00 - 2014-11-06 05:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-12 11:00 - 2014-11-06 04:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-12 11:00 - 2014-11-06 04:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-12 11:00 - 2014-11-06 04:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-12 11:00 - 2014-11-06 04:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-12 11:00 - 2014-11-06 04:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-12 11:00 - 2014-11-06 04:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-12 11:00 - 2014-11-06 04:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-12 11:00 - 2014-11-06 04:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-12 11:00 - 2014-11-06 04:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-12 11:00 - 2014-11-06 04:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-12 11:00 - 2014-11-06 04:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-12 11:00 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-12 11:00 - 2014-11-06 04:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-12 11:00 - 2014-11-06 04:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-12 11:00 - 2014-11-06 04:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-12 11:00 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-12 11:00 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-12 11:00 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-12 11:00 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-12 11:00 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-12 11:00 - 2014-11-06 04:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-12 11:00 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-12 11:00 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-12 11:00 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-12 11:00 - 2014-11-06 04:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-12 11:00 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-12 11:00 - 2014-11-06 04:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-12 11:00 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-12 11:00 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-12 11:00 - 2014-11-06 03:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-12 11:00 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-12 11:00 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-12 11:00 - 2014-11-06 03:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-12 11:00 - 2014-11-06 03:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-12 11:00 - 2014-11-06 03:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-12 11:00 - 2014-11-06 03:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-12 11:00 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-12 11:00 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-12 11:00 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-12 11:00 - 2014-11-06 03:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-12 11:00 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-12 11:00 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-12 11:00 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-12 11:00 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-12 11:00 - 2014-11-06 03:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-12 11:00 - 2014-11-06 03:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-12 11:00 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-12 11:00 - 2014-11-06 02:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-12 11:00 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-12 11:00 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-12 11:00 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-12 11:00 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-12 11:00 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-12 11:00 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-12 11:00 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-12 11:00 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-12 11:00 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-12 11:00 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-12 11:00 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-12 11:00 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-12 10:58 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-12 10:58 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-12 10:58 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-12 10:58 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-12 10:58 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-12 10:58 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-12 10:58 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-12 10:58 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-12 10:58 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-12 10:58 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-12 10:58 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-12 10:58 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-12 10:58 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-12 10:58 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-12 10:58 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-12 10:58 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-12 10:58 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-12 10:58 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-12 10:58 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-12 10:58 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-12 10:58 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-12 10:58 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-12 10:58 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-12 10:58 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-12 10:58 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-12 10:58 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-12 10:58 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-12 10:58 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-12 10:58 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-12 10:57 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-12 10:57 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-12 10:57 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-12 10:57 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-10 10:55 - 2014-11-10 10:55 - 00003002 _____ () C:\Windows\System32\Tasks\{D1F1D4D9-8964-43C7-9E03-C3D5CEF06300}
2014-11-05 16:21 - 2014-11-05 16:21 - 00000000 ____D () C:\Program Files (x86)\YTD Toolbar
2014-11-05 16:21 - 2014-11-05 16:21 - 00000000 ____D () C:\Program Files (x86)\Application Updater
2014-11-01 16:37 - 2014-11-01 16:37 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM
2014-11-01 16:36 - 2014-06-17 19:27 - 04001752 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2014-11-01 16:36 - 2014-06-17 16:08 - 01205934 _____ () C:\Windows\system32\Drivers\RTAIODAT.DAT
2014-11-01 16:36 - 2014-06-17 15:41 - 64228864 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat
2014-11-01 16:36 - 2014-06-17 13:32 - 01286872 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2014-11-01 16:36 - 2014-06-13 16:24 - 02804952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO64.dll
2014-11-01 16:36 - 2014-06-11 17:08 - 00949464 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2014-11-01 16:36 - 2014-06-11 11:44 - 01024728 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2014-11-01 16:36 - 2014-06-09 16:57 - 02860248 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2014-11-01 16:36 - 2014-05-09 11:17 - 00628952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2014-11-01 16:36 - 2014-03-06 16:35 - 01959128 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2014-11-01 16:36 - 2011-12-20 15:32 - 00331880 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2014-11-01 16:36 - 2011-11-22 16:28 - 00014952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
2014-11-01 16:36 - 2010-11-08 07:31 - 00375128 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2014-11-01 16:36 - 2010-11-08 07:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2014-11-01 16:36 - 2010-11-08 07:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2014-11-01 16:36 - 2010-11-08 07:31 - 00204120 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2014-11-01 16:36 - 2010-11-08 07:31 - 00101208 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2014-11-01 16:36 - 2010-11-08 07:31 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2014-11-01 16:36 - 2010-11-03 18:30 - 00149608 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2014-11-01 16:36 - 2009-11-24 09:55 - 00518896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
2014-11-01 16:36 - 2009-11-24 09:55 - 00155888 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll
2014-11-01 16:33 - 2014-06-09 13:52 - 01530048 _____ (Conexant Systems Inc.) C:\Windows\system32\CX64APO.dll
2014-11-01 16:33 - 2014-06-09 10:59 - 00560328 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2014-11-01 16:33 - 2013-10-11 12:47 - 00113576 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2014-11-01 16:33 - 2012-03-08 11:47 - 00108640 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
2014-11-01 16:25 - 2014-11-01 16:25 - 00000000 ____D () C:\Program Files (x86)\TOH Class Filter
2014-10-30 14:48 - 2014-10-30 14:48 - 00000926 _____ () C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
2014-10-30 14:48 - 2014-10-30 14:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-10-30 14:48 - 2014-10-30 14:48 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-28 00:55 - 2011-10-25 20:08 - 00000000 ____D () C:\Users\slati\AppData\Roaming\Azureus
2014-11-28 00:48 - 2011-11-25 20:13 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-28 00:48 - 2011-11-25 20:13 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-28 00:46 - 2011-10-27 16:58 - 00000000 ____D () C:\Users\slati\Documents\Outlook-Dateien
2014-11-28 00:43 - 2011-10-25 17:32 - 00001138 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2041310051-869951282-1756680703-1001UA.job
2014-11-28 00:28 - 2011-07-19 07:25 - 01786280 _____ () C:\Windows\WindowsUpdate.log
2014-11-28 00:05 - 2013-12-28 08:03 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-27 13:32 - 2013-01-19 16:51 - 00003930 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{B128F017-193C-4074-A4D7-E361C7E9F4F0}
2014-11-27 03:42 - 2011-10-25 17:32 - 00001116 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2041310051-869951282-1756680703-1001Core.job
2014-11-26 13:05 - 2013-12-28 08:03 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-26 13:05 - 2012-10-19 00:17 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-26 13:05 - 2011-12-16 02:01 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-26 12:00 - 2009-07-14 05:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-26 12:00 - 2009-07-14 05:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-26 10:50 - 2011-11-30 10:58 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-11-26 10:50 - 2011-10-27 16:58 - 00000000 ____D () C:\Users\slati\AppData\Local\Xobni
2014-11-26 10:20 - 2013-02-04 11:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Buchstaben Schablonen 1.0
2014-11-26 09:20 - 2014-09-11 08:17 - 00000326 _____ () C:\Windows\Tasks\SuperEasyDriverUpdater_UPDATES.job
2014-11-26 00:40 - 2011-05-10 08:45 - 00000000 ____D () C:\ProgramData\PDFC
2014-11-26 00:39 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-25 00:42 - 2011-10-26 09:48 - 00000000 ____D () C:\Users\slati\AppData\Local\CrashDumps
2014-11-24 08:21 - 2014-09-14 12:45 - 00003186 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForslati
2014-11-24 08:21 - 2014-09-14 12:45 - 00000332 _____ () C:\Windows\Tasks\HPCeeScheduleForslati.job
2014-11-23 15:29 - 2014-02-05 18:29 - 00000000 ___RD () C:\Users\slati\Desktop\raffi's ordner
2014-11-23 15:11 - 2014-08-27 14:38 - 00000000 ____D () C:\Fraps
2014-11-23 15:11 - 2014-08-26 15:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2014-11-22 08:54 - 2014-08-26 15:15 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-11-21 19:54 - 2014-09-22 12:37 - 00000000 ____D () C:\Users\slati\AppData\Local\LogMeIn Hamachi
2014-11-21 17:21 - 2011-11-02 13:37 - 00000000 ____D () C:\Users\slati\Documents\My Games
2014-11-21 17:18 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-11-18 17:18 - 2014-02-05 18:19 - 00000000 ____D () C:\Users\slati\AppData\Roaming\TS3Client
2014-11-18 07:45 - 2009-07-14 06:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-15 00:58 - 2013-10-23 02:17 - 00000000 ____D () C:\ProgramData\Oracle
2014-11-15 00:54 - 2013-11-26 15:31 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-11-15 00:54 - 2013-10-23 02:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-11-15 00:53 - 2013-07-04 11:16 - 00000000 ____D () C:\Program Files (x86)\Java
2014-11-15 00:43 - 2011-11-25 20:13 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-15 00:43 - 2011-11-25 20:13 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-14 08:56 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-11-13 13:51 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-11-13 12:16 - 2011-05-10 08:52 - 00000000 ____D () C:\Windows\System32\Tasks\Hewlett-Packard
2014-11-13 12:15 - 2011-05-10 08:42 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-11-13 11:21 - 2011-05-10 08:33 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2014-11-13 00:52 - 2011-10-26 11:18 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-12 11:55 - 2009-07-14 05:45 - 00413864 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-12 11:26 - 2013-07-16 02:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-12 11:09 - 2011-11-08 07:04 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-10 10:47 - 2014-08-18 07:41 - 00000000 ____D () C:\Users\slati\AppData\Local\Adobe
2014-11-08 13:22 - 2011-05-10 08:45 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2014-11-08 13:19 - 2011-02-10 20:23 - 00000000 ____D () C:\SWSetup
2014-11-04 14:30 - 2010-11-21 04:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-11-01 16:38 - 2011-07-19 07:31 - 00000000 ___HD () C:\Program Files (x86)\Temp
2014-11-01 16:28 - 2014-09-11 13:22 - 00000000 ____D () C:\drivertemp
2014-11-01 01:24 - 2011-10-26 13:02 - 00000000 ____D () C:\Users\slati\AppData\Roaming\Skype
2014-10-31 11:43 - 2013-03-05 16:48 - 00000000 ____D () C:\Games
2014-10-31 11:42 - 2013-03-05 16:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Tanks
2014-10-31 11:40 - 2011-11-16 19:53 - 00000000 ____D () C:\Program Files (x86)\YouTube Downloader
2014-10-31 11:34 - 2011-11-25 20:13 - 00000000 ____D () C:\Program Files (x86)\Google
2014-10-30 14:52 - 2011-05-10 18:14 - 00717842 _____ () C:\Windows\system32\perfh007.dat
2014-10-30 14:52 - 2011-05-10 18:14 - 00155394 _____ () C:\Windows\system32\perfc007.dat
2014-10-30 14:52 - 2009-07-14 06:13 - 01649036 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-30 10:18 - 2011-11-10 12:13 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-10-30 10:18 - 2011-10-27 14:12 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log

Files to move or delete:
====================
C:\ProgramData\dsgsdgdsgdsgw.pad
C:\Users\slati\UpdateTitle.exe


Some content of TEMP:
====================
C:\Users\slati\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Windows\system64

M-K-D-B · 28.11.2014, 21:12

Servus,

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

slatini · 29.11.2014, 01:48

Code:

ATTFilter

ComboFix 14-11-25.01 - slati 29.11.2014   1:07.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.43.1031.18.3691.1966 [GMT 1:00]
ausgeführt von:: c:\users\slati\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Enabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\RewardsArcade
c:\program files (x86)\RewardsArcade\appAPIinternalWrapper.js
c:\program files (x86)\RewardsArcade\fb.js
c:\program files (x86)\RewardsArcade\jquery.js
c:\program files (x86)\RewardsArcade\json.js
c:\program files (x86)\RewardsArcade\RewardsArcade.exe
c:\program files (x86)\RewardsArcade\Uninstall.exe
c:\program files (x86)\RewardsArcade\UserConfirmation.exe
c:\program files (x86)\TelevisionFanatic
c:\program files (x86)\TelevisionFanatic\bar\1.bin\LOGO.BMP
c:\program files (x86)\TelevisionFanatic\bar\gen1\COMMON.T8S
c:\program files (x86)\TelevisionFanatic\bar\IE9Mesg\COMMON.T8S
c:\program files (x86)\TelevisionFanatic\bar\Message\COMMON.T8S
c:\program files (x86)\TelevisionFanatic\bar\Settings\s_pid.dat
c:\programdata\dsgsdgdsgdsgw.pad
c:\users\slati\AppData\Roaming\21c8b215a9d21b840dde1eac0a3f63972
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-10-28 bis 2014-11-29  ))))))))))))))))))))))))))))))
.
.
2014-11-29 00:25 . 2014-11-29 00:25	--------	d-----w-	c:\program files (x86)\LogMeIn Hamachi
2014-11-28 21:05 . 2014-11-02 04:20	11632448	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{7526361C-6849-476D-86C0-DB8A52D193DF}\mpengine.dll
2014-11-28 14:04 . 2014-11-21 17:35	182304	----a-w-	c:\windows\SysWow64\EasyAntiCheat.exe
2014-11-26 12:05 . 2014-11-26 12:05	4443312	----a-w-	c:\windows\SysWow64\FlashPlayerInstaller.exe
2014-11-25 23:51 . 2014-11-27 23:54	--------	d-----w-	C:\FRST
2014-11-23 14:13 . 2014-11-23 14:14	--------	d-----w-	c:\users\slati\AppData\Local\LoiLo
2014-11-23 14:13 . 2014-11-23 14:13	--------	d-----w-	c:\program files\LoiLo
2014-11-23 14:13 . 2014-11-23 14:13	--------	d-----w-	c:\program files (x86)\Common Files\PX Storage Engine
2014-11-23 14:12 . 2014-11-23 14:12	--------	d-----w-	c:\program files (x86)\LoiLo
2014-11-21 16:14 . 2014-11-21 16:16	--------	d-----w-	c:\program files (x86)\Landwirtschafts Simulator 2011
2014-11-18 19:32 . 2014-11-11 03:08	241152	----a-w-	c:\windows\system32\pku2u.dll
2014-11-18 19:32 . 2014-11-11 03:08	728064	----a-w-	c:\windows\system32\kerberos.dll
2014-11-18 19:32 . 2014-11-11 02:44	186880	----a-w-	c:\windows\SysWow64\pku2u.dll
2014-11-18 19:32 . 2014-11-11 02:44	550912	----a-w-	c:\windows\SysWow64\kerberos.dll
2014-11-14 23:59 . 2014-11-14 23:59	--------	d-----w-	c:\program files (x86)\Common Files\Java
2014-11-14 23:57 . 2014-11-14 23:54	98216	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-11-13 11:37 . 2014-11-13 11:37	--------	d-----w-	C:\Desktop
2014-11-13 10:08 . 2014-11-13 10:08	--------	d-----w-	c:\programdata\{65AB91D4-DDD0-48D4-804D-C24E1FC90D44}
2014-11-12 11:14 . 2014-11-12 11:14	--------	d-sh--w-	c:\users\slati\AppData\Local\EmieBrowserModeList
2014-11-12 09:58 . 2014-08-21 06:43	1882624	----a-w-	c:\windows\system32\msxml3.dll
2014-11-12 09:57 . 2014-10-14 02:13	3241984	----a-w-	c:\windows\system32\msi.dll
2014-11-12 09:57 . 2014-10-14 01:50	2363904	----a-w-	c:\windows\SysWow64\msi.dll
2014-11-12 09:57 . 2014-10-18 02:05	861696	----a-w-	c:\windows\system32\oleaut32.dll
2014-11-12 09:57 . 2014-10-18 01:33	571904	----a-w-	c:\windows\SysWow64\oleaut32.dll
2014-11-05 15:21 . 2014-11-05 15:21	--------	d-----w-	c:\program files (x86)\YTD Toolbar
2014-11-05 15:21 . 2014-11-05 15:21	--------	d-----w-	c:\program files (x86)\Common Files\Spigot
2014-11-05 15:21 . 2014-11-05 15:21	--------	d-----w-	c:\program files (x86)\Application Updater
2014-11-01 15:37 . 2014-11-01 15:37	--------	d-----w-	c:\windows\SysWow64\RTCOM
2014-11-01 15:33 . 2014-06-09 12:52	1530048	----a-w-	c:\windows\system32\CX64APO.dll
2014-11-01 15:33 . 2013-10-11 11:47	113576	----a-w-	c:\windows\system32\CONEQMSAPOGUILibrary.dll
2014-11-01 15:33 . 2012-03-08 10:47	108640	----a-w-	c:\windows\system32\AERTAR64.dll
2014-11-01 15:33 . 2014-06-09 09:59	560328	----a-w-	c:\windows\system32\AERTAC64.dll
2014-11-01 15:25 . 2014-11-01 15:25	--------	d-----w-	c:\program files (x86)\TOH Class Filter
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-11-26 12:05 . 2012-10-18 23:17	701104	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2014-11-26 12:05 . 2011-12-16 01:01	71344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-11-12 10:09 . 2011-11-08 06:04	103374192	----a-w-	c:\windows\system32\MRT.exe
2014-11-04 13:30 . 2010-11-21 03:27	275080	------w-	c:\windows\system32\MpSigStub.exe
2014-10-01 11:49 . 2013-05-02 09:53	43064	----a-w-	c:\windows\system32\drivers\avnetflt.sys
2014-10-01 11:49 . 2013-04-30 08:09	131608	----a-w-	c:\windows\system32\drivers\avipbb.sys
2014-10-01 11:49 . 2013-04-30 08:09	119272	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2014-09-25 02:08 . 2014-10-01 05:45	371712	----a-w-	c:\windows\system32\qdvd.dll
2014-09-25 01:40 . 2014-10-01 05:45	519680	----a-w-	c:\windows\SysWow64\qdvd.dll
2014-09-11 12:57 . 2010-06-24 09:33	23256	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-09-09 22:11 . 2014-09-24 13:31	2048	----a-w-	c:\windows\system32\tzres.dll
2014-09-09 21:47 . 2014-09-24 13:31	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2014-09-04 05:23 . 2014-10-16 23:06	424448	----a-w-	c:\windows\system32\rastls.dll
2014-09-04 05:04 . 2014-10-16 23:06	372736	----a-w-	c:\windows\SysWow64\rastls.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}]
2013-01-23 12:24	247704	----a-w-	c:\program files (x86)\Delta\delta\1.8.10.0\bh\delta.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{F3FEE66E-E034-436a-86E4-9690573BEE8A}]
2014-10-10 13:06	1574208	----a-w-	c:\program files (x86)\YTD Toolbar\IE\9.9\ytdToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{82E1477C-B154-48D3-9891-33D83C26BCD3}"= "c:\program files (x86)\Delta\delta\1.8.10.0\deltaTlbr.dll" [2013-01-23 321944]
"{F3FEE66E-E034-436a-86E4-9690573BEE8A}"= "c:\program files (x86)\YTD Toolbar\IE\9.9\ytdToolbarIE.dll" [2014-10-10 1574208]
.
[HKEY_CLASSES_ROOT\clsid\{82e1477c-b154-48d3-9891-33d83c26bcd3}]
[HKEY_CLASSES_ROOT\delta.deltadskBnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
[HKEY_CLASSES_ROOT\delta.deltadskBnd]
.
[HKEY_CLASSES_ROOT\clsid\{f3fee66e-e034-436a-86e4-9690573bee8a}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-03-04 336384]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-11-18 703736]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-10-07 507776]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2014-11-03 3835728]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R2 XobniService;XobniService;c:\program files (x86)\Xobni\XobniService.exe;c:\program files (x86)\Xobni\XobniService.exe [x]
R3 AndNetDiag;LGE AndroidNet USB Serial Port;c:\windows\system32\DRIVERS\lgandnetdiag64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetdiag64.sys [x]
R3 ANDNetModem;LGE AndroidNet USB Modem;c:\windows\system32\DRIVERS\lgandnetmodem64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetmodem64.sys [x]
R3 andnetndis;LGE AndroidNet NDIS Ethernet Adapter;c:\windows\system32\DRIVERS\lgandnetndis64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetndis64.sys [x]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys;c:\windows\SYSNATIVE\Drivers\AthDfu.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 EasyAntiCheat;EasyAntiCheat;c:\windows\system32\EasyAntiCheat.exe;c:\windows\SYSNATIVE\EasyAntiCheat.exe [x]
R3 EasyAntiCheatSys;EasyAntiCheatSys;c:\windows\system32\EasyAntiCheat.sys;c:\windows\SYSNATIVE\EasyAntiCheat.sys [x]
R3 GamesAppIntegrationService;GamesAppIntegrationService;c:\program files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys;c:\windows\SYSNATIVE\drivers\massfilter.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192cu.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8192cu.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bbus.sys [x]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bmdfl.sys [x]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bmdm.sys [x]
R3 ss_bserd;SAMSUNG USB Mobile Logging Driver;c:\windows\system32\DRIVERS\ss_bserd.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bserd.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [x]
S2 AntiVirMailService;Avira Email Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
S2 Application Updater;Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe;c:\program files (x86)\Application Updater\ApplicationUpdater.exe [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;c:\program files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe;c:\program files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe;c:\program files (x86)\PDF Complete\pdfsvc.exe [x]
S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [x]
S2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
S3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
S3 BtFilter;Bluetooth LowerFilter Class Filter Driver;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-11-26 09:49	1087304	----a-w-	c:\program files (x86)\Google\Chrome\Application\39.0.2171.71\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-11-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-18 12:05]
.
2014-11-28 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2041310051-869951282-1756680703-1001Core.job
- c:\users\slati\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-25 01:37]
.
2014-11-28 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2041310051-869951282-1756680703-1001UA.job
- c:\users\slati\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-25 01:37]
.
2014-11-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-25 21:36]
.
2014-11-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-25 21:36]
.
2014-11-28 c:\windows\Tasks\HPCeeScheduleForslati.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 20:15]
.
2014-11-26 c:\windows\Tasks\SuperEasyDriverUpdater_UPDATES.job
- c:\program files (x86)\SuperEasy Software\Driver Updater\supereasydu.exe [2014-09-11 10:39]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-10-13 799904]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2014-06-13 7634288]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2014-06-12 1386712]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = https://www.google.de/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{D8278076-BC68-4484-9233-6E7F1628B56C} - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-RewardsArcade - c:\program files (x86)\RewardsArcade\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_239_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_239_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_239_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_239_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_239.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_239.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_239.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_239.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0014\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0015\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0016\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0017\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-11-29  01:35:13 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2014-11-29 00:35
.
Vor Suchlauf: 17 Verzeichnis(se), 128.462.827.520 Bytes frei
Nach Suchlauf: 26 Verzeichnis(se), 127.764.484.096 Bytes frei
.
- - End Of File - - 9F62E1DD6DBCB6ACD40682A770801747
A36C5E4F47E84449FF07ED3517B43A31

M-K-D-B · 29.11.2014, 15:38

Schritt 1
Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Schritt 2
Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Schritt 3
Bitte deaktiviere dein Anti-Viren-Programm, da es das Ergebnis beeinflussen oder ggf. die Bereinigung stören kann.
Bitte lade dir zoek.exe von hier: http://hijackthis.nl/smeenk/ und speichere die Datei auf deinem Desktop.

Starte Zoek.exe mit einem Doppelklick.
Achtung: Das folgende Skript wurde nur für diesen speziellen Fall geschrieben und könnte andere Computer beschädigen.
Kopiere den Text der folgenden Box in das Skriptfenster von zoek:
Code:
ATTFilter
```
iedefaults;
resetIEproxy;
FFdefaults;
CHRdefaults;
emptyclsid;
         
```
Nun klicke auf "Run script" und sei geduldig bis das Skript durchgelaufen ist.
Wenn das Tool fertig ist, wird sich Notepad mit der Logdatei öffnen (ggf. erst nach einem Neustart). Das Log befindet sich aber auch noch unter c:\ .
Bitte poste mir das ZOEK-Log (möglichst in CODE-Tags - #-Symbol im Antwortfenster klicken).

Schritt 4

Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
Poste mir beide Logdateien mit deiner nächsten Antwort.

Bitte poste mit deiner nächsten Antwort

die Logdatei von AdwCleaner,
die Logdatei von MBAM,
die Logdatei von Zoek,
die beiden neuen Logdateien von FRST.

slatini · 29.11.2014, 20:16

Code:

ATTFilter

# AdwCleaner v4.102 - Bericht erstellt am 29/11/2014 um 17:03:29
# Aktualisiert 23/11/2014 von Xplode
# Database : 2014-11-23.7 [Local]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : slati - SLATI-HP
# Gestartet von : C:\Users\slati\Desktop\AdwCleaner_4.102.exe
# Option : Löschen

***** [ Dienste ] *****

Dienst Gelöscht : Application Updater

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\apn
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\IBUpdaterService
Ordner Gelöscht : C:\ProgramData\InstallBrainService
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\Program Files (x86)\appbario8
Ordner Gelöscht : C:\Program Files (x86)\Application Updater
Ordner Gelöscht : C:\Program Files (x86)\BabylonToolbar
Ordner Gelöscht : C:\Program Files (x86)\Delta
Ordner Gelöscht : C:\Program Files (x86)\GreenTree Applications
Ordner Gelöscht : C:\Program Files (x86)\Movie2KDownloader.com
Ordner Gelöscht : C:\Program Files (x86)\PC Performer
Ordner Gelöscht : C:\Program Files (x86)\YTD Toolbar
Ordner Gelöscht : C:\Program Files (x86)\Common Files\Spigot
Ordner Gelöscht : C:\Users\slati\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\slati\AppData\Local\RewardsArcade 
Ordner Gelöscht : C:\Users\slati\AppData\Local\TelevisionFanatic
Ordner Gelöscht : C:\Users\slati\AppData\LocalLow\appbario8
Ordner Gelöscht : C:\Users\slati\AppData\LocalLow\BabylonToolbar
Ordner Gelöscht : C:\Users\slati\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\slati\AppData\LocalLow\Delta
Ordner Gelöscht : C:\Users\slati\AppData\LocalLow\iac
Ordner Gelöscht : C:\Users\slati\AppData\LocalLow\Search Settings
Ordner Gelöscht : C:\Users\slati\AppData\LocalLow\TelevisionFanatic
Ordner Gelöscht : C:\Users\slati\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\slati\AppData\Roaming\BabylonToolbar
Ordner Gelöscht : C:\Users\slati\AppData\Roaming\Delta
Ordner Gelöscht : C:\Users\slati\AppData\Roaming\goforfiles
Ordner Gelöscht : C:\Users\slati\AppData\Roaming\PerformerSoft
Ordner Gelöscht : C:\Users\slati\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HDvidCodec.com
Ordner Gelöscht : C:\Users\slati\AppData\Local\Google\Chrome\User Data\Default\Extensions\blaofbhgbmeikidhlkmjhbkbfohpgekf
Ordner Gelöscht : C:\Users\slati\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmhfbmpdiffkamakhdbcgojfnbnlcenm

***** [ Tasks ] *****

Task Gelöscht : GoforFilesUpdate

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\blaofbhgbmeikidhlkmjhbkbfohpgekf
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\hmhfbmpdiffkamakhdbcgojfnbnlcenm
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\hmhfbmpdiffkamakhdbcgojfnbnlcenm
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltaappCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltaappCore.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltadskBnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltadskBnd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltaHlpr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltaHlpr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.deltaESrvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.deltaESrvc.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\RewardsArcade.BHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\RewardsArcade.BHO.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\RewardsArcade.FBApi
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\RewardsArcade.FBApi.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\RewardsArcade.Sandbox
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\RewardsArcade.Sandbox.1
Schlüssel Gelöscht : HKCU\Software\5d538f8ae16aee48
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{25514C64-8321-494E-BD3E-3DBAB3F8CEBA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6427058B-217C-4C7F-A6CE-C7934C0BDCEB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{60BE6B2E-F2F5-4404-AA1E-4381D4A6EEA2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{82E1477C-B154-48D3-9891-33D83C26BCD3}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{F3FEE66E-E034-436A-86E4-9690573BEE8A}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{6427058B-217C-4C7F-A6CE-C7934C0BDCEB}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EC29EDF6-AD3C-4E1C-A087-D6CB81400C43}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EC29EDF6-AD3C-4E1C-A087-D6CB81400C43}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{71E7B8AD-3CD6-4BDA-8E1F-1DB27269D14B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
Schlüssel Gelöscht : HKCU\Software\1ClickDownload
Schlüssel Gelöscht : HKCU\Software\Conduit
[#] Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\Delta
Schlüssel Gelöscht : HKCU\Software\GoforFiles
Schlüssel Gelöscht : HKCU\Software\ilivid
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Search Settings
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\StartSearch
Schlüssel Gelöscht : HKCU\Software\GetPrivate
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\RewardsArcade
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Search Settings
Schlüssel Gelöscht : HKLM\SOFTWARE\Application Updater
Schlüssel Gelöscht : HKLM\SOFTWARE\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\DataMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Delta
Schlüssel Gelöscht : HKLM\SOFTWARE\GoforFiles
Schlüssel Gelöscht : HKLM\SOFTWARE\Search Settings
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{177586E7-E42E-4F38-83D1-D15B4AF5B714}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\30C16B15B255BD349A1157B8A83E2AF9
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1CAE30F47D14B41B5FC8FA53658044
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\primeshare.tv

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17420


-\\ Mozilla Firefox v


-\\ Google Chrome v39.0.2171.71


*************************

AdwCleaner[R0].txt - [16177 octets] - [29/11/2014 16:51:44]
AdwCleaner[S0].txt - [14532 octets] - [29/11/2014 17:03:29]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [14593 octets] ##########

[CODE][ Malwarebytes Anti-Malware
www.malwarebytes.org

Update, 29.11.2014 17:50:33, SYSTEM, SLATI-HP, Manual, Rootkit Database, 2014.9.18.1, 2014.11.22.1,
Protection, 29.11.2014 17:50:37, SYSTEM, SLATI-HP, Protection, Malware Protection, Starting,
Protection, 29.11.2014 17:50:37, SYSTEM, SLATI-HP, Protection, Malware Protection, Started,
Protection, 29.11.2014 17:50:37, SYSTEM, SLATI-HP, Protection, Malicious Website Protection, Starting,
Update, 29.11.2014 17:50:49, SYSTEM, SLATI-HP, Manual, Malware Database, 2014.9.19.5, 2014.11.29.5,
Protection, 29.11.2014 17:50:49, SYSTEM, SLATI-HP, Protection, Refresh, Starting,
Protection, 29.11.2014 17:51:14, SYSTEM, SLATI-HP, Protection, Malicious Website Protection, Started,
Protection, 29.11.2014 17:51:14, SYSTEM, SLATI-HP, Protection, Malicious Website Protection, Stopping,
Protection, 29.11.2014 17:51:14, SYSTEM, SLATI-HP, Protection, Malicious Website Protection, Stopped,
Protection, 29.11.2014 17:51:26, SYSTEM, SLATI-HP, Protection, Refresh, Success,
Protection, 29.11.2014 17:51:26, SYSTEM, SLATI-HP, Protection, Malicious Website Protection, Starting,
Protection, 29.11.2014 17:51:27, SYSTEM, SLATI-HP, Protection, Malicious Website Protection, Started,
Update, 29.11.2014 18:19:45, SYSTEM, SLATI-HP, Scheduler, Rootkit Database, 2014.11.22.1, 2014.11.29.1,
Update, 29.11.2014 18:20:03, SYSTEM, SLATI-HP, Scheduler, Malware Database, 2014.11.29.5, 2014.11.29.6,
Protection, 29.11.2014 18:20:03, SYSTEM, SLATI-HP, Protection, Refresh, Starting,
Protection, 29.11.2014 18:20:03, SYSTEM, SLATI-HP, Protection, Malicious Website Protection, Stopping,
Protection, 29.11.2014 18:20:03, SYSTEM, SLATI-HP, Protection, Malicious Website Protection, Stopped,
Protection, 29.11.2014 18:20:36, SYSTEM, SLATI-HP, Protection, Refresh, Success,
Protection, 29.11.2014 18:20:36, SYSTEM, SLATI-HP, Protection, Malicious Website Protection, Starting,
Protection, 29.11.2014 18:20:37, SYSTEM, SLATI-HP, Protection, Malicious Website Protection, Started,
Scan, 29.11.2014 18:28:00, SYSTEM, SLATI-HP, Manual, Start: % 1 "% 2", Dauer: % 1 min 23 Sekunden, Bedrohungs-Suchlauf, Abgeschlossen, 0 Malwareerkennung, 146-Malwareerkennung,
Protection, 29.11.2014 18:31:26, SYSTEM, SLATI-HP, Protection, Malware Protection, Starting,
Protection, 29.11.2014 18:31:26, SYSTEM, SLATI-HP, Protection, Malware Protection, Started,
Protection, 29.11.2014 18:31:26, SYSTEM, SLATI-HP, Protection, Malicious Website Protection, Starting,
Protection, 29.11.2014 18:33:10, SYSTEM, SLATI-HP, Protection, Malicious Website Protection, Started,
Scan, 29.11.2014 19:15:20, SYSTEM, SLATI-HP, Manual, Start: % 1 "% 2", Dauer: % 1 min 27 Sekunden, Bedrohungs-Suchlauf, Abgeschlossen, 0 Malwareerkennung, 0-Malwareerkennung,

(end)/CODE]

Code:

ATTFilter

[ Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 29.11.2014
Suchlauf-Zeit: 18:20:45
Logdatei: mbam2.txt
Administrator: Ja

Version: 0.00.0.0000
Malware Datenbank: v2014.11.29.06
Rootkit Datenbank: v2014.11.29.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: slati

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 341777
Verstrichene Zeit: 23 Min, 38 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 2
PUP.Optional.Kango.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{A88DE8D3-9C38-4F0D-8981-A4C17F7677A1}, In Quarantäne, [3f4a0c3598e4b4828a634ab48181bb45], 
PUP.Optional.RewardsArcade.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\dcmagccbogebndpoodhhhafmofelpffh, In Quarantäne, [5c2d8cb5463642f408f2b4b056ad4db3], 

Registrierungswerte: 1
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|crossriderapp498@crossrider.com, C:\Users\slati\AppData\Local\RewardsArcade\498\Firefox, In Quarantäne, [3158a29f87f5fb3b44f5d780966d42be]

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 7
PUP.Optional.Notificatoin.A, C:\Program Files (x86)\Notificatoin, In Quarantäne, [3e4b78c9582437fff7fbd444857e8d73], 
PUP.Optional.Notificatoin.A, C:\Program Files (x86)\Notificatoin\1.0.0, In Quarantäne, [3e4b78c9582437fff7fbd444857e8d73], 
PUP.Optional.Notificatoin.A, C:\Program Files (x86)\Notificatoin\1.0.0\icons, In Quarantäne, [3e4b78c9582437fff7fbd444857e8d73], 
PUP.Optional.Notificatoin.A, C:\Program Files (x86)\Notificatoin\1.0.0\kango, In Quarantäne, [3e4b78c9582437fff7fbd444857e8d73], 
PUP.Optional.Notificatoin.A, C:\Program Files (x86)\Notificatoin\1.0.0\kango-ui, In Quarantäne, [3e4b78c9582437fff7fbd444857e8d73], 
PUP.Optional.Notificatoin.A, C:\Program Files (x86)\Notificatoin\1.0.0\kango-ui\theme, In Quarantäne, [3e4b78c9582437fff7fbd444857e8d73], 
PUP.Optional.Notificatoin.A, C:\Program Files (x86)\Notificatoin\1.0.0\kango-ui\theme\bubble, In Quarantäne, [3e4b78c9582437fff7fbd444857e8d73], 

Dateien: 63
PUP.Optional.Spigot.A, C:\Windows\Installer\1aaf3b1f.msi, In Quarantäne, [7019370ae69645f1c24ad3f44bb67987], 
PUP.Optional.Kango.A, C:\ProgramData\Microsoft\Windows\DRM\Server\notificatoin_1.0.0.crx, In Quarantäne, [3356b68b44383ff7976cf5b1bb49d828], 
PUP.Optional.Notificatoin.A, C:\Program Files (x86)\Notificatoin\1.0.0\b.js, In Quarantäne, [3e4b78c9582437fff7fbd444857e8d73], 
PUP.Optional.Notificatoin.A, C:\Program Files (x86)\Notificatoin\1.0.0\background.html, In Quarantäne, [3e4b78c9582437fff7fbd444857e8d73], 
PUP.Optional.Notificatoin.A, C:\Program Files (x86)\Notificatoin\1.0.0\config.xml, In Quarantäne, [3e4b78c9582437fff7fbd444857e8d73], 
PUP.Optional.Notificatoin.A, C:\Program Files (x86)\Notificatoin\1.0.0\extension_info.json, In Quarantäne, [3e4b78c9582437fff7fbd444857e8d73], 
PUP.Optional.Notificatoin.A, C:\Program Files (x86)\Notificatoin\1.0.0\f.js, In Quarantäne, [3e4b78c9582437fff7fbd444857e8d73], 
PUP.Optional.Notificatoin.A, C:\Program Files (x86)\Notificatoin\1.0.0\id.js, In Quarantäne, [3e4b78c9582437fff7fbd444857e8d73], 
PUP.Optional.Notificatoin.A, C:\Program Files (x86)\Notificatoin\1.0.0\jquery.js, In Quarantäne, [3e4b78c9582437fff7fbd444857e8d73], 
PUP.Optional.Notificatoin.A, C:\Program Files (x86)\Notificatoin\1.0.0\KangoBHO.dll, In Quarantäne, [3e4b78c9582437fff7fbd444857e8d73], 
PUP.Optional.Notificatoin.A, C:\Program Files (x86)\Notificatoin\1.0.0\KangoBHO64.dll, In Quarantäne, [3e4b78c9582437fff7fbd444857e8d73], 
PUP.Optional.Notificatoin.A, C:\Program Files (x86)\Notificatoin\1.0.0\KangoEngine.exe, In Quarantäne, [3e4b78c9582437fff7fbd444857e8d73], 
PUP.Optional.Notificatoin.A, C:\Program Files (x86)\Notificatoin\1.0.0\p.js, In Quarantäne, [3e4b78c9582437fff7fbd444857e8d73], 
PUP.Optional.Notificatoin.A, C:\Program Files (x86)\Notificatoin\1.0.0\readme.txt, In Quarantäne, [3e4b78c9582437fff7fbd444857e8d73], 
PUP.Optional.Notificatoin.A, C:\Program Files (x86)\Notificatoin\1.0.0\Uninstall.exe, In Quarantäne, [3e4b78c9582437fff7fbd444857e8d73], 
PUP.Optional.Notificatoin.A, C:\Program Files (x86)\Notificatoin\1.0.0\icons\button.png, In Quarantäne, [3e4b78c9582437fff7fbd444857e8d73], 
PUP.Optional.Notificatoin.A, C:\Program Files (x86)\Notificatoin\1.0.0\icons\icon100.png, In Quarantäne, [3e4b78c9582437fff7fbd444857e8d73], 
PUP.Optional.Notificatoin.A, C:\Program Files (x86)\Notificatoin\1.0.0\icons\icon128.png, In Quarantäne, [3e4b78c9582437fff7fbd444857e8d73], 
PUP.Optional.Notificatoin.A, C:\Program Files (x86)\Notificatoin\1.0.0\icons\icon32.png, In Quarantäne, [3e4b78c9582437fff7fbd444857e8d73], 
PUP.Optional.Notificatoin.A, C:\Program Files (x86)\Notificatoin\1.0.0\icons\icon48.png, In Quarantäne, [3e4b78c9582437fff7fbd444857e8d73], 
PUP.Optional.Notificatoin.A, C:\Program Files (x86)\Notificatoin\1.0.0\kango\backgroundscript_engine.js, In Quarantäne, [3e4b78c9582437fff7fbd444857e8d73], 
PUP.Optional.Notificatoin.A, C:\Program Files (x86)\Notificatoin\1.0.0\kango\base.js, In Quarantäne, [3e4b78c9582437fff7fbd444857e8d73], 
PUP.Optional.Notificatoin.A, C:\Program Files (x86)\Notificatoin\1.0.0\kango\browser.js, In Quarantäne, [3e4b78c9582437fff7fbd444857e8d73], 
PUP.Optional.Notificatoin.A, C:\Program Files (x86)\Notificatoin\1.0.0\kango\console.js, In Quarantäne, [3e4b78c9582437fff7fbd444857e8d73], 
PUP.Optional.Notificatoin.A, C:\Program Files (x86)\Notificatoin\1.0.0\kango\global.js, In Quarantäne, [3e4b78c9582437fff7fbd444857e8d73], 
PUP.Optional.Notificatoin.A, C:\Program Files (x86)\Notificatoin\1.0.0\kango\i18n.js, In Quarantäne, [3e4b78c9582437fff7fbd444857e8d73], 
PUP.Optional.Notificatoin.A, C:\Program Files (x86)\Notificatoin\1.0.0\kango\initialize.js, In Quarantäne, [3e4b78c9582437fff7fbd444857e8d73], 
PUP.Optional.Notificatoin.A, C:\Program Files (x86)\Notificatoin\1.0.0\kango\invoke_async.js, In Quarantäne, [3e4b78c9582437fff7fbd444857e8d73], 
PUP.Optional.Notificatoin.A, C:\Program Files (x86)\Notificatoin\1.0.0\kango\io.js, In Quarantäne, [3e4b78c9582437fff7fbd444857e8d73], 
PUP.Optional.Notificatoin.A, C:\Program Files (x86)\Notificatoin\1.0.0\kango\json2.js, In Quarantäne, [3e4b78c9582437fff7fbd444857e8d73], 
PUP.Optional.Notificatoin.A, C:\Program Files (x86)\Notificatoin\1.0.0\kango\kango.js, In Quarantäne, [3e4b78c9582437fff7fbd444857e8d73], 
PUP.Optional.Notificatoin.A, C:\Program Files (x86)\Notificatoin\1.0.0\kango\lang.js, In Quarantäne, [3e4b78c9582437fff7fbd444857e8d73], 
PUP.Optional.Notificatoin.A, C:\Program Files (x86)\Notificatoin\1.0.0\kango\legacy.js, In Quarantäne, [3e4b78c9582437fff7fbd444857e8d73], 
PUP.Optional.Notificatoin.A, C:\Program Files (x86)\Notificatoin\1.0.0\kango\message_target.js, In Quarantäne, [3e4b78c9582437fff7fbd444857e8d73], 
PUP.Optional.Notificatoin.A, C:\Program Files (x86)\Notificatoin\1.0.0\kango\message_target_module.js, In Quarantäne, [3e4b78c9582437fff7fbd444857e8d73], 
PUP.Optional.Notificatoin.A, C:\Program Files (x86)\Notificatoin\1.0.0\kango\messaging.js, In Quarantäne, [3e4b78c9582437fff7fbd444857e8d73], 
PUP.Optional.Notificatoin.A, C:\Program Files (x86)\Notificatoin\1.0.0\kango\storage.js, In Quarantäne, [3e4b78c9582437fff7fbd444857e8d73], 
PUP.Optional.Notificatoin.A, C:\Program Files (x86)\Notificatoin\1.0.0\kango\timer.js, In Quarantäne, [3e4b78c9582437fff7fbd444857e8d73], 
PUP.Optional.Notificatoin.A, C:\Program Files (x86)\Notificatoin\1.0.0\kango\updater.js, In Quarantäne, [3e4b78c9582437fff7fbd444857e8d73], 
PUP.Optional.Notificatoin.A, C:\Program Files (x86)\Notificatoin\1.0.0\kango\userscript_client.js, In Quarantäne, [3e4b78c9582437fff7fbd444857e8d73], 
PUP.Optional.Notificatoin.A, C:\Program Files (x86)\Notificatoin\1.0.0\kango\userscript_engine.js, In Quarantäne, [3e4b78c9582437fff7fbd444857e8d73], 
PUP.Optional.Notificatoin.A, C:\Program Files (x86)\Notificatoin\1.0.0\kango\utils.js, In Quarantäne, [3e4b78c9582437fff7fbd444857e8d73], 
PUP.Optional.Notificatoin.A, C:\Program Files (x86)\Notificatoin\1.0.0\kango\xhr.js, In Quarantäne, [3e4b78c9582437fff7fbd444857e8d73], 
PUP.Optional.Notificatoin.A, C:\Program Files (x86)\Notificatoin\1.0.0\kango-ui\browser_button.js, In Quarantäne, [3e4b78c9582437fff7fbd444857e8d73], 
PUP.Optional.Notificatoin.A, C:\Program Files (x86)\Notificatoin\1.0.0\kango-ui\context_menu.js, In Quarantäne, [3e4b78c9582437fff7fbd444857e8d73], 
PUP.Optional.Notificatoin.A, C:\Program Files (x86)\Notificatoin\1.0.0\kango-ui\context_menu_item_handler.html, In Quarantäne, [3e4b78c9582437fff7fbd444857e8d73], 
PUP.Optional.Notificatoin.A, C:\Program Files (x86)\Notificatoin\1.0.0\kango-ui\kango_api.js, In Quarantäne, [3e4b78c9582437fff7fbd444857e8d73], 
PUP.Optional.Notificatoin.A, C:\Program Files (x86)\Notificatoin\1.0.0\kango-ui\notification.html, In Quarantäne, [3e4b78c9582437fff7fbd444857e8d73], 
PUP.Optional.Notificatoin.A, C:\Program Files (x86)\Notificatoin\1.0.0\kango-ui\notifications.js, In Quarantäne, [3e4b78c9582437fff7fbd444857e8d73], 
PUP.Optional.Notificatoin.A, C:\Program Files (x86)\Notificatoin\1.0.0\kango-ui\options.js, In Quarantäne, [3e4b78c9582437fff7fbd444857e8d73], 
PUP.Optional.Notificatoin.A, C:\Program Files (x86)\Notificatoin\1.0.0\kango-ui\ui_base.js, In Quarantäne, [3e4b78c9582437fff7fbd444857e8d73], 
PUP.Optional.Notificatoin.A, C:\Program Files (x86)\Notificatoin\1.0.0\kango-ui\theme\bubble\bottom-left.png, In Quarantäne, [3e4b78c9582437fff7fbd444857e8d73], 
PUP.Optional.Notificatoin.A, C:\Program Files (x86)\Notificatoin\1.0.0\kango-ui\theme\bubble\bottom-middle.png, In Quarantäne, [3e4b78c9582437fff7fbd444857e8d73], 
PUP.Optional.Notificatoin.A, C:\Program Files (x86)\Notificatoin\1.0.0\kango-ui\theme\bubble\bottom-right.png, In Quarantäne, [3e4b78c9582437fff7fbd444857e8d73], 
PUP.Optional.Notificatoin.A, C:\Program Files (x86)\Notificatoin\1.0.0\kango-ui\theme\bubble\middle-left.png, In Quarantäne, [3e4b78c9582437fff7fbd444857e8d73], 
PUP.Optional.Notificatoin.A, C:\Program Files (x86)\Notificatoin\1.0.0\kango-ui\theme\bubble\middle-right.png, In Quarantäne, [3e4b78c9582437fff7fbd444857e8d73], 
PUP.Optional.Notificatoin.A, C:\Program Files (x86)\Notificatoin\1.0.0\kango-ui\theme\bubble\tail-bottom.png, In Quarantäne, [3e4b78c9582437fff7fbd444857e8d73], 
PUP.Optional.Notificatoin.A, C:\Program Files (x86)\Notificatoin\1.0.0\kango-ui\theme\bubble\tail-left.png, In Quarantäne, [3e4b78c9582437fff7fbd444857e8d73], 
PUP.Optional.Notificatoin.A, C:\Program Files (x86)\Notificatoin\1.0.0\kango-ui\theme\bubble\tail-right.png, In Quarantäne, [3e4b78c9582437fff7fbd444857e8d73], 
PUP.Optional.Notificatoin.A, C:\Program Files (x86)\Notificatoin\1.0.0\kango-ui\theme\bubble\tail-top.png, In Quarantäne, [3e4b78c9582437fff7fbd444857e8d73], 
PUP.Optional.Notificatoin.A, C:\Program Files (x86)\Notificatoin\1.0.0\kango-ui\theme\bubble\top-left.png, In Quarantäne, [3e4b78c9582437fff7fbd444857e8d73], 
PUP.Optional.Notificatoin.A, C:\Program Files (x86)\Notificatoin\1.0.0\kango-ui\theme\bubble\top-middle.png, In Quarantäne, [3e4b78c9582437fff7fbd444857e8d73], 
PUP.Optional.Notificatoin.A, C:\Program Files (x86)\Notificatoin\1.0.0\kango-ui\theme\bubble\top-right.png, In Quarantäne, [3e4b78c9582437fff7fbd444857e8d73], 

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)/CODE]

Zoek.exe v5.0.0.0 Updated 28-11-2014
Tool run by slati on 29.11.2014 at 19:50:43,30.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\slati\Desktop\zoek.exe [Scan all users] [Script inserted] 

==== System Restore Info ======================

29.11.2014 19:55:53 Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.google.de/"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02"
{0EBD028D-67EE-4B28-B385-2CA85B3D7C91} Yahoo! Search Url="hxxp://at.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADRA_deAT494"

==== Reset Google Chrome ======================

C:\Users\slati\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\slati\AppData\Local\Google\Chrome\User Data\Profile 1\Preferences was reset successfully
C:\Users\slati\AppData\Local\Google\Chrome\User Data\Profile 2\Preferences was reset successfully
C:\Users\slati\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\slati\AppData\Local\Google\Chrome\User Data\Profile 1\Web Data was reset successfully
C:\Users\slati\AppData\Local\Google\Chrome\User Data\Profile 2\Web Data was reset successfully

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyEnable"=dword:00000000

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== C:\zoek_backup content ======================

C:\zoek_backup (files=0 folders=0 0 bytes)

==== EOF on 29.11.2014 at 20:00:23,81 ======================

[CODEScan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-11-2014 01
Ran by slati (administrator) on SLATI-HP on 29-11-2014 20:05:27
Running from C:\Users\slati\Desktop
Loaded Profiles: slati &  (Available profiles: slati)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Advanced Micro Devices) C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Avira) C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [799904 2011-10-13] (Atheros Commnucations)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7634288 2014-06-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1386712 2014-06-12] (Realtek Semiconductor)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-03-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-11-18] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3835728 2014-11-03] (LogMeIn Inc.)
HKU\S-1-5-21-2041310051-869951282-1756680703-1001\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2041310051-869951282-1756680703-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-2041310051-869951282-1756680703-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2041310051-869951282-1756680703-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2041310051-869951282-1756680703-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2041310051-869951282-1756680703-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKU\S-1-5-21-2041310051-869951282-1756680703-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2041310051-869951282-1756680703-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2041310051-869951282-1756680703-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
SearchScopes: HKU\S-1-5-21-2041310051-869951282-1756680703-1001 -> {0EBD028D-67EE-4B28-B385-2CA85B3D7C91} URL = hxxp://at.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2041310051-869951282-1756680703-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {0EBD028D-67EE-4B28-B385-2CA85B3D7C91} URL = hxxp://at.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-2041310051-869951282-1756680703-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-2041310051-869951282-1756680703-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpIdfPlugin.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\11\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2041310051-869951282-1756680703-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\slati\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKU\S-1-5-21-2041310051-869951282-1756680703-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\slati\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

Chrome: 
=======
CHR Profile: C:\Users\slati\AppData\Local\Google\Chrome\User Data\Default
CHR Profile: C:\Users\slati\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Theme Creator) - C:\Users\slati\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\akpelnjfckgfiplcikojhomllgombffc [2013-04-28]
CHR Extension: (Please enter your password) - C:\Users\slati\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn [2013-04-28]
CHR Extension: (Movie2kDownloader) - C:\Users\slati\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blaofbhgbmeikidhlkmjhbkbfohpgekf [2013-04-07]
CHR Extension: (YouTube) - C:\Users\slati\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-04-28]
CHR Extension: (No Name) - C:\Users\slati\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dcmagccbogebndpoodhhhafmofelpffh [2012-08-04]
CHR Extension: (Maze Manor Free) - C:\Users\slati\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ddmlblgpnpnnpmoegdiadppoehapkkej [2013-04-28]
CHR Extension: (Schoener Fernsehen) - C:\Users\slati\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\efeockcajocplcngjmdkajcgipgmjjih [2013-04-28]
CHR Extension: (No Name) - C:\Users\slati\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eooncjejnppfjjklapaamhcdmjbilmde [2013-02-20]
CHR Extension: (PicMonkey) - C:\Users\slati\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fgdgokchhicmaiacmgegjnppjkgogdhm [2013-04-28]
CHR Extension: (Stupeflix Video Maker) - C:\Users\slati\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fkdmcfnoimoilncpjchamnenebopocem [2013-04-28]
CHR Extension: (Facebook for Chrome) - C:\Users\slati\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gdalhedleemkkdjddjgfjmcnbpejpapp [2013-04-28]
CHR Extension: (iPiccy Photo Editor) - C:\Users\slati\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\imokeandodnlammaoenbgcnbhigjbpjh [2013-04-28]
CHR Extension: (Little Alchemy) - C:\Users\slati\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd [2013-04-28]
CHR Extension: (Webcam Toy) - C:\Users\slati\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lfbgimoladefibpklnfmkpknadbklade [2013-04-28]
CHR Extension: (Skype Click to Call) - C:\Users\slati\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2012-08-04]
CHR Extension: (AudioSauna) - C:\Users\slati\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lkgfemnodkdnenmfkblebnkjpckkjcae [2013-04-28]
CHR Extension: (The Fancy Pants Adventure: World 2) - C:\Users\slati\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\loamdenijebhollnjgehcfbnpeelfhlk [2013-04-28]
CHR Extension: (Boomerang for Gmail) - C:\Users\slati\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mdanidgdpmkimeiiojknlnekblgmpdll [2013-04-28]
CHR Extension: (Google Mail Checker) - C:\Users\slati\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2013-04-28]
CHR Extension: (Favorite Doodle) - C:\Users\slati\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nedjejdfkkjgebciefdfofjhmeogiaga [2013-04-28]
CHR Extension: (Google Chrome to Phone Extension) - C:\Users\slati\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\oadboiipflhobonjjffjbfekfjcgkhco [2013-04-28]
CHR Extension: (BrowserProtect) - C:\Users\slati\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pgafcinpmmpklohkojmllohdhomoefph [2013-02-20]
CHR Extension: (Akinator Web Genius) - C:\Users\slati\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\phjbcelanfbmkoghofajgepjabdbgncf [2013-04-28]
CHR Extension: (Gmail) - C:\Users\slati\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-04-28]
CHR Extension: (Learn Spanish - Qué Onda Spanish) - C:\Users\slati\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pmcdjmebmeoobmdghjbjhbifoocbcmaj [2013-04-28]
CHR Profile: C:\Users\slati\AppData\Local\Google\Chrome\User Data\Profile 2
CHR Extension: (Google Docs) - C:\Users\slati\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2013-04-29]
CHR Extension: (Google Drive) - C:\Users\slati\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-04-29]
CHR Extension: (Movie2kDownloader 2) - C:\Users\slati\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blaofbhgbmeikidhlkmjhbkbfohpgekf [2013-04-29]
CHR Extension: (YouTube) - C:\Users\slati\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-04-29]
CHR Extension: (Google Search) - C:\Users\slati\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-04-29]
CHR Extension: (RewardsArcade) - C:\Users\slati\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\dcmagccbogebndpoodhhhafmofelpffh [2013-04-29]
CHR Extension: (Delta Toolbar) - C:\Users\slati\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\eooncjejnppfjjklapaamhcdmjbilmde [2013-04-29]
CHR Extension: (Notificatoin) - C:\Users\slati\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\hmhfbmpdiffkamakhdbcgojfnbnlcenm [2013-12-24]
CHR Extension: (Skype Click to Call) - C:\Users\slati\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-04-29]
CHR Extension: (Google Wallet) - C:\Users\slati\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-06]
CHR Extension: (Gmail) - C:\Users\slati\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-04-29]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [354304 2011-03-04] (Advanced Micro Devices, Inc.) [File not signed]
R2 AMD Reservation Manager; C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [194496 2010-06-17] (Advanced Micro Devices)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [804144 2014-11-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2014-11-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2014-11-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [993584 2014-11-18] (Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [105120 2011-10-13] (Atheros Commnucations) [File not signed]
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [182304 2014-11-21] (EasyAntiCheat Ltd)
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-04-24] (WildTangent)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [93184 2014-08-21] (Hewlett-Packard Company) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [46904 2013-12-17] (Hewlett-Packard Company)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [1817088 2010-12-28] (Realsil Microelectronics Inc.) [File not signed]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2014-10-21] (LogMeIn, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1127448 2011-02-01] (PDF Complete Inc)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor)
S2 XobniService; C:\Program Files (x86)\Xobni\XobniService.exe [62184 2011-02-25] (Xobni Corporation)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [158880 2011-10-13] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag64.sys [29184 2014-03-28] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem64.sys [36352 2014-03-28] (LG Electronics Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-01] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-01] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-29] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)
S3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [848384 2011-02-11] (Realtek Semiconductor Corporation                           )
S3 ss_bserd; C:\Windows\System32\DRIVERS\ss_bserd.sys [128000 2009-09-19] (MCCI Corporation)
S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2013-04-24] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [28160 2013-04-24] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [34816 2013-04-24] (LG Electronics Inc.)
S3 andnetndis; system32\DRIVERS\lgandnetndis64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EasyAntiCheatSys; \??\C:\Windows\system32\EasyAntiCheat.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-29 20:05 - 2014-11-29 20:06 - 00025102 _____ () C:\Users\slati\Desktop\FRST.txt
2014-11-29 19:55 - 2014-11-29 20:00 - 00002669 _____ () C:\zoek-results.log
2014-11-29 19:39 - 2014-11-29 19:39 - 00011752 _____ () C:\mbam2.txt
2014-11-29 19:38 - 2014-11-29 19:38 - 00002798 _____ () C:\mbam.txt
2014-11-29 17:50 - 2014-11-29 18:33 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-29 17:50 - 2014-11-29 17:50 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-11-29 17:50 - 2014-11-29 17:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-11-29 17:50 - 2014-11-29 17:50 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-29 17:50 - 2014-11-29 17:50 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-11-29 17:50 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-29 17:50 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-29 17:50 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-29 17:42 - 2014-11-29 17:42 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\slati\Desktop\mbam-setup-2.0.3.1025.exe
2014-11-29 17:27 - 2014-11-29 17:27 - 00000000 ____D () C:\zoek_backup
2014-11-29 17:26 - 2014-11-29 17:26 - 01294848 _____ () C:\Users\slati\Desktop\zoek.exe
2014-11-29 16:51 - 2014-11-29 17:03 - 00000000 ____D () C:\AdwCleaner
2014-11-29 16:49 - 2014-11-29 16:49 - 02148864 _____ () C:\Users\slati\Desktop\AdwCleaner_4.102.exe
2014-11-29 01:35 - 2014-11-29 01:35 - 00029111 _____ () C:\ComboFix.txt
2014-11-29 01:25 - 2014-11-29 01:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-11-29 01:25 - 2014-11-29 01:25 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-11-29 01:04 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-11-29 01:04 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-11-29 01:04 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-11-29 01:04 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-11-29 01:04 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-11-29 01:04 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-11-29 01:04 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-11-29 01:04 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-11-29 00:52 - 2014-11-29 01:35 - 00000000 ____D () C:\Qoobox
2014-11-29 00:51 - 2014-11-29 01:31 - 00000000 ____D () C:\Windows\erdnt
2014-11-29 00:42 - 2014-11-29 00:42 - 05599228 ____R (Swearware) C:\Users\slati\Desktop\ComboFix.exe
2014-11-28 15:39 - 2014-11-28 15:39 - 00018356 _____ () C:\Users\slati\Documents\erste aufname.lsproj
2014-11-28 15:04 - 2014-11-21 18:35 - 00182304 _____ (EasyAntiCheat Ltd) C:\Windows\SysWOW64\EasyAntiCheat.exe
2014-11-28 00:52 - 2014-11-28 00:52 - 02117632 _____ (Farbar) C:\Users\slati\Desktop\FRST64.exe
2014-11-26 13:05 - 2014-11-26 13:05 - 04443312 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-11-26 00:51 - 2014-11-29 20:05 - 00000000 ____D () C:\FRST
2014-11-24 11:32 - 2014-11-24 11:32 - 00000000 ____D () C:\Users\slati\Documents\Neuer Ordner (3)
2014-11-23 15:16 - 2014-11-23 15:16 - 00000000 ____D () C:\Users\slati\Documents\LoiLo
2014-11-23 15:13 - 2014-11-23 15:14 - 00000000 ____D () C:\Users\slati\AppData\Local\LoiLo
2014-11-23 15:13 - 2014-11-23 15:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LoiLoScope 2
2014-11-23 15:13 - 2014-11-23 15:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LoiLo Game Recorder
2014-11-23 15:13 - 2014-11-23 15:13 - 00000000 ____D () C:\Program Files\LoiLo
2014-11-23 15:12 - 2014-11-23 15:12 - 00000000 ____D () C:\Program Files (x86)\LoiLo
2014-11-23 15:06 - 2014-11-23 15:09 - 74612920 _____ (LoiLo inc. ) C:\Users\slati\Downloads\LoiLoGameRecorder1.1.0.0.exe
2014-11-22 19:13 - 2014-11-25 01:28 - 00032870 _____ () C:\Users\slati\Documents\Ereignisse.txt
2014-11-21 17:16 - 2014-11-21 17:16 - 00001283 _____ () C:\Users\slati\Desktop\Landwirtschafts Simulator 2011  Platin-Edition.lnk
2014-11-21 17:16 - 2014-11-21 17:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Landwirtschafts Simulator 2011
2014-11-21 17:14 - 2014-11-21 17:16 - 00000000 ____D () C:\Program Files (x86)\Landwirtschafts Simulator 2011
2014-11-18 22:09 - 2014-11-29 18:30 - 00021192 _____ () C:\Windows\PFRO.log
2014-11-18 20:32 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-18 20:32 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-18 20:32 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-18 20:32 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-15 00:57 - 2014-11-15 00:54 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-11-15 00:57 - 2014-11-15 00:54 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-11-15 00:57 - 2014-11-15 00:54 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-11-14 08:23 - 2014-11-29 18:30 - 00001624 _____ () C:\Windows\setupact.log
2014-11-14 08:23 - 2014-11-14 08:23 - 00000000 _____ () C:\Windows\setuperr.log
2014-11-13 12:37 - 2014-11-13 12:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2014-11-13 11:08 - 2014-11-13 11:08 - 00000000 ____D () C:\ProgramData\{65AB91D4-DDD0-48D4-804D-C24E1FC90D44}
2014-11-13 11:03 - 2014-11-13 11:04 - 37602760 _____ (Hewlett-Packard ) C:\Users\slati\Downloads\sp68201.exe
2014-11-12 12:27 - 2014-11-12 12:27 - 00003132 _____ () C:\Windows\System32\Tasks\{5225E1FC-9766-4764-8295-4CA1137F474E}
2014-11-12 12:26 - 2014-11-12 12:26 - 00003268 _____ () C:\Windows\System32\Tasks\{C68B1895-9181-4DDA-9FBD-C12AA809F0EC}
2014-11-12 12:24 - 2014-11-12 12:24 - 05073240 _____ (Microsoft Corporation) C:\Users\slati\Downloads\vcredist_x86.exe
2014-11-12 12:14 - 2014-11-12 12:14 - 00000000 __SHD () C:\Users\slati\AppData\Local\EmieBrowserModeList
2014-11-12 11:00 - 2014-11-07 20:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-12 11:00 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-12 11:00 - 2014-11-06 05:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-12 11:00 - 2014-11-06 05:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-12 11:00 - 2014-11-06 05:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-12 11:00 - 2014-11-06 04:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-12 11:00 - 2014-11-06 04:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-12 11:00 - 2014-11-06 04:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-12 11:00 - 2014-11-06 04:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-12 11:00 - 2014-11-06 04:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-12 11:00 - 2014-11-06 04:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-12 11:00 - 2014-11-06 04:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-12 11:00 - 2014-11-06 04:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-12 11:00 - 2014-11-06 04:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-12 11:00 - 2014-11-06 04:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-12 11:00 - 2014-11-06 04:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-12 11:00 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-12 11:00 - 2014-11-06 04:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-12 11:00 - 2014-11-06 04:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-12 11:00 - 2014-11-06 04:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-12 11:00 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-12 11:00 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-12 11:00 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-12 11:00 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-12 11:00 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-12 11:00 - 2014-11-06 04:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-12 11:00 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-12 11:00 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-12 11:00 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-12 11:00 - 2014-11-06 04:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-12 11:00 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-12 11:00 - 2014-11-06 04:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-12 11:00 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-12 11:00 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-12 11:00 - 2014-11-06 03:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-12 11:00 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-12 11:00 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-12 11:00 - 2014-11-06 03:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-12 11:00 - 2014-11-06 03:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-12 11:00 - 2014-11-06 03:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-12 11:00 - 2014-11-06 03:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-12 11:00 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-12 11:00 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-12 11:00 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-12 11:00 - 2014-11-06 03:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-12 11:00 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-12 11:00 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-12 11:00 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-12 11:00 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-12 11:00 - 2014-11-06 03:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-12 11:00 - 2014-11-06 03:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-12 11:00 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-12 11:00 - 2014-11-06 02:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-12 11:00 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-12 11:00 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-12 11:00 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-12 11:00 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-12 11:00 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-12 11:00 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-12 11:00 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-12 11:00 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-12 11:00 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-12 11:00 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-12 11:00 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-12 11:00 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-12 10:58 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-12 10:58 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-12 10:58 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-12 10:58 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-12 10:58 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-12 10:58 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-12 10:58 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-12 10:58 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-12 10:58 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-12 10:58 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-12 10:58 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-12 10:58 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-12 10:58 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-12 10:58 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-12 10:58 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-12 10:58 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-12 10:58 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-12 10:58 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-12 10:58 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-12 10:58 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-12 10:58 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-12 10:58 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-12 10:58 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-12 10:58 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-12 10:58 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-12 10:58 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-12 10:58 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-12 10:58 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-12 10:58 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-12 10:57 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-12 10:57 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-12 10:57 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-12 10:57 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-10 10:55 - 2014-11-10 10:55 - 00003002 _____ () C:\Windows\System32\Tasks\{D1F1D4D9-8964-43C7-9E03-C3D5CEF06300}
2014-11-01 16:37 - 2014-11-01 16:37 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM
2014-11-01 16:36 - 2014-06-17 19:27 - 04001752 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2014-11-01 16:36 - 2014-06-17 16:08 - 01205934 _____ () C:\Windows\system32\Drivers\RTAIODAT.DAT
2014-11-01 16:36 - 2014-06-17 15:41 - 64228864 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat
2014-11-01 16:36 - 2014-06-17 13:32 - 01286872 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2014-11-01 16:36 - 2014-06-13 16:24 - 02804952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO64.dll
2014-11-01 16:36 - 2014-06-11 17:08 - 00949464 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2014-11-01 16:36 - 2014-06-11 11:44 - 01024728 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2014-11-01 16:36 - 2014-06-09 16:57 - 02860248 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2014-11-01 16:36 - 2014-05-09 11:17 - 00628952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2014-11-01 16:36 - 2014-03-06 16:35 - 01959128 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2014-11-01 16:36 - 2011-12-20 15:32 - 00331880 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2014-11-01 16:36 - 2011-11-22 16:28 - 00014952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
2014-11-01 16:36 - 2010-11-08 07:31 - 00375128 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2014-11-01 16:36 - 2010-11-08 07:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2014-11-01 16:36 - 2010-11-08 07:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2014-11-01 16:36 - 2010-11-08 07:31 - 00204120 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2014-11-01 16:36 - 2010-11-08 07:31 - 00101208 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2014-11-01 16:36 - 2010-11-08 07:31 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2014-11-01 16:36 - 2010-11-03 18:30 - 00149608 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2014-11-01 16:36 - 2009-11-24 09:55 - 00518896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
2014-11-01 16:36 - 2009-11-24 09:55 - 00155888 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll
2014-11-01 16:33 - 2014-06-09 13:52 - 01530048 _____ (Conexant Systems Inc.) C:\Windows\system32\CX64APO.dll
2014-11-01 16:33 - 2014-06-09 10:59 - 00560328 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2014-11-01 16:33 - 2013-10-11 12:47 - 00113576 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2014-11-01 16:33 - 2012-03-08 11:47 - 00108640 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
2014-11-01 16:25 - 2014-11-01 16:25 - 00000000 ____D () C:\Program Files (x86)\TOH Class Filter
2014-10-30 14:48 - 2014-11-29 01:25 - 00000926 _____ () C:\Users\Public\Desktop\LogMeIn Hamachi.lnk

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-29 20:05 - 2013-12-28 08:03 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-29 20:04 - 2011-10-27 16:58 - 00000000 ____D () C:\Users\slati\Documents\Outlook-Dateien
2014-11-29 19:48 - 2011-11-25 20:13 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-29 18:42 - 2011-10-25 17:32 - 00001138 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2041310051-869951282-1756680703-1001UA.job
2014-11-29 18:40 - 2012-01-06 00:05 - 00000000 ____D () C:\Users\slati\AppData\Local\Apps\2.0
2014-11-29 18:39 - 2009-07-14 05:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-29 18:39 - 2009-07-14 05:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-29 18:37 - 2014-09-22 12:37 - 00000000 ____D () C:\Users\slati\AppData\Local\LogMeIn Hamachi
2014-11-29 18:36 - 2011-07-19 07:25 - 01858226 _____ () C:\Windows\WindowsUpdate.log
2014-11-29 18:31 - 2011-05-10 08:45 - 00000000 ____D () C:\ProgramData\PDFC
2014-11-29 18:30 - 2011-11-25 20:13 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-29 18:30 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-29 14:54 - 2013-01-19 16:51 - 00003930 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{B128F017-193C-4074-A4D7-E361C7E9F4F0}
2014-11-29 01:25 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-11-29 01:06 - 2011-10-25 20:08 - 00000000 ____D () C:\Users\slati\AppData\Roaming\Azureus
2014-11-28 15:13 - 2014-02-05 18:19 - 00000000 ____D () C:\Users\slati\AppData\Roaming\TS3Client
2014-11-28 14:59 - 2014-08-26 15:15 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-11-28 08:21 - 2014-09-14 12:45 - 00003186 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForslati
2014-11-28 08:21 - 2014-09-14 12:45 - 00000332 _____ () C:\Windows\Tasks\HPCeeScheduleForslati.job
2014-11-28 03:42 - 2011-10-25 17:32 - 00001116 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2041310051-869951282-1756680703-1001Core.job
2014-11-26 13:05 - 2013-12-28 08:03 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-26 13:05 - 2012-10-19 00:17 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-26 13:05 - 2011-12-16 02:01 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-26 10:50 - 2011-11-30 10:58 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-11-26 10:50 - 2011-10-27 16:58 - 00000000 ____D () C:\Users\slati\AppData\Local\Xobni
2014-11-26 10:20 - 2013-02-04 11:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Buchstaben Schablonen 1.0
2014-11-26 09:20 - 2014-09-11 08:17 - 00000326 _____ () C:\Windows\Tasks\SuperEasyDriverUpdater_UPDATES.job
2014-11-25 00:42 - 2011-10-26 09:48 - 00000000 ____D () C:\Users\slati\AppData\Local\CrashDumps
2014-11-23 15:29 - 2014-02-05 18:29 - 00000000 ___RD () C:\Users\slati\Desktop\raffi's ordner
2014-11-23 15:11 - 2014-08-27 14:38 - 00000000 ____D () C:\Fraps
2014-11-23 15:11 - 2014-08-26 15:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2014-11-21 17:21 - 2011-11-02 13:37 - 00000000 ____D () C:\Users\slati\Documents\My Games
2014-11-21 17:18 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-11-18 07:45 - 2009-07-14 06:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-15 00:58 - 2013-10-23 02:17 - 00000000 ____D () C:\ProgramData\Oracle
2014-11-15 00:54 - 2013-11-26 15:31 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-11-15 00:54 - 2013-10-23 02:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-11-15 00:53 - 2013-07-04 11:16 - 00000000 ____D () C:\Program Files (x86)\Java
2014-11-15 00:43 - 2011-11-25 20:13 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-15 00:43 - 2011-11-25 20:13 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-14 08:56 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-11-13 13:51 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-11-13 12:16 - 2011-05-10 08:52 - 00000000 ____D () C:\Windows\System32\Tasks\Hewlett-Packard
2014-11-13 12:15 - 2011-05-10 08:42 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-11-13 11:21 - 2011-05-10 08:33 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2014-11-13 00:52 - 2011-10-26 11:18 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-12 11:55 - 2009-07-14 05:45 - 00413864 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-12 11:26 - 2013-07-16 02:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-12 11:09 - 2011-11-08 07:04 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-10 10:47 - 2014-08-18 07:41 - 00000000 ____D () C:\Users\slati\AppData\Local\Adobe
2014-11-08 13:22 - 2011-05-10 08:45 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2014-11-08 13:19 - 2011-02-10 20:23 - 00000000 ____D () C:\SWSetup
2014-11-04 14:30 - 2010-11-21 04:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-11-01 16:38 - 2011-07-19 07:31 - 00000000 ___HD () C:\Program Files (x86)\Temp
2014-11-01 16:28 - 2014-09-11 13:22 - 00000000 ____D () C:\drivertemp
2014-11-01 01:24 - 2011-10-26 13:02 - 00000000 ____D () C:\Users\slati\AppData\Roaming\Skype
2014-10-31 11:43 - 2013-03-05 16:48 - 00000000 ____D () C:\Games
2014-10-31 11:42 - 2013-03-05 16:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Tanks
2014-10-31 11:40 - 2011-11-16 19:53 - 00000000 ____D () C:\Program Files (x86)\YouTube Downloader
2014-10-31 11:34 - 2011-11-25 20:13 - 00000000 ____D () C:\Program Files (x86)\Google
2014-10-30 14:52 - 2011-05-10 18:14 - 00717842 _____ () C:\Windows\system32\perfh007.dat
2014-10-30 14:52 - 2011-05-10 18:14 - 00155394 _____ () C:\Windows\system32\perfc007.dat
2014-10-30 14:52 - 2009-07-14 06:13 - 01649036 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-30 10:18 - 2011-11-10 12:13 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-10-30 10:18 - 2011-10-27 14:12 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log

Files to move or delete:
====================
C:\Users\slati\UpdateTitle.exe


Some content of TEMP:
====================
C:\Users\slati\AppData\Local\Temp\avgnt.exe
C:\Users\slati\AppData\Local\Temp\Quarantine.exe
C:\Users\slati\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Windows\system64
]

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-11-2014 01
Ran by slati at 2014-11-29 20:07:10
Running from C:\Users\slati\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9130 - Adobe Systems Inc.)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
Antivirus Pro (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.342 - Avira)
Atheros Bluetooth Filter Driver Package (HKLM\...\{65486209-5C54-439C-8383-8AC9BBE25932}) (Version: 2.0.0.27 - Qualcomm Atheros)
Atheros Bluetooth Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.4.0.100 - Atheros)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.2 - Atheros)
ATI Catalyst Install Manager (HKLM\...\{E04A3037-2F82-C518-D6CA-A63497D3872F}) (Version: 3.0.808.0 - ATI Technologies, Inc.)
Avira System Speedup (HKLM-x32\...\AviraSpeedup) (Version: 1.3.1.9970 - Avira System Speedup)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Big Rig Europe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
ccc-core-static (x32 Version: 2011.0304.1135.20703 - Ihr Firmenname) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Crazy Chicken Kart 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.2.1.3726 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
Evernote v. 4.2.2 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.2.3979 - Evernote Corp.)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
Fishdom (x32 Version: 2.2.0.95 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.71 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Deskjet 3050 J610 series - Grundlegende Software für das Gerät (HKLM\...\{EF3293DE-FCAC-4742-91BF-AD0174143FC3}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Deskjet 3050 J610 series Hilfe (HKLM-x32\...\{F7632A9B-661E-4FD9-B1A4-3B86BC99847F}) (Version: 140.0.63.63 - Hewlett Packard)
HP Documentation (HKLM-x32\...\{2BF8B295-A214-42AC-B4EC-2AE15E08B0E7}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.4 - WildTangent)
HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Power Manager (HKLM-x32\...\{872B1C80-38EC-4A31-A25C-980820593900}) (Version: 1.2.3 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{53B17A98-5BF0-40BC-AAFF-850A357975AC}) (Version: 2.7.2 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{03046EBB-CB7C-4B98-BEFB-690EB955DA22}) (Version: 8.5.4526.3645 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{D2462056-BA75-4B2C-8267-DFEA2B6AC4AE}) (Version: 4.6.10.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{904822F1-6C7D-4B91-B936-6A1C0810544C}) (Version: 7.7.34.34 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{23CCE784-A812-4647-AEFF-1DCCD4E57478}) (Version: 11.50.0000 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
HP Wireless Assistant (HKLM\...\{9EA86AD9-FB32-4B9E-BD56-3068F9B8031F}) (Version: 4.0.10.0 - Hewlett-Packard)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Jewel Quest Solitaire (x32 Version: 2.2.0.95 - WildTangent) Hidden
Keyboard & Mouse Driver (HKLM-x32\...\InstallShield_{B910DD1A-49B1-4068-9C08-E3C3AEC0C30A}) (Version: 5.1 - Driver Builder)
Keyboard & Mouse Driver (x32 Version: 5.1 - Driver Builder) Hidden
kmspctv (HKU\S-1-5-21-2041310051-869951282-1756680703-1001\...\56735e9401cc6ddb) (Version: 1.0.0.2 - kmspctv)
kmspctv (HKU\S-1-5-21-2041310051-869951282-1756680703-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\56735e9401cc6ddb) (Version: 1.0.0.2 - kmspctv)
Landwirtschafts Simulator 2011 (HKLM-x32\...\FarmingSimulator2011_PLATINUMDE_is1) (Version: 1.0 - GIANTS Software)
LG United Mobile Driver (HKLM-x32\...\{2A3A4BD6-6CE0-4e2a-80D2-1D0FF6ACBFBA}) (Version: 3.11.3.0 - LG Electronics)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.266 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.266 - LogMeIn, Inc.) Hidden
LoiLo Game Recorder (HKLM\...\{89E4163C-BD19-45A9-BCEB-980741786799}_is1) (Version: 1.1.0.0 - LoiLo inc.)
LoiLoScope 2 (HKLM-x32\...\{CAB75FFC-2377-4B95-A8FA-C9234B812A92}_is1) (Version: 2.5.3.2 - LoiLo inc)
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft_VC90_CRT_x86 (HKLM-x32\...\{DF2035BE-5820-4965-BD97-7FAF8D4A7879}) (Version: 1.0.0 - Microsoft Corporation)
MORE! 2 Grammar Practice (HKLM-x32\...\MoreGrammarPractice2.3409B17F0A9FD11E2FADD014AA775CBB274BFE20.1) (Version: V1.0 - Helbling Verlag GmbH)
MORE! 2 Grammar Practice (x32 Version: 1.0 - Helbling Verlag GmbH) Hidden
Mouse Driver (HKLM-x32\...\InstallShield_{55BFC356-5A7B-482F-A213-9ACFDDFF6037}) (Version: 5.1 - Driver Builder)
Mouse Driver (x32 Version: 5.1 - Driver Builder) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystery P.I. - The London Caper (x32 Version: 2.2.0.95 - WildTangent) Hidden
Namco All-Stars PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden
NVIDIA PhysX (HKLM-x32\...\{1C4551A6-4743-4093-91E4-1477CD655043}) (Version: 9.09.0203 - NVIDIA Corporation)
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.34 - PDF Complete, Inc)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.42.304.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7272 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7600.77 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 1.0.22 - Hewlett-Packard) Hidden
Robocraft (HKLM-x32\...\Steam App 301520) (Version:  - Freejam)
Schnapsen (HKLM-x32\...\ST4UNST #1) (Version:  - )
Shanghai: Great Moments version 2.0 (HKLM-x32\...\Shanghai: Great Moments) (Version:  - )
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.9.9216 - Skype Technologies S.A.)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Slingo Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Studie zur Verbesserung von HP Deskjet 3050 J610 series Produkten (HKLM\...\{7ABE6772-4A13-47F7-A09A-1D4CCB5981D9}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
SuperEasy Driver Updater v.1.1.1 (HKLM-x32\...\{039BC111-D60F-A6FF-85F4-7992EA886B8D}_is1) (Version: 1.1.1 - SuperEasy Software GmbH & Co. KG)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
TeamSpeak 3 Client (HKU\S-1-5-21-2041310051-869951282-1756680703-1001\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeamSpeak 3 Client (HKU\S-1-5-21-2041310051-869951282-1756680703-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
Unturned (HKLM-x32\...\Steam App 304930) (Version:  - Nelson Sexton)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Virtual DJ Pro Full - Atomix Productions (HKLM-x32\...\Virtual DJ Pro Full - Atomix Productions) (Version:  - )
Virtual Villagers - The Secret City (x32 Version: 2.2.0.95 - WildTangent) Hidden
VLC media player 1.1.11 (HKLM-x32\...\VLC media player) (Version: 1.1.11 - VideoLAN)
Vuze (HKLM-x32\...\8461-7759-5462-8226) (Version: 4.7 - Vuze Inc.)
Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games App für HP (x32 Version: 4.0.11.9 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
WinRAR 4.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
WMV9/VC-1 Video Playback (Version: 1.00.0000 - ATI Technologies Inc.) Hidden
Xobni (HKLM-x32\...\XobniMain) (Version: 1.9.5.13209 - Xobni Corp.)
Xobni Core (x32 Version: 1.0.0 - Xobni, Inc.) Hidden
YTD Toolbar v9.9 (HKLM-x32\...\{B7C0431E-3876-4757-B281-D635F3473FCC}) (Version: 9.9 - Spigot, Inc.) <==== ATTENTION
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2041310051-869951282-1756680703-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\slati\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File

==================== Restore Points  =========================

21-11-2014 16:16:56 DirectX wurde installiert
25-11-2014 00:39:08 Removed YTD Toolbar v9.9.
25-11-2014 08:29:54 Windows Update
28-11-2014 21:03:51 Windows Update
29-11-2014 18:55:12 zoek.exe restore point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2014-11-29 01:21 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {124E33FD-2267-4F76-96E9-76D2899B0CB5} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-02-09] (CyberLink)
Task: {1B88277C-1D6C-4BF9-8D01-482341909A15} - System32\Tasks\AviraSpeedup => C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe [2014-10-02] (Avira)
Task: {40EA8E46-8B57-4F87-8C39-27738C165566} - System32\Tasks\SuperEasyDriverUpdater_UPDATES => C:\Program Files (x86)\SuperEasy Software\Driver Updater\supereasydu.exe [2013-11-01] (SuperEasy Software)
Task: {4A37FC88-7DE2-471D-8C7A-C86820109C78} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-26] (Adobe Systems Incorporated)
Task: {57ACB57D-EB17-49D0-895D-F7FD2DD66833} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {5E3DC189-AFFC-4039-893C-DFE6DCDE46FA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-26] (Google Inc.)
Task: {64770B1A-4FF3-4FA7-AA68-B4537735FF4F} - System32\Tasks\{697A4168-5125-49D3-BCDA-DE6828BE7C8C} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.115/de/abandoninstall?page=tsProgressBar
Task: {68F5D154-A480-40C1-87BF-8C98C46D481D} - System32\Tasks\{19ED4A93-2FDF-44AC-B042-AD9B39135116} => C:\Users\slati\Downloads\Sprüche--und-Zitate-Lexikon\slx400.exe
Task: {6CFDB6FA-D8CF-40CF-88F7-1DE0E6A41928} - System32\Tasks\HPCeeScheduleForslati => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {75932DA9-A790-4FDA-AD08-E587CCB20C9A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-08-21] (Hewlett-Packard Company)
Task: {7B24E341-BD99-4D2A-B35C-95AA7DF1C9A4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-08-21] (Hewlett-Packard Company)
Task: {914E8D18-5153-4C33-8FE0-AF3F6CB9EE57} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2041310051-869951282-1756680703-1001UA => C:\Users\slati\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
Task: {ACDEC3D6-F50F-477C-830C-1DAA712661D9} - System32\Tasks\{D1F1D4D9-8964-43C7-9E03-C3D5CEF06300} => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-08-21] (Hewlett-Packard Company)
Task: {DBEC0D97-0076-41D4-B7FC-7AD1B4F5D127} - System32\Tasks\{2BC744D4-802C-4288-9B7D-019052A112BD} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.115/de/abandoninstall?page=tsProgressBar
Task: {DC0B6C32-F81A-478B-A118-7F2366FED449} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2041310051-869951282-1756680703-1001Core => C:\Users\slati\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
Task: {DFFA0BC6-9270-4920-8600-AE1B34BB4711} - System32\Tasks\HPCustParticipation HP Deskjet 3050 J610 series => C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {E90EF638-C722-4AB2-BFA1-33FDDEB55802} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-26] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2041310051-869951282-1756680703-1001Core.job => C:\Users\slati\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2041310051-869951282-1756680703-1001UA.job => C:\Users\slati\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForslati.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\SuperEasyDriverUpdater_UPDATES.job => C:\Program Files (x86)\SuperEasy Software\Driver Updater\supereasydu.exe

==================== Loaded Modules (whitelisted) =============

2011-12-12 12:12 - 2011-05-28 22:05 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll
2011-03-04 11:43 - 2011-03-04 11:43 - 00079872 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Services.dll
2011-03-04 11:44 - 2011-03-04 11:44 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2010-07-21 13:33 - 2010-07-21 13:33 - 00267832 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPCommon.XmlSerializers.dll
2011-03-04 11:44 - 2011-03-04 11:44 - 00102912 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2011-03-11 14:32 - 2011-03-11 14:32 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: (default) => 
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AtherosBtStack => "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
MSCONFIG\startupreg: avgnt => "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: HP Quick Launch => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: HPOSD => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
MSCONFIG\startupreg: HPWirelessAssistant => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: PDF Complete => C:\Program Files (x86)\PDF Complete\pdfsty.exe
MSCONFIG\startupreg: SearchSettings => "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

========================= Accounts: ==========================

Administrator (S-1-5-21-2041310051-869951282-1756680703-500 - Administrator - Disabled)
Gast (S-1-5-21-2041310051-869951282-1756680703-501 - Limited - Disabled)
slati (S-1-5-21-2041310051-869951282-1756680703-1001 - Administrator - Enabled) => C:\Users\slati

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/29/2014 06:32:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/29/2014 06:30:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: atieclxx.exe, Version: 6.14.11.1154, Zeitstempel: 0x517c7e3a
Name des fehlerhaften Moduls: atieclxx.exe, Version: 6.14.11.1154, Zeitstempel: 0x517c7e3a
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000002e749
ID des fehlerhaften Prozesses: 0x484
Startzeit der fehlerhaften Anwendung: 0xatieclxx.exe0
Pfad der fehlerhaften Anwendung: atieclxx.exe1
Pfad des fehlerhaften Moduls: atieclxx.exe2
Berichtskennung: atieclxx.exe3

Error: (11/29/2014 06:30:23 PM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description: ATI EEU Client has failed to start

Error: (11/29/2014 06:30:23 PM) (Source: ATIeRecord) (EventID: 16388) (User: )
Description: ATI EEU Client event error

Error: (11/29/2014 05:06:48 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/29/2014 05:05:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: atieclxx.exe, Version: 6.14.11.1154, Zeitstempel: 0x517c7e3a
Name des fehlerhaften Moduls: atieclxx.exe, Version: 6.14.11.1154, Zeitstempel: 0x517c7e3a
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000002e749
ID des fehlerhaften Prozesses: 0x47c
Startzeit der fehlerhaften Anwendung: 0xatieclxx.exe0
Pfad der fehlerhaften Anwendung: atieclxx.exe1
Pfad des fehlerhaften Moduls: atieclxx.exe2
Berichtskennung: atieclxx.exe3

Error: (11/29/2014 05:05:05 PM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description: ATI EEU Client has failed to start

Error: (11/29/2014 05:05:05 PM) (Source: ATIeRecord) (EventID: 16388) (User: )
Description: ATI EEU Client event error

Error: (11/29/2014 11:07:16 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (11/29/2014 10:11:18 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (11/29/2014 06:33:59 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Microsoft .NET Framework NGEN v4.0.30319_X64 erreicht.

Error: (11/29/2014 06:30:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "LogMeIn Hamachi Tunneling Engine" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (11/29/2014 06:30:56 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst LogMeIn Hamachi Tunneling Engine erreicht.

Error: (11/29/2014 05:05:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "LogMeIn Hamachi Tunneling Engine" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (11/29/2014 05:05:38 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst LogMeIn Hamachi Tunneling Engine erreicht.

Error: (11/29/2014 05:03:47 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "HP Software Framework Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (11/29/2014 05:03:46 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Presentation Foundation-Schriftartcache 3.0.0.0" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.

Error: (11/29/2014 05:03:46 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (11/29/2014 05:03:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "HP Wireless Assistant Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (11/29/2014 05:03:46 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "HP Support Assistant Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.


Microsoft Office Sessions:
=========================

M-K-D-B · 30.11.2014, 13:19

Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

start
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2041310051-869951282-1756680703-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2041310051-869951282-1756680703-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
SearchScopes: HKU\S-1-5-21-2041310051-869951282-1756680703-1001 -> {0EBD028D-67EE-4B28-B385-2CA85B3D7C91} URL = hxxp://at.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2041310051-869951282-1756680703-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {0EBD028D-67EE-4B28-B385-2CA85B3D7C91} URL = hxxp://at.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
CHR Extension: (Movie2kDownloader) - C:\Users\slati\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blaofbhgbmeikidhlkmjhbkbfohpgekf [2013-04-07]
CHR Extension: (No Name) - C:\Users\slati\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dcmagccbogebndpoodhhhafmofelpffh [2012-08-04]
CHR Extension: (No Name) - C:\Users\slati\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eooncjejnppfjjklapaamhcdmjbilmde [2013-02-20]
CHR Extension: (BrowserProtect) - C:\Users\slati\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pgafcinpmmpklohkojmllohdhomoefph [2013-02-20]
CHR Extension: (Movie2kDownloader 2) - C:\Users\slati\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blaofbhgbmeikidhlkmjhbkbfohpgekf [2013-04-29]
CHR Extension: (RewardsArcade) - C:\Users\slati\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\dcmagccbogebndpoodhhhafmofelpffh [2013-04-29]
CHR Extension: (Delta Toolbar) - C:\Users\slati\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\eooncjejnppfjjklapaamhcdmjbilmde [2013-04-29]
CHR Extension: (Notificatoin) - C:\Users\slati\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\hmhfbmpdiffkamakhdbcgojfnbnlcenm [2013-12-24]
Task: {40EA8E46-8B57-4F87-8C39-27738C165566} - System32\Tasks\SuperEasyDriverUpdater_UPDATES => C:\Program Files (x86)\SuperEasy Software\Driver Updater\supereasydu.exe [2013-11-01] (SuperEasy Software)
Task: C:\Windows\Tasks\SuperEasyDriverUpdater_UPDATES.job => C:\Program Files (x86)\SuperEasy Software\Driver Updater\supereasydu.exe
C:\Program Files (x86)\SuperEasy Software
C:\Users\slati\UpdateTitle.exe
DeleteJunctionsIndirectory: C:\Windows\system64
EmptyTemp:
end

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Schritt 2
Lade dir die passende Version von SystemLook vom folgenden Spiegel herunter und speichere das Tool auf dem Desktop:
SystemLook (32 bit) | SystemLook (64 bit)

Doppelklicke auf die SystemLook.exe, um das Tool zu starten.

Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:

Code:

ATTFilter

:filefind
*SuperEasy Software*

:folderfind
*SuperEasy Software*

:regfind
YTD Toolbar
Spigot
Notificatoin
SuperEasy Software
Delta Toolbar
BrowserProtect
Movie2kDownloader

Klicke nun auf den Button Look, um den Scan zu starten.
Der Suchlauf kann einige Zeit dauern.
Wenn der Suchlauf beendet ist, wird sich dein Editor mit den Ergebnissen öffnen, poste diese in deinen Thread.
Die Ergebnisse werden auch auf dem Desktop als SystemLook.txt gespeichert.

Schritt 3

Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
Poste mir beide Logdateien mit deiner nächsten Antwort.

Bitte poste mit deiner nächsten Antwort

die Logdatei des FRST-Fix,
die Logdatei von SystemLook,
die beiden neuen Logdateien von FRST.

slatini · 30.11.2014, 18:44

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-11-2014 01
Ran by slati at 2014-11-30 15:45:37 Run:1
Running from C:\Users\slati\Desktop
Loaded Profiles: slati &  (Available profiles: slati)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2041310051-869951282-1756680703-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2041310051-869951282-1756680703-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
SearchScopes: HKU\S-1-5-21-2041310051-869951282-1756680703-1001 -> {0EBD028D-67EE-4B28-B385-2CA85B3D7C91} URL = hxxp://at.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2041310051-869951282-1756680703-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {0EBD028D-67EE-4B28-B385-2CA85B3D7C91} URL = hxxp://at.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
CHR Extension: (Movie2kDownloader) - C:\Users\slati\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blaofbhgbmeikidhlkmjhbkbfohpgekf [2013-04-07]
CHR Extension: (No Name) - C:\Users\slati\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dcmagccbogebndpoodhhhafmofelpffh [2012-08-04]
CHR Extension: (No Name) - C:\Users\slati\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eooncjejnppfjjklapaamhcdmjbilmde [2013-02-20]
CHR Extension: (BrowserProtect) - C:\Users\slati\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pgafcinpmmpklohkojmllohdhomoefph [2013-02-20]
CHR Extension: (Movie2kDownloader 2) - C:\Users\slati\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blaofbhgbmeikidhlkmjhbkbfohpgekf [2013-04-29]
CHR Extension: (RewardsArcade) - C:\Users\slati\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\dcmagccbogebndpoodhhhafmofelpffh [2013-04-29]
CHR Extension: (Delta Toolbar) - C:\Users\slati\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\eooncjejnppfjjklapaamhcdmjbilmde [2013-04-29]
CHR Extension: (Notificatoin) - C:\Users\slati\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\hmhfbmpdiffkamakhdbcgojfnbnlcenm [2013-12-24]
Task: {40EA8E46-8B57-4F87-8C39-27738C165566} - System32\Tasks\SuperEasyDriverUpdater_UPDATES => C:\Program Files (x86)\SuperEasy Software\Driver Updater\supereasydu.exe [2013-11-01] (SuperEasy Software)
Task: C:\Windows\Tasks\SuperEasyDriverUpdater_UPDATES.job => C:\Program Files (x86)\SuperEasy Software\Driver Updater\supereasydu.exe
C:\Program Files (x86)\SuperEasy Software
C:\Users\slati\UpdateTitle.exe
DeleteJunctionsIndirectory: C:\Windows\system64
EmptyTemp:
end
         
*****************

Processes closed successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-2041310051-869951282-1756680703-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-2041310051-869951282-1756680703-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
"HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => Key not found.
"HKU\S-1-5-21-2041310051-869951282-1756680703-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0EBD028D-67EE-4B28-B385-2CA85B3D7C91}" => Key deleted successfully.
"HKCR\CLSID\{0EBD028D-67EE-4B28-B385-2CA85B3D7C91}" => Key not found.
"HKU\S-1-5-21-2041310051-869951282-1756680703-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0EBD028D-67EE-4B28-B385-2CA85B3D7C91}" => Key deleted successfully.
"HKCR\CLSID\{0EBD028D-67EE-4B28-B385-2CA85B3D7C91}" => Key not found.
C:\Users\slati\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blaofbhgbmeikidhlkmjhbkbfohpgekf => Moved successfully.
C:\Users\slati\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dcmagccbogebndpoodhhhafmofelpffh => Moved successfully.
C:\Users\slati\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eooncjejnppfjjklapaamhcdmjbilmde => Moved successfully.
C:\Users\slati\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pgafcinpmmpklohkojmllohdhomoefph => Moved successfully.
C:\Users\slati\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blaofbhgbmeikidhlkmjhbkbfohpgekf => Moved successfully.
C:\Users\slati\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\dcmagccbogebndpoodhhhafmofelpffh => Moved successfully.
C:\Users\slati\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\eooncjejnppfjjklapaamhcdmjbilmde => Moved successfully.
C:\Users\slati\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\hmhfbmpdiffkamakhdbcgojfnbnlcenm => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{40EA8E46-8B57-4F87-8C39-27738C165566}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{40EA8E46-8B57-4F87-8C39-27738C165566}" => Key deleted successfully.
C:\Windows\System32\Tasks\SuperEasyDriverUpdater_UPDATES => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SuperEasyDriverUpdater_UPDATES" => Key deleted successfully.
C:\Windows\Tasks\SuperEasyDriverUpdater_UPDATES.job => Moved successfully.
C:\Program Files (x86)\SuperEasy Software => Moved successfully.
C:\Users\slati\UpdateTitle.exe => Moved successfully.
"C:\Windows\system64" => Deleting reparse point and unlocking started.
"C:\Windows\system64" => Deleting reparse point and unlocking done.
"C:\Windows\system64" => Deleting reparse point and unlocking completed.
EmptyTemp: => Removed 206 MB temporary data.


The system needed a reboot. 

==== End of Fixlog ====

Code:

ATTFilter

[SystemLook 30.07.11 by jpshortstuff
Log created at 18:08 on 30/11/2014 by slati
Administrator - Elevation successful

========== filefind ==========

Searching for "*SuperEasy Software*"
No files found.

========== folderfind ==========

Searching for "*SuperEasy Software*"
C:\FRST\Quarantine\C\Program Files (x86)\SuperEasy Software	d------	[07:17 11/09/2014]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SuperEasy Software	d------	[07:17 11/09/2014]
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\SuperEasy Software	d------	[07:17 11/09/2014]
C:\Users\slati\AppData\Roaming\SuperEasy Software	d------	[07:17 11/09/2014]

========== regfind ==========

Searching for "YTD Toolbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\E1340C7B678375742B186D533F74F3CC]
"ProductName"="YTD Toolbar v9.9"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\YTD Toolbar\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\YTD Toolbar\IE\9.9\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\YTD Toolbar\IE\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\YTD Toolbar\Res\Lang\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\YTD Toolbar\Res\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1039F8C12A30A304D910F4156F6CB9D6]
"E1340C7B678375742B186D533F74F3CC"="C:\Program Files (x86)\YTD Toolbar\IE\9.9\ytdToolbarIE.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23B4B261A2ECC1943BE70631F436E48A]
"E1340C7B678375742B186D533F74F3CC"="C:\Program Files (x86)\YTD Toolbar\Res\Lang\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\38FE02D4E14502B43B7E7F7DAEA50FF6]
"E1340C7B678375742B186D533F74F3CC"="C:\Program Files (x86)\YTD Toolbar\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\854D7616DD752AA439F2BD7B7AA4E253]
"E1340C7B678375742B186D533F74F3CC"="C:\Program Files (x86)\YTD Toolbar\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B5BB8027A57AF3E499094F178F81F04C]
"E1340C7B678375742B186D533F74F3CC"="C:\Program Files (x86)\YTD Toolbar\WidgiHelper.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CD1B33C4DAE26564DBAE2830EF3B9014]
"E1340C7B678375742B186D533F74F3CC"="C:\Program Files (x86)\YTD Toolbar\Res\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\E1340C7B678375742B186D533F74F3CC\InstallProperties]
"DisplayName"="YTD Toolbar v9.9"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\E1340C7B678375742B186D533F74F3CC\InstallProperties]
"InstallLocation"="C:\Program Files (x86)\YTD Toolbar\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"RestoreStatusDescription"="Removed YTD Toolbar v9.9."
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B7C0431E-3876-4757-B281-D635F3473FCC}]
"DisplayName"="YTD Toolbar v9.9"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B7C0431E-3876-4757-B281-D635F3473FCC}]
"InstallLocation"="C:\Program Files (x86)\YTD Toolbar\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\YTD]
"installDir"="C:\Program Files (x86)\YTD Toolbar\"

Searching for "Spigot"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SearchSettings]
"command"=""C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Common Files\Spigot\Search Settings\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Common Files\Spigot\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Common Files\Spigot\Search Settings\Lang\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F3157AA407841454BB0C9BE8D1982BC9]
"E1340C7B678375742B186D533F74F3CC"="C:\Program Files (x86)\Common Files\Spigot\Search Settings\Lang\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\E1340C7B678375742B186D533F74F3CC\InstallProperties]
"Publisher"="Spigot, Inc."
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B7C0431E-3876-4757-B281-D635F3473FCC}]
"Publisher"="Spigot, Inc."

Searching for "Notificatoin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\{A88DE8D3-9C38-4F0D-8981-A4C17F7677A1}]
@="C:\Program Files (x86)\Notificatoin"

Searching for "SuperEasy Software"
[HKEY_CURRENT_USER\Software\SuperEasy Software]
[HKEY_CURRENT_USER\Software\SuperEasy Software\Driver Updater]
"InstalledPath"="C:\Program Files (x86)\SuperEasy Software\Driver Updater"
[HKEY_CURRENT_USER\Software\SuperEasy Software\Driver Updater]
"Download Path"="C:\Users\slati\AppData\Roaming\SuperEasy Software\Driver Updater\Download\"
[HKEY_CURRENT_USER\Software\SuperEasy Software\Driver Updater]
"Backup Path"="C:\Users\slati\AppData\Roaming\SuperEasy Software\Driver Updater\Backup\"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\SuperEasy Software\Driver Updater\supereasydu.exe"="SuperEasy Driver Updater"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{039BC111-D60F-A6FF-85F4-7992EA886B8D}_is1]
"Inno Setup: App Path"="C:\Program Files (x86)\SuperEasy Software\Driver Updater"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{039BC111-D60F-A6FF-85F4-7992EA886B8D}_is1]
"InstallLocation"="C:\Program Files (x86)\SuperEasy Software\Driver Updater\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{039BC111-D60F-A6FF-85F4-7992EA886B8D}_is1]
"Inno Setup: Icon Group"="SuperEasy Software\Driver Updater"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{039BC111-D60F-A6FF-85F4-7992EA886B8D}_is1]
"DisplayIcon"="C:\Program Files (x86)\SuperEasy Software\Driver Updater\supereasydu.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{039BC111-D60F-A6FF-85F4-7992EA886B8D}_is1]
"UninstallString"=""C:\Program Files (x86)\SuperEasy Software\Driver Updater\unins000.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{039BC111-D60F-A6FF-85F4-7992EA886B8D}_is1]
"QuietUninstallString"=""C:\Program Files (x86)\SuperEasy Software\Driver Updater\unins000.exe" /SILENT"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{039BC111-D60F-A6FF-85F4-7992EA886B8D}_is1]
"Publisher"="SuperEasy Software GmbH & Co. KG"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SuperEasy Software]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SuperEasy Software\Driver Updater]
"AppDir"="C:\Program Files (x86)\SuperEasy Software\Driver Updater"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SuperEasy Software\Driver Updater]
"InstalledPath"="C:\Program Files (x86)\SuperEasy Software\Driver Updater"
[HKEY_USERS\S-1-5-21-2041310051-869951282-1756680703-1001\Software\SuperEasy Software]
[HKEY_USERS\S-1-5-21-2041310051-869951282-1756680703-1001\Software\SuperEasy Software\Driver Updater]
"InstalledPath"="C:\Program Files (x86)\SuperEasy Software\Driver Updater"
[HKEY_USERS\S-1-5-21-2041310051-869951282-1756680703-1001\Software\SuperEasy Software\Driver Updater]
"Download Path"="C:\Users\slati\AppData\Roaming\SuperEasy Software\Driver Updater\Download\"
[HKEY_USERS\S-1-5-21-2041310051-869951282-1756680703-1001\Software\SuperEasy Software\Driver Updater]
"Backup Path"="C:\Users\slati\AppData\Roaming\SuperEasy Software\Driver Updater\Backup\"
[HKEY_USERS\S-1-5-21-2041310051-869951282-1756680703-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\SuperEasy Software\Driver Updater\supereasydu.exe"="SuperEasy Driver Updater"
[HKEY_USERS\S-1-5-21-2041310051-869951282-1756680703-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\SuperEasy Software\Driver Updater\supereasydu.exe"="SuperEasy Driver Updater"

Searching for "Delta Toolbar"
No data found.

Searching for "BrowserProtect"
No data found.

Searching for "Movie2kDownloader"
No data found.

Searching for "         "
[HKEY_LOCAL_MACHINE\HARDWARE\DEVICEMAP\Scsi\Scsi Port 0\Scsi Bus 0\Target Id 0\Logical Unit Id 0]
"Identifier"="SAMSUNG HM321HI         2AJ1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\System Properties]
"productname"="HP 635 Notebook PC              "
[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\SystemProperties]
"productname"="HP 635 Notebook PC              "
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{FB4DF37C-8E7A-49C8-9830-312C4084C6C5}]
"RatingsInfo"="<Ratings xmlns="urn:schemas-microsoft-com:GameDescription.v1">
            <Rating ratingSystemID="{36798944-B235-48ac-BF21-E25671F597EE}" ratingID="{464299D0-6D57-47e8-AA53-A849CBEA12CB}"/>
            <Rating ratingSystemID="{C705DCF4-6AFE-4f4f-BC51-21807E4E5CFB}" ratingID="{9236ED52-B5FE-4227-8EB3-353C0BDABECF}"/>
        </Ratings>"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell]
"ConfigXML"="             <PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="1" XmlRenderingType="text" >                 <InitializationParameters>                     <Param Name="PSVersion" Value="2.0"/>                 </InitializationParameters>                 <Resources>                     <Resource ResourceUri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" SupportsOptions="true" ExactMatch="true">                         <Security xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Uri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" ExactMatch="true" Sddl="O:NSG:BAD:P(A;;GA;;;BA)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)"/>                         <Capability Type="Shell"/>                     </Resource>                 </Res
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Hewlett-Packard\System Properties]
"productname"="HP 635 Notebook PC              "
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Hewlett-Packard\SystemProperties]
"productname"="HP 635 Notebook PC              "
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell32]
"ConfigXML"="<PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell32" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="1" XmlRenderingType="text" Architecture="32" >                         <InitializationParameters>                             <Param Name="PSVersion" Value="2.0"/>                         </InitializationParameters>                         <Resources>                             <Resource ResourceUri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell32" SupportsOptions="true" ExactMatch="true">                                 <Security xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Uri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell32" ExactMatch="true" Sddl="O:NSG:BAD:P(A;;GA;;;BA)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)"/>                                
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Live\Common]
"PCModel"="HP 635 Notebook PC              "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_&REV_#10100719002000&0#]
"DeviceDesc"="                "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_&REV_8.07#E8699FA3&0#]
"DeviceDesc"="                "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_APPLE&PROD_IPOD&REV_1.62#000A27001BFAE61B&0#]
"DeviceDesc"="iPod            "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_LGE&PROD_U2&REV_0000#0CAC0006000000010A3EB43B0801E014&0#]
"DeviceDesc"="U2              "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_LGE&PROD_U2&REV_0000#0D06000600000001014FC42B0901F019&0#]
"DeviceDesc"="U2              "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_LGE&PROD_U2&REV_0000#3DF00006000000010913E9AD1400801D&0#]
"DeviceDesc"="U2              "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_SAMSUNG&PROD_SDCARD&REV_0064#6&23E233B2&0&0_&0#]
"DeviceDesc"="sdcard          "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_&REV_#10100719002000&0#]
"DeviceDesc"="                "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_&REV_8.07#E8699FA3&0#]
"DeviceDesc"="                "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_APPLE&PROD_IPOD&REV_1.62#000A27001BFAE61B&0#]
"DeviceDesc"="iPod            "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_LGE&PROD_U2&REV_0000#0CAC0006000000010A3EB43B0801E014&0#]
"DeviceDesc"="U2              "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_LGE&PROD_U2&REV_0000#0D06000600000001014FC42B0901F019&0#]
"DeviceDesc"="U2              "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_LGE&PROD_U2&REV_0000#3DF00006000000010913E9AD1400801D&0#]
"DeviceDesc"="U2              "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_SAMSUNG&PROD_SDCARD&REV_0064#6&23E233B2&0&0_&0#]
"DeviceDesc"="sdcard          "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_&REV_#10100719002000&0#]
"DeviceDesc"="                "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_&REV_8.07#E8699FA3&0#]
"DeviceDesc"="                "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_APPLE&PROD_IPOD&REV_1.62#000A27001BFAE61B&0#]
"DeviceDesc"="iPod            "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_LGE&PROD_U2&REV_0000#0CAC0006000000010A3EB43B0801E014&0#]
"DeviceDesc"="U2              "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_LGE&PROD_U2&REV_0000#0D06000600000001014FC42B0901F019&0#]
"DeviceDesc"="U2              "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_LGE&PROD_U2&REV_0000#3DF00006000000010913E9AD1400801D&0#]
"DeviceDesc"="U2              "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_SAMSUNG&PROD_SDCARD&REV_0064#6&23E233B2&0&0_&0#]
"DeviceDesc"="sdcard          "

-= EOF =-/CODE]

[CODEScan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-11-2014
Ran by slati (administrator) on SLATI-HP on 30-11-2014 18:36:41
Running from C:\Users\slati\Desktop
Loaded Profile: slati (Available profiles: slati)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Advanced Micro Devices) C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Avira) C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_15_0_0_239_ActiveX.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [799904 2011-10-13] (Atheros Commnucations)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7634288 2014-06-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1386712 2014-06-12] (Realtek Semiconductor)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-03-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-11-18] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3835728 2014-11-03] (LogMeIn Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-11-11] (Hewlett-Packard)
HKU\S-1-5-21-2041310051-869951282-1756680703-1001\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2041310051-869951282-1756680703-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2041310051-869951282-1756680703-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\S-1-5-21-2041310051-869951282-1756680703-1001 -> DefaultScope {E1D1361D-DD03-411E-98A2-80B97E99B54B} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2041310051-869951282-1756680703-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2041310051-869951282-1756680703-1001 -> {E1D1361D-DD03-411E-98A2-80B97E99B54B} URL = https://www.google.com/search?q={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-2041310051-869951282-1756680703-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpIdfPlugin.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\11\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2041310051-869951282-1756680703-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\slati\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

Chrome: 
=======
CHR Profile: C:\Users\slati\AppData\Local\Google\Chrome\User Data\Default
CHR Profile: C:\Users\slati\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Theme Creator) - C:\Users\slati\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\akpelnjfckgfiplcikojhomllgombffc [2013-04-28]
CHR Extension: (Please enter your password) - C:\Users\slati\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn [2013-04-28]
CHR Extension: (YouTube) - C:\Users\slati\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-04-28]
CHR Extension: (Maze Manor Free) - C:\Users\slati\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ddmlblgpnpnnpmoegdiadppoehapkkej [2013-04-28]
CHR Extension: (Schoener Fernsehen) - C:\Users\slati\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\efeockcajocplcngjmdkajcgipgmjjih [2013-04-28]
CHR Extension: (PicMonkey) - C:\Users\slati\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fgdgokchhicmaiacmgegjnppjkgogdhm [2013-04-28]
CHR Extension: (Stupeflix Video Maker) - C:\Users\slati\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fkdmcfnoimoilncpjchamnenebopocem [2013-04-28]
CHR Extension: (Facebook for Chrome) - C:\Users\slati\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gdalhedleemkkdjddjgfjmcnbpejpapp [2013-04-28]
CHR Extension: (iPiccy Photo Editor) - C:\Users\slati\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\imokeandodnlammaoenbgcnbhigjbpjh [2013-04-28]
CHR Extension: (Little Alchemy) - C:\Users\slati\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd [2013-04-28]
CHR Extension: (Webcam Toy) - C:\Users\slati\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lfbgimoladefibpklnfmkpknadbklade [2013-04-28]
CHR Extension: (Skype Click to Call) - C:\Users\slati\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2012-08-04]
CHR Extension: (AudioSauna) - C:\Users\slati\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lkgfemnodkdnenmfkblebnkjpckkjcae [2013-04-28]
CHR Extension: (The Fancy Pants Adventure: World 2) - C:\Users\slati\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\loamdenijebhollnjgehcfbnpeelfhlk [2013-04-28]
CHR Extension: (Boomerang for Gmail) - C:\Users\slati\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mdanidgdpmkimeiiojknlnekblgmpdll [2013-04-28]
CHR Extension: (Google Mail Checker) - C:\Users\slati\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2013-04-28]
CHR Extension: (Favorite Doodle) - C:\Users\slati\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nedjejdfkkjgebciefdfofjhmeogiaga [2013-04-28]
CHR Extension: (Google Chrome to Phone Extension) - C:\Users\slati\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\oadboiipflhobonjjffjbfekfjcgkhco [2013-04-28]
CHR Extension: (Akinator Web Genius) - C:\Users\slati\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\phjbcelanfbmkoghofajgepjabdbgncf [2013-04-28]
CHR Extension: (Gmail) - C:\Users\slati\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-04-28]
CHR Extension: (Learn Spanish - Qué Onda Spanish) - C:\Users\slati\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pmcdjmebmeoobmdghjbjhbifoocbcmaj [2013-04-28]
CHR Profile: C:\Users\slati\AppData\Local\Google\Chrome\User Data\Profile 2
CHR Extension: (Google Präsentationen) - C:\Users\slati\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-29]
CHR Extension: (Docs) - C:\Users\slati\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2013-04-29]
CHR Extension: (Google Drive) - C:\Users\slati\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-04-29]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\slati\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-29]
CHR Extension: (YouTube) - C:\Users\slati\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-04-29]
CHR Extension: (Google-Suche) - C:\Users\slati\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-04-29]
CHR Extension: (Skype Click to Call) - C:\Users\slati\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-04-29]
CHR Extension: (Google Wallet) - C:\Users\slati\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-06]
CHR Extension: (Google Mail) - C:\Users\slati\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-04-29]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [354304 2011-03-04] (Advanced Micro Devices, Inc.) [File not signed]
R2 AMD Reservation Manager; C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [194496 2010-06-17] (Advanced Micro Devices)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [804144 2014-11-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2014-11-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2014-11-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [993584 2014-11-18] (Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [105120 2011-10-13] (Atheros Commnucations) [File not signed]
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [182304 2014-11-21] (EasyAntiCheat Ltd)
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-04-24] (WildTangent)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [93184 2014-08-21] (Hewlett-Packard Company) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [46904 2013-12-17] (Hewlett-Packard Company)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [1817088 2010-12-28] (Realsil Microelectronics Inc.) [File not signed]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2014-10-21] (LogMeIn, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1127448 2011-02-01] (PDF Complete Inc)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor)
S2 XobniService; C:\Program Files (x86)\Xobni\XobniService.exe [62184 2011-02-25] (Xobni Corporation)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [158880 2011-10-13] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag64.sys [29184 2014-03-28] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem64.sys [36352 2014-03-28] (LG Electronics Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-01] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-01] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-30] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)
S3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [848384 2011-02-11] (Realtek Semiconductor Corporation                           )
S3 ss_bserd; C:\Windows\System32\DRIVERS\ss_bserd.sys [128000 2009-09-19] (MCCI Corporation)
S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2013-04-24] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [28160 2013-04-24] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [34816 2013-04-24] (LG Electronics Inc.)
S3 andnetndis; system32\DRIVERS\lgandnetndis64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EasyAntiCheatSys; \??\C:\Windows\system32\EasyAntiCheat.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-30 18:36 - 2014-11-30 18:37 - 00022658 _____ () C:\Users\slati\Desktop\FRST.txt
2014-11-30 18:36 - 2014-11-30 18:36 - 00000000 ____D () C:\Users\slati\Desktop\FRST-OlderVersion
2014-11-30 18:08 - 2014-11-30 18:19 - 00032784 _____ () C:\Users\slati\Desktop\SystemLook.txt
2014-11-30 18:05 - 2014-11-30 18:05 - 00165376 _____ () C:\Users\slati\Desktop\SystemLook_x64.exe
2014-11-29 19:55 - 2014-11-29 20:00 - 00002669 _____ () C:\zoek-results.log
2014-11-29 19:39 - 2014-11-29 19:39 - 00011752 _____ () C:\mbam2.txt
2014-11-29 19:38 - 2014-11-29 19:38 - 00002798 _____ () C:\mbam.txt
2014-11-29 17:50 - 2014-11-30 18:21 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-29 17:50 - 2014-11-29 17:50 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-11-29 17:50 - 2014-11-29 17:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-11-29 17:50 - 2014-11-29 17:50 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-29 17:50 - 2014-11-29 17:50 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-11-29 17:50 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-29 17:50 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-29 17:50 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-29 17:42 - 2014-11-29 17:42 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\slati\Desktop\mbam-setup-2.0.3.1025.exe
2014-11-29 17:27 - 2014-11-29 17:27 - 00000000 ____D () C:\zoek_backup
2014-11-29 16:51 - 2014-11-29 17:03 - 00000000 ____D () C:\AdwCleaner
2014-11-29 16:49 - 2014-11-29 16:49 - 02148864 _____ () C:\Users\slati\Desktop\AdwCleaner_4.102.exe
2014-11-29 01:35 - 2014-11-29 01:35 - 00029111 _____ () C:\ComboFix.txt
2014-11-29 01:25 - 2014-11-29 01:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-11-29 01:25 - 2014-11-29 01:25 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-11-29 01:04 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-11-29 01:04 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-11-29 01:04 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-11-29 01:04 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-11-29 01:04 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-11-29 01:04 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-11-29 01:04 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-11-29 01:04 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-11-29 00:52 - 2014-11-29 01:35 - 00000000 ____D () C:\Qoobox
2014-11-29 00:51 - 2014-11-29 01:31 - 00000000 ____D () C:\Windows\erdnt
2014-11-29 00:42 - 2014-11-29 00:42 - 05599228 ____R (Swearware) C:\Users\slati\Desktop\ComboFix.exe
2014-11-28 15:39 - 2014-11-28 15:39 - 00018356 _____ () C:\Users\slati\Documents\erste aufname.lsproj
2014-11-28 15:04 - 2014-11-21 18:35 - 00182304 _____ (EasyAntiCheat Ltd) C:\Windows\SysWOW64\EasyAntiCheat.exe
2014-11-28 00:52 - 2014-11-30 18:36 - 02117120 _____ (Farbar) C:\Users\slati\Desktop\FRST64.exe
2014-11-26 13:05 - 2014-11-26 13:05 - 04443312 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-11-26 00:51 - 2014-11-30 18:36 - 00000000 ____D () C:\FRST
2014-11-24 11:32 - 2014-11-24 11:32 - 00000000 ____D () C:\Users\slati\Documents\Neuer Ordner (3)
2014-11-23 15:16 - 2014-11-23 15:16 - 00000000 ____D () C:\Users\slati\Documents\LoiLo
2014-11-23 15:13 - 2014-11-23 15:14 - 00000000 ____D () C:\Users\slati\AppData\Local\LoiLo
2014-11-23 15:13 - 2014-11-23 15:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LoiLoScope 2
2014-11-23 15:13 - 2014-11-23 15:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LoiLo Game Recorder
2014-11-23 15:13 - 2014-11-23 15:13 - 00000000 ____D () C:\Program Files\LoiLo
2014-11-23 15:12 - 2014-11-23 15:12 - 00000000 ____D () C:\Program Files (x86)\LoiLo
2014-11-23 15:06 - 2014-11-23 15:09 - 74612920 _____ (LoiLo inc. ) C:\Users\slati\Downloads\LoiLoGameRecorder1.1.0.0.exe
2014-11-22 19:13 - 2014-11-25 01:28 - 00032870 _____ () C:\Users\slati\Documents\Ereignisse.txt
2014-11-21 17:16 - 2014-11-21 17:16 - 00001283 _____ () C:\Users\slati\Desktop\Landwirtschafts Simulator 2011  Platin-Edition.lnk
2014-11-21 17:16 - 2014-11-21 17:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Landwirtschafts Simulator 2011
2014-11-21 17:14 - 2014-11-21 17:16 - 00000000 ____D () C:\Program Files (x86)\Landwirtschafts Simulator 2011
2014-11-18 22:09 - 2014-11-29 20:26 - 00021778 _____ () C:\Windows\PFRO.log
2014-11-18 20:32 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-18 20:32 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-18 20:32 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-18 20:32 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-15 00:57 - 2014-11-15 00:54 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-11-15 00:57 - 2014-11-15 00:54 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-11-15 00:57 - 2014-11-15 00:54 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-11-14 08:23 - 2014-11-30 16:46 - 00001792 _____ () C:\Windows\setupact.log
2014-11-14 08:23 - 2014-11-14 08:23 - 00000000 _____ () C:\Windows\setuperr.log
2014-11-13 12:37 - 2014-11-13 12:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2014-11-13 11:08 - 2014-11-13 11:08 - 00000000 ____D () C:\ProgramData\{65AB91D4-DDD0-48D4-804D-C24E1FC90D44}
2014-11-13 11:03 - 2014-11-13 11:04 - 37602760 _____ (Hewlett-Packard ) C:\Users\slati\Downloads\sp68201.exe
2014-11-12 12:27 - 2014-11-12 12:27 - 00003132 _____ () C:\Windows\System32\Tasks\{5225E1FC-9766-4764-8295-4CA1137F474E}
2014-11-12 12:26 - 2014-11-12 12:26 - 00003268 _____ () C:\Windows\System32\Tasks\{C68B1895-9181-4DDA-9FBD-C12AA809F0EC}
2014-11-12 12:24 - 2014-11-12 12:24 - 05073240 _____ (Microsoft Corporation) C:\Users\slati\Downloads\vcredist_x86.exe
2014-11-12 12:14 - 2014-11-12 12:14 - 00000000 __SHD () C:\Users\slati\AppData\Local\EmieBrowserModeList
2014-11-12 11:00 - 2014-11-07 20:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-12 11:00 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-12 11:00 - 2014-11-06 05:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-12 11:00 - 2014-11-06 05:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-12 11:00 - 2014-11-06 05:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-12 11:00 - 2014-11-06 04:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-12 11:00 - 2014-11-06 04:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-12 11:00 - 2014-11-06 04:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-12 11:00 - 2014-11-06 04:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-12 11:00 - 2014-11-06 04:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-12 11:00 - 2014-11-06 04:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-12 11:00 - 2014-11-06 04:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-12 11:00 - 2014-11-06 04:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-12 11:00 - 2014-11-06 04:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-12 11:00 - 2014-11-06 04:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-12 11:00 - 2014-11-06 04:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-12 11:00 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-12 11:00 - 2014-11-06 04:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-12 11:00 - 2014-11-06 04:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-12 11:00 - 2014-11-06 04:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-12 11:00 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-12 11:00 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-12 11:00 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-12 11:00 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-12 11:00 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-12 11:00 - 2014-11-06 04:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-12 11:00 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-12 11:00 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-12 11:00 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-12 11:00 - 2014-11-06 04:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-12 11:00 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-12 11:00 - 2014-11-06 04:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-12 11:00 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-12 11:00 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-12 11:00 - 2014-11-06 03:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-12 11:00 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-12 11:00 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-12 11:00 - 2014-11-06 03:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-12 11:00 - 2014-11-06 03:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-12 11:00 - 2014-11-06 03:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-12 11:00 - 2014-11-06 03:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-12 11:00 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-12 11:00 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-12 11:00 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-12 11:00 - 2014-11-06 03:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-12 11:00 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-12 11:00 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-12 11:00 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-12 11:00 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-12 11:00 - 2014-11-06 03:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-12 11:00 - 2014-11-06 03:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-12 11:00 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-12 11:00 - 2014-11-06 02:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-12 11:00 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-12 11:00 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-12 11:00 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-12 11:00 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-12 11:00 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-12 11:00 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-12 11:00 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-12 11:00 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-12 11:00 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-12 11:00 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-12 11:00 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-12 11:00 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-12 10:58 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-12 10:58 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-12 10:58 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-12 10:58 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-12 10:58 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-12 10:58 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-12 10:58 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-12 10:58 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-12 10:58 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-12 10:58 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-12 10:58 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-12 10:58 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-12 10:58 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-12 10:58 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-12 10:58 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-12 10:58 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-12 10:58 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-12 10:58 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-12 10:58 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-12 10:58 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-12 10:58 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-12 10:58 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-12 10:58 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-12 10:58 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-12 10:58 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-12 10:58 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-12 10:58 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-12 10:58 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-12 10:58 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-12 10:57 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-12 10:57 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-12 10:57 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-12 10:57 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-10 10:55 - 2014-11-10 10:55 - 00003002 _____ () C:\Windows\System32\Tasks\{D1F1D4D9-8964-43C7-9E03-C3D5CEF06300}
2014-11-01 16:37 - 2014-11-01 16:37 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM
2014-11-01 16:36 - 2014-06-17 19:27 - 04001752 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2014-11-01 16:36 - 2014-06-17 16:08 - 01205934 _____ () C:\Windows\system32\Drivers\RTAIODAT.DAT
2014-11-01 16:36 - 2014-06-17 15:41 - 64228864 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat
2014-11-01 16:36 - 2014-06-17 13:32 - 01286872 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2014-11-01 16:36 - 2014-06-13 16:24 - 02804952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO64.dll
2014-11-01 16:36 - 2014-06-11 17:08 - 00949464 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2014-11-01 16:36 - 2014-06-11 11:44 - 01024728 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2014-11-01 16:36 - 2014-06-09 16:57 - 02860248 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2014-11-01 16:36 - 2014-05-09 11:17 - 00628952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2014-11-01 16:36 - 2014-03-06 16:35 - 01959128 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2014-11-01 16:36 - 2011-12-20 15:32 - 00331880 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2014-11-01 16:36 - 2011-11-22 16:28 - 00014952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
2014-11-01 16:36 - 2010-11-08 07:31 - 00375128 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2014-11-01 16:36 - 2010-11-08 07:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2014-11-01 16:36 - 2010-11-08 07:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2014-11-01 16:36 - 2010-11-08 07:31 - 00204120 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2014-11-01 16:36 - 2010-11-08 07:31 - 00101208 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2014-11-01 16:36 - 2010-11-08 07:31 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2014-11-01 16:36 - 2010-11-03 18:30 - 00149608 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2014-11-01 16:36 - 2009-11-24 09:55 - 00518896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
2014-11-01 16:36 - 2009-11-24 09:55 - 00155888 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll
2014-11-01 16:33 - 2014-06-09 13:52 - 01530048 _____ (Conexant Systems Inc.) C:\Windows\system32\CX64APO.dll
2014-11-01 16:33 - 2014-06-09 10:59 - 00560328 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2014-11-01 16:33 - 2013-10-11 12:47 - 00113576 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2014-11-01 16:33 - 2012-03-08 11:47 - 00108640 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
2014-11-01 16:25 - 2014-11-01 16:25 - 00000000 ____D () C:\Program Files (x86)\TOH Class Filter

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-30 18:05 - 2013-12-28 08:03 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-30 18:01 - 2011-10-27 16:58 - 00000000 ____D () C:\Users\slati\Documents\Outlook-Dateien
2014-11-30 17:51 - 2014-09-22 12:37 - 00000000 ____D () C:\Users\slati\AppData\Local\LogMeIn Hamachi
2014-11-30 17:48 - 2011-11-25 20:13 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-30 17:48 - 2011-11-25 20:13 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-30 16:55 - 2009-07-14 05:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-30 16:55 - 2009-07-14 05:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-30 16:51 - 2011-07-19 07:25 - 01890850 _____ () C:\Windows\WindowsUpdate.log
2014-11-30 16:47 - 2011-05-10 08:45 - 00000000 ____D () C:\ProgramData\PDFC
2014-11-30 16:46 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-30 16:10 - 2014-09-14 12:45 - 00000332 _____ () C:\Windows\Tasks\HPCeeScheduleForslati.job
2014-11-30 15:47 - 2011-10-25 16:14 - 00000000 ____D () C:\Users\slati
2014-11-30 15:42 - 2011-10-25 17:32 - 00001138 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2041310051-869951282-1756680703-1001UA.job
2014-11-30 15:36 - 2013-01-19 16:51 - 00003930 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{B128F017-193C-4074-A4D7-E361C7E9F4F0}
2014-11-30 05:56 - 2014-09-14 12:45 - 00003186 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForslati
2014-11-30 05:56 - 2011-11-10 12:13 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-11-30 05:56 - 2011-10-27 14:12 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-11-30 03:42 - 2011-10-25 17:32 - 00001116 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2041310051-869951282-1756680703-1001Core.job
2014-11-29 21:09 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-11-29 18:40 - 2012-01-06 00:05 - 00000000 ____D () C:\Users\slati\AppData\Local\Apps\2.0
2014-11-29 01:25 - 2014-10-30 14:48 - 00000926 _____ () C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
2014-11-29 01:25 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-11-29 01:06 - 2011-10-25 20:08 - 00000000 ____D () C:\Users\slati\AppData\Roaming\Azureus
2014-11-28 15:13 - 2014-02-05 18:19 - 00000000 ____D () C:\Users\slati\AppData\Roaming\TS3Client
2014-11-28 14:59 - 2014-08-26 15:15 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-11-26 13:05 - 2013-12-28 08:03 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-26 13:05 - 2012-10-19 00:17 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-26 13:05 - 2011-12-16 02:01 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-26 10:50 - 2011-11-30 10:58 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-11-26 10:50 - 2011-10-27 16:58 - 00000000 ____D () C:\Users\slati\AppData\Local\Xobni
2014-11-26 10:20 - 2013-02-04 11:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Buchstaben Schablonen 1.0
2014-11-25 00:42 - 2011-10-26 09:48 - 00000000 ____D () C:\Users\slati\AppData\Local\CrashDumps
2014-11-23 15:29 - 2014-02-05 18:29 - 00000000 ___RD () C:\Users\slati\Desktop\raffi's ordner
2014-11-23 15:11 - 2014-08-27 14:38 - 00000000 ____D () C:\Fraps
2014-11-23 15:11 - 2014-08-26 15:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2014-11-21 17:21 - 2011-11-02 13:37 - 00000000 ____D () C:\Users\slati\Documents\My Games
2014-11-21 17:18 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-11-18 07:45 - 2009-07-14 06:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-15 00:58 - 2013-10-23 02:17 - 00000000 ____D () C:\ProgramData\Oracle
2014-11-15 00:54 - 2013-11-26 15:31 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-11-15 00:54 - 2013-10-23 02:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-11-15 00:53 - 2013-07-04 11:16 - 00000000 ____D () C:\Program Files (x86)\Java
2014-11-15 00:43 - 2011-11-25 20:13 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-15 00:43 - 2011-11-25 20:13 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-13 13:51 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-11-13 12:16 - 2011-05-10 08:52 - 00000000 ____D () C:\Windows\System32\Tasks\Hewlett-Packard
2014-11-13 12:15 - 2011-05-10 08:42 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-11-13 11:21 - 2011-05-10 08:33 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2014-11-13 00:52 - 2011-10-26 11:18 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-12 11:55 - 2009-07-14 05:45 - 00413864 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-12 11:26 - 2013-07-16 02:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-12 11:09 - 2011-11-08 07:04 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-10 10:47 - 2014-08-18 07:41 - 00000000 ____D () C:\Users\slati\AppData\Local\Adobe
2014-11-08 13:22 - 2011-05-10 08:45 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2014-11-08 13:19 - 2011-02-10 20:23 - 00000000 ____D () C:\SWSetup
2014-11-04 14:30 - 2010-11-21 04:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-11-01 16:38 - 2011-07-19 07:31 - 00000000 ___HD () C:\Program Files (x86)\Temp
2014-11-01 16:28 - 2014-09-11 13:22 - 00000000 ____D () C:\drivertemp
2014-11-01 01:24 - 2011-10-26 13:02 - 00000000 ____D () C:\Users\slati\AppData\Roaming\Skype
2014-10-31 11:43 - 2013-03-05 16:48 - 00000000 ____D () C:\Games
2014-10-31 11:42 - 2013-03-05 16:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Tanks
2014-10-31 11:40 - 2011-11-16 19:53 - 00000000 ____D () C:\Program Files (x86)\YouTube Downloader
2014-10-31 11:34 - 2011-11-25 20:13 - 00000000 ____D () C:\Program Files (x86)\Google

Some content of TEMP:
====================
C:\Users\slati\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
]

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-11-2014
Ran by slati at 2014-11-30 18:38:47
Running from C:\Users\slati\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9130 - Adobe Systems Inc.)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
Antivirus Pro (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.342 - Avira)
Atheros Bluetooth Filter Driver Package (HKLM\...\{65486209-5C54-439C-8383-8AC9BBE25932}) (Version: 2.0.0.27 - Qualcomm Atheros)
Atheros Bluetooth Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.4.0.100 - Atheros)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.2 - Atheros)
ATI Catalyst Install Manager (HKLM\...\{E04A3037-2F82-C518-D6CA-A63497D3872F}) (Version: 3.0.808.0 - ATI Technologies, Inc.)
Avira System Speedup (HKLM-x32\...\AviraSpeedup) (Version: 1.3.1.9970 - Avira System Speedup)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Big Rig Europe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
ccc-core-static (x32 Version: 2011.0304.1135.20703 - Ihr Firmenname) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Crazy Chicken Kart 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.2.1.3726 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
Evernote v. 4.2.2 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.2.3979 - Evernote Corp.)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
Fishdom (x32 Version: 2.2.0.95 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.71 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Deskjet 3050 J610 series - Grundlegende Software für das Gerät (HKLM\...\{EF3293DE-FCAC-4742-91BF-AD0174143FC3}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Deskjet 3050 J610 series Hilfe (HKLM-x32\...\{F7632A9B-661E-4FD9-B1A4-3B86BC99847F}) (Version: 140.0.63.63 - Hewlett Packard)
HP Documentation (HKLM-x32\...\{2BF8B295-A214-42AC-B4EC-2AE15E08B0E7}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.4 - WildTangent)
HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Power Manager (HKLM-x32\...\{872B1C80-38EC-4A31-A25C-980820593900}) (Version: 1.2.3 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{53B17A98-5BF0-40BC-AAFF-850A357975AC}) (Version: 2.7.2 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{03046EBB-CB7C-4B98-BEFB-690EB955DA22}) (Version: 8.5.4526.3645 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{D2462056-BA75-4B2C-8267-DFEA2B6AC4AE}) (Version: 4.6.10.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{904822F1-6C7D-4B91-B936-6A1C0810544C}) (Version: 7.7.34.34 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{23CCE784-A812-4647-AEFF-1DCCD4E57478}) (Version: 11.50.0000 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
HP Wireless Assistant (HKLM\...\{9EA86AD9-FB32-4B9E-BD56-3068F9B8031F}) (Version: 4.0.10.0 - Hewlett-Packard)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Jewel Quest Solitaire (x32 Version: 2.2.0.95 - WildTangent) Hidden
Keyboard & Mouse Driver (HKLM-x32\...\InstallShield_{B910DD1A-49B1-4068-9C08-E3C3AEC0C30A}) (Version: 5.1 - Driver Builder)
Keyboard & Mouse Driver (x32 Version: 5.1 - Driver Builder) Hidden
kmspctv (HKU\S-1-5-21-2041310051-869951282-1756680703-1001\...\56735e9401cc6ddb) (Version: 1.0.0.2 - kmspctv)
Landwirtschafts Simulator 2011 (HKLM-x32\...\FarmingSimulator2011_PLATINUMDE_is1) (Version: 1.0 - GIANTS Software)
LG United Mobile Driver (HKLM-x32\...\{2A3A4BD6-6CE0-4e2a-80D2-1D0FF6ACBFBA}) (Version: 3.11.3.0 - LG Electronics)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.266 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.266 - LogMeIn, Inc.) Hidden
LoiLo Game Recorder (HKLM\...\{89E4163C-BD19-45A9-BCEB-980741786799}_is1) (Version: 1.1.0.0 - LoiLo inc.)
LoiLoScope 2 (HKLM-x32\...\{CAB75FFC-2377-4B95-A8FA-C9234B812A92}_is1) (Version: 2.5.3.2 - LoiLo inc)
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft_VC90_CRT_x86 (HKLM-x32\...\{DF2035BE-5820-4965-BD97-7FAF8D4A7879}) (Version: 1.0.0 - Microsoft Corporation)
MORE! 2 Grammar Practice (HKLM-x32\...\MoreGrammarPractice2.3409B17F0A9FD11E2FADD014AA775CBB274BFE20.1) (Version: V1.0 - Helbling Verlag GmbH)
MORE! 2 Grammar Practice (x32 Version: 1.0 - Helbling Verlag GmbH) Hidden
Mouse Driver (HKLM-x32\...\InstallShield_{55BFC356-5A7B-482F-A213-9ACFDDFF6037}) (Version: 5.1 - Driver Builder)
Mouse Driver (x32 Version: 5.1 - Driver Builder) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystery P.I. - The London Caper (x32 Version: 2.2.0.95 - WildTangent) Hidden
Namco All-Stars PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden
NVIDIA PhysX (HKLM-x32\...\{1C4551A6-4743-4093-91E4-1477CD655043}) (Version: 9.09.0203 - NVIDIA Corporation)
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.34 - PDF Complete, Inc)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.42.304.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7272 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7600.77 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 1.0.22 - Hewlett-Packard) Hidden
Robocraft (HKLM-x32\...\Steam App 301520) (Version:  - Freejam)
Schnapsen (HKLM-x32\...\ST4UNST #1) (Version:  - )
Shanghai: Great Moments version 2.0 (HKLM-x32\...\Shanghai: Great Moments) (Version:  - )
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.9.9216 - Skype Technologies S.A.)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Slingo Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Studie zur Verbesserung von HP Deskjet 3050 J610 series Produkten (HKLM\...\{7ABE6772-4A13-47F7-A09A-1D4CCB5981D9}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
SuperEasy Driver Updater v.1.1.1 (HKLM-x32\...\{039BC111-D60F-A6FF-85F4-7992EA886B8D}_is1) (Version: 1.1.1 - SuperEasy Software GmbH & Co. KG)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
TeamSpeak 3 Client (HKU\S-1-5-21-2041310051-869951282-1756680703-1001\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
Unturned (HKLM-x32\...\Steam App 304930) (Version:  - Nelson Sexton)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Virtual DJ Pro Full - Atomix Productions (HKLM-x32\...\Virtual DJ Pro Full - Atomix Productions) (Version:  - )
Virtual Villagers - The Secret City (x32 Version: 2.2.0.95 - WildTangent) Hidden
VLC media player 1.1.11 (HKLM-x32\...\VLC media player) (Version: 1.1.11 - VideoLAN)
Vuze (HKLM-x32\...\8461-7759-5462-8226) (Version: 4.7 - Vuze Inc.)
Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games App für HP (x32 Version: 4.0.11.9 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
WinRAR 4.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
WMV9/VC-1 Video Playback (Version: 1.00.0000 - ATI Technologies Inc.) Hidden
Xobni (HKLM-x32\...\XobniMain) (Version: 1.9.5.13209 - Xobni Corp.)
Xobni Core (x32 Version: 1.0.0 - Xobni, Inc.) Hidden
YTD Toolbar v9.9 (HKLM-x32\...\{B7C0431E-3876-4757-B281-D635F3473FCC}) (Version: 9.9 - Spigot, Inc.) <==== ATTENTION
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2041310051-869951282-1756680703-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\slati\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File

==================== Restore Points  =========================

21-11-2014 16:16:56 DirectX wurde installiert
25-11-2014 00:39:08 Removed YTD Toolbar v9.9.
25-11-2014 08:29:54 Windows Update
28-11-2014 21:03:51 Windows Update
29-11-2014 18:55:12 zoek.exe restore point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2014-11-29 01:21 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {124E33FD-2267-4F76-96E9-76D2899B0CB5} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-02-09] (CyberLink)
Task: {1B88277C-1D6C-4BF9-8D01-482341909A15} - System32\Tasks\AviraSpeedup => C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe [2014-10-02] (Avira)
Task: {4A37FC88-7DE2-471D-8C7A-C86820109C78} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-26] (Adobe Systems Incorporated)
Task: {57ACB57D-EB17-49D0-895D-F7FD2DD66833} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {5E3DC189-AFFC-4039-893C-DFE6DCDE46FA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-26] (Google Inc.)
Task: {64770B1A-4FF3-4FA7-AA68-B4537735FF4F} - System32\Tasks\{697A4168-5125-49D3-BCDA-DE6828BE7C8C} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.115/de/abandoninstall?page=tsProgressBar
Task: {68F5D154-A480-40C1-87BF-8C98C46D481D} - System32\Tasks\{19ED4A93-2FDF-44AC-B042-AD9B39135116} => C:\Users\slati\Downloads\Sprüche--und-Zitate-Lexikon\slx400.exe
Task: {75932DA9-A790-4FDA-AD08-E587CCB20C9A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-08-21] (Hewlett-Packard Company)
Task: {7B24E341-BD99-4D2A-B35C-95AA7DF1C9A4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-08-21] (Hewlett-Packard Company)
Task: {904F0C52-222C-4820-A9D2-7BACC7EE58C3} - System32\Tasks\HPCeeScheduleForslati => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {914E8D18-5153-4C33-8FE0-AF3F6CB9EE57} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2041310051-869951282-1756680703-1001UA => C:\Users\slati\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
Task: {97281B34-3720-491A-AAE9-C1B3204285D9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Ghost Resign Task => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\HPResignFileLoader.exe [2014-11-11] (Microsoft)
Task: {ACDEC3D6-F50F-477C-830C-1DAA712661D9} - System32\Tasks\{D1F1D4D9-8964-43C7-9E03-C3D5CEF06300} => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-08-21] (Hewlett-Packard Company)
Task: {DBEC0D97-0076-41D4-B7FC-7AD1B4F5D127} - System32\Tasks\{2BC744D4-802C-4288-9B7D-019052A112BD} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.115/de/abandoninstall?page=tsProgressBar
Task: {DC0B6C32-F81A-478B-A118-7F2366FED449} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2041310051-869951282-1756680703-1001Core => C:\Users\slati\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
Task: {DFFA0BC6-9270-4920-8600-AE1B34BB4711} - System32\Tasks\HPCustParticipation HP Deskjet 3050 J610 series => C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {E90EF638-C722-4AB2-BFA1-33FDDEB55802} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-26] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2041310051-869951282-1756680703-1001Core.job => C:\Users\slati\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2041310051-869951282-1756680703-1001UA.job => C:\Users\slati\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForslati.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2011-03-04 11:43 - 2011-03-04 11:43 - 00079872 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Services.dll
2011-03-04 11:44 - 2011-03-04 11:44 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2010-07-21 13:33 - 2010-07-21 13:33 - 00267832 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPCommon.XmlSerializers.dll
2011-12-12 12:12 - 2011-05-28 22:05 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll
2011-03-04 11:44 - 2011-03-04 11:44 - 00102912 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2011-03-11 14:32 - 2011-03-11 14:32 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2009-02-26 12:46 - 2009-02-26 12:46 - 00064344 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
2011-02-25 01:04 - 2011-02-25 01:04 - 00004608 _____ () C:\Program Files (x86)\Xobni\ManagedAggregator.dll
2011-02-25 01:08 - 2011-02-25 01:08 - 00062184 _____ () C:\Program Files (x86)\Xobni\XobniMainConnector.dll
2011-05-10 08:48 - 2011-05-10 08:48 - 00003072 _____ () C:\Windows\assembly\GAC_MSIL\Extensibility\7.0.3300.0__6298d2d1fcfb5d85\Extensibility.dll
2014-09-11 07:56 - 2014-09-11 07:56 - 01028608 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.In#\a9f2279a2e4e83d1a38cc86cf7225a2d\Microsoft.Office.Interop.Outlook.ni.dll
2011-02-25 01:08 - 2011-02-25 01:08 - 00045056 _____ () C:\Program Files (x86)\Xobni\XobniFailsafeUpdateChecker.dll
2014-10-17 15:01 - 2014-10-17 15:01 - 01120256 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\Xobni.XMapiAccessor\cc95e7f1f231c64b3e5ff35750168d25\Xobni.XMapiAccessor.ni.dll
2011-05-10 08:48 - 2011-05-10 08:48 - 00516096 _____ () C:\Windows\assembly\GAC_32\Xobni.XMapiAccessor\1.9.5.13209__6298d2d1fcfb5d85\Xobni.XMapiAccessor.dll
2011-02-15 18:32 - 2011-02-15 18:32 - 00904704 _____ () C:\Program Files (x86)\Xobni\System.Data.SQLite.dll
2014-09-11 07:56 - 2014-09-11 07:56 - 00506880 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\office\6a382239195d16a1828fd6a1a25eab59\office.ni.dll
2014-09-11 07:56 - 2014-09-11 07:56 - 00438272 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\LinqBridge\a83ddf9c7be78d1e84bf7ed3e8a26c2e\LinqBridge.ni.dll
2011-02-25 01:03 - 2011-02-25 01:03 - 00124416 _____ () C:\Program Files (x86)\Xobni\WindowDriver.dll
2013-07-10 17:07 - 2013-07-10 17:07 - 00756888 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: (default) => 
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AtherosBtStack => "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
MSCONFIG\startupreg: avgnt => "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: HP Quick Launch => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: HPOSD => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
MSCONFIG\startupreg: HPWirelessAssistant => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: PDF Complete => C:\Program Files (x86)\PDF Complete\pdfsty.exe
MSCONFIG\startupreg: SearchSettings => "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

========================= Accounts: ==========================

Administrator (S-1-5-21-2041310051-869951282-1756680703-500 - Administrator - Disabled)
Gast (S-1-5-21-2041310051-869951282-1756680703-501 - Limited - Disabled)
slati (S-1-5-21-2041310051-869951282-1756680703-1001 - Administrator - Enabled) => C:\Users\slati

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/30/2014 04:48:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/30/2014 04:47:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: atieclxx.exe, Version: 6.14.11.1154, Zeitstempel: 0x517c7e3a
Name des fehlerhaften Moduls: atieclxx.exe, Version: 6.14.11.1154, Zeitstempel: 0x517c7e3a
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000002e749
ID des fehlerhaften Prozesses: 0x48c
Startzeit der fehlerhaften Anwendung: 0xatieclxx.exe0
Pfad der fehlerhaften Anwendung: atieclxx.exe1
Pfad des fehlerhaften Moduls: atieclxx.exe2
Berichtskennung: atieclxx.exe3

Error: (11/30/2014 04:46:49 PM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description: ATI EEU Client has failed to start

Error: (11/30/2014 04:46:49 PM) (Source: ATIeRecord) (EventID: 16388) (User: )
Description: ATI EEU Client event error

Error: (11/30/2014 04:12:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/30/2014 04:11:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: atieclxx.exe, Version: 6.14.11.1154, Zeitstempel: 0x517c7e3a
Name des fehlerhaften Moduls: atieclxx.exe, Version: 6.14.11.1154, Zeitstempel: 0x517c7e3a
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000002e749
ID des fehlerhaften Prozesses: 0x468
Startzeit der fehlerhaften Anwendung: 0xatieclxx.exe0
Pfad der fehlerhaften Anwendung: atieclxx.exe1
Pfad des fehlerhaften Moduls: atieclxx.exe2
Berichtskennung: atieclxx.exe3

Error: (11/30/2014 04:10:55 PM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description: ATI EEU Client has failed to start

Error: (11/30/2014 04:10:55 PM) (Source: ATIeRecord) (EventID: 16388) (User: )
Description: ATI EEU Client event error

Error: (11/30/2014 01:29:18 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (11/29/2014 08:28:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (11/30/2014 04:47:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "LogMeIn Hamachi Tunneling Engine" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (11/30/2014 04:47:22 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst LogMeIn Hamachi Tunneling Engine erreicht.

Error: (11/30/2014 04:11:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "LogMeIn Hamachi Tunneling Engine" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (11/30/2014 04:11:28 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst LogMeIn Hamachi Tunneling Engine erreicht.

Error: (11/30/2014 03:45:39 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "HP Wireless Assistant Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (11/30/2014 03:45:39 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (11/30/2014 03:45:39 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "HP Software Framework Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (11/30/2014 03:45:38 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Presentation Foundation-Schriftartcache 3.0.0.0" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.

Error: (11/30/2014 03:45:38 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (11/30/2014 03:45:38 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "MBAMService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


Microsoft Office Sessions:
=========================

Avira hat Trojaner gefunden

Log-Analyse und Auswertung: Avira hat Trojaner gefunden