Windows 7 Neuinstallation, ColorMedia lässt sich nicht entfernen

holger-s2 · 25.01.2015, 11:39

Hallo liebe Trojaner-Board Spezialisten,

Vorgeschichte - Virus entdeckt, Problem beseitigt?! ...
Gestern FP in eine neue getauscht und Win7 Ultimate installiert, dazu Chrome und Antivir installiert. Notwendige Windows Updates durchgeführt.
In Chrome war wieder derselbe seltsame Startbildschirm (webssearches) wie bei der letzten Installation und ließ sich nicht entfernen, Antivir hat auch etwas gefunden (in Quarantäne verschoben).
Trotzdem im Internet nach Hilfe gesucht und Adware installiert, einiges erkannt und gelöscht. Probleme beseitigt.
Weiteres Programm, was sich vorher nie installieren lies, installiert (Tipard TS Converter), klappte diesmal.

Adware sagt, doch nicht alles gut...
Einfach nochmal Adware gestartet, dumm gelaufen - das findet bei jedem weiteren Neustart auch nach Löschen immer wieder "ColorMedia" bzw. insgesamt
3 Dienste

ColorMedia
cmwf service
cmwr service

den Ordner

C:\Program Data\PicColor Utility

und die Dateien

C:\windows\system32\drivers\cmwr.sys
C:\windows\system32\drivers\cmwf.sys

Trojaner-Board - letzte Rettung ...
Nach Installation FRST64 (aus dem System gestartet, weil gerade kein Stick und zweiten PC, wenn das nicht funktioniert bitte kurze Info - dann muss ich einen Stick besorgen und das morgen genau wie beschrieben mit Stick probieren):

FRST64

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01
Ran by AZi-PC (administrator) on AZI-PC on 25-01-2015 10:48:27
Running from C:\Users\AZi-PC\Desktop
Loaded Profiles: AZi-PC (Available profiles: AZi-PC)
Platform: Windows 7 Ultimate (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(EIZO Corporation) C:\Program Files (x86)\EIZO\ScreenSlicer\ESCSlicer.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(EIZO Corporation) C:\Program Files (x86)\EIZO\ScreenManager Pro for LCD\Lcdctrl.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2015-01-24] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [124208 2014-10-22] (Avira Operations GmbH & Co. KG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\EIZO ScreenSlicer.lnk
ShortcutTarget: EIZO ScreenSlicer.lnk -> C:\Windows\Installer\{292A177D-723F-4537-9985-BC8BFCD8B63D}\NewShortcut1_ECE901F38F8D425291BF1815F96683B4.exe (Macrovision Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ScreenManager Pro for LCD Ver3.3.3.lnk
ShortcutTarget: ScreenManager Pro for LCD Ver3.3.3.lnk -> C:\Program Files (x86)\EIZO\ScreenManager Pro for LCD\Lcdctrl.exe (EIZO Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:49436;https=127.0.0.1:49436;
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\S-1-5-21-3672898365-1647074900-201637474-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Winsock: Catalog9 01 C:\Windows\SysWOW64\ColorMedia.dll [324776] (CartCrunch Israel Ltd.)
Winsock: Catalog9 02 C:\Windows\SysWOW64\ColorMedia.dll [324776] (CartCrunch Israel Ltd.)
Winsock: Catalog9 03 C:\Windows\SysWOW64\ColorMedia.dll [324776] (CartCrunch Israel Ltd.)
Winsock: Catalog9 04 C:\Windows\SysWOW64\ColorMedia.dll [324776] (CartCrunch Israel Ltd.)
Winsock: Catalog9 15 C:\Windows\SysWOW64\ColorMedia.dll [324776] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 01 C:\Windows\system32\ColorMedia64.dll [370688] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 02 C:\Windows\system32\ColorMedia64.dll [370688] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 03 C:\Windows\system32\ColorMedia64.dll [370688] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 04 C:\Windows\system32\ColorMedia64.dll [370688] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 15 C:\Windows\system32\ColorMedia64.dll [370688] (CartCrunch Israel Ltd.)
Tcpip\..\Interfaces\{3FCFEC49-E79E-42E3-9AE6-CFF4F098A30B}: [NameServer] 192.168.0.1

FireFox:
========
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

Chrome: 
=======
CHR HomePage: Default -> 
CHR StartupUrls: Default -> "https://www.google.de/", "hxxp://istart.webssearches.com/?type=hppp&ts=1401179454&from=tugs&uid=395049983_266162_F0DFA897", "hxxp://istart.webssearches.com/?type=hppp&ts=1401342874&from=tugs&uid=395049983_266162_F0DFA897", "hxxp://istart.webssearches.com/?type=hppp&ts=1401392681&from=tugs&uid=395049983_266162_F0DFA897", "hxxp://istart.webssearches.com/?type=hppp&ts=1401470905&from=tugs&uid=395049983_266162_F0DFA897", "hxxp://istart.webssearches.com/?type=hppp&ts=1401534646&from=tugs&uid=395049983_266162_F0DFA897", "hxxp://istart.webssearches.com/?type=hppp&ts=1401613039&from=tugs&uid=395049983_266162_F0DFA897", "hxxp://istart.webssearches.com/?type=hppp&ts=1401814348&from=tugs&uid=395049983_266162_F0DFA897", "hxxp://istart.webssearches.com/?type=hppp&ts=1401981463&from=tugs&uid=395049983_266162_F0DFA897", "hxxp://istart.webssearches.com/?type=hppp&ts=1402251016&from=tugs&uid=395049983_266162_F0DFA897", "hxxp://istart.webssearches.com/?type=hppp&ts=1402332086&from=tugs&uid=395049983_266162_F0DFA897", "hxxp://istart.webssearches.com/?type=hppp&ts=1402681885&from=tugs&uid=395049983_266162_F0DFA897", "hxxp://istart.webssearches.com/?type=hppp&ts=1402772176&from=tugs&uid=395049983_266162_F0DFA897", "hxxp://istart.webssearches.com/?type=hppp&ts=1402851446&from=tugs&uid=395049983_266162_F0DFA897", "hxxp://istart.webssearches.com/?type=hppp&ts=1402913513&from=tugs&uid=395049983_266162_F0DFA897", "hxxp://istart.webssearches.com/?type=hppp&ts=1402990213&from=tugs&uid=395049983_266162_F0DFA897", "hxxp://istart.webssearches.com/?type=hppp&ts=1403171129&from=tugs&uid=395049983_266162_F0DFA897", "hxxp://istart.webssearches.com/?type=hppp&ts=1403182900&from=tugs&uid=395049983_266162_F0DFA897", "hxxp://istart.webssearches.com/?type=hppp&ts=1403194663&from=tugs&uid=395049983_266162_F0DFA897", "hxxp://istart.webssearches.com/?type=hppp&ts=1403361600&from=tugs&uid=395049983_266162_F0DFA897", "hxxp://istart.webssearches.com/?type=hp&ts=1422124986&from=cvs&uid=395049983_266162_54A4CF31", "hxxp://istart.webssearches.com/?type=hppp&ts=1422125000&from=cvs&uid=395049983_266162_54A4CF31"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\AZi-PC\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\AZi-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-24]
CHR Extension: (Google Docs) - C:\Users\AZi-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-24]
CHR Extension: (Google Drive) - C:\Users\AZi-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-24]
CHR Extension: (YouTube) - C:\Users\AZi-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-24]
CHR Extension: (Google-Suche) - C:\Users\AZi-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-24]
CHR Extension: (Google Tabellen) - C:\Users\AZi-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-24]
CHR Extension: (Avira Browserschutz) - C:\Users\AZi-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-01-24]
CHR Extension: (Bookmark Manager) - C:\Users\AZi-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-01-24]
CHR Extension: (Google Wallet) - C:\Users\AZi-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-24]
CHR Extension: (Google Mail) - C:\Users\AZi-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-24]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2015-01-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2015-01-24] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [164656 2014-10-22] (Avira Operations GmbH & Co. KG)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
S2 ColorMedia; C:\ProgramData\PicColor Utility\ColorMedia.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2015-01-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2015-01-24] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 cmwf; C:\Windows\system32\Drivers\cmwf.sys [33952 2015-01-07] () [File not signed]
R1 cmwr; C:\Windows\system32\Drivers\cmwr.sys [45216 2015-01-07] () [File not signed]
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-25 10:48 - 2015-01-25 10:48 - 00012363 _____ () C:\Users\AZi-PC\Desktop\FRST.txt
2015-01-25 10:48 - 2015-01-25 10:48 - 00000000 ____D () C:\FRST
2015-01-25 10:42 - 2015-01-25 10:42 - 02129920 _____ (Farbar) C:\Users\AZi-PC\Downloads\FRST64.exe
2015-01-25 10:42 - 2015-01-25 10:42 - 02129920 _____ (Farbar) C:\Users\AZi-PC\Desktop\FRST64.exe
2015-01-24 22:35 - 2015-01-24 22:39 - 00000000 ____D () C:\Users\AZi-PC\Documents\Tipard Studio
2015-01-24 22:35 - 2015-01-24 22:35 - 00001429 _____ () C:\Users\Public\Desktop\Tipard TS Converter.lnk
2015-01-24 22:35 - 2015-01-24 22:35 - 00000000 ____D () C:\Users\AZi-PC\AppData\Local\Tipard Studio
2015-01-24 22:35 - 2015-01-24 22:35 - 00000000 ____D () C:\ProgramData\Tipard Studio
2015-01-24 22:35 - 2015-01-24 22:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tipard
2015-01-24 22:35 - 2015-01-24 22:35 - 00000000 ____D () C:\Program Files (x86)\Tipard Studio
2015-01-24 22:34 - 2015-01-24 22:34 - 24154712 _____ (Tipard Studio ) C:\Users\AZi-PC\Downloads\ts71-converter.exe
2015-01-24 22:21 - 2015-01-24 22:21 - 00000000 ____D () C:\Users\AZi-PC\AppData\Local\Microsoft Games
2015-01-24 21:14 - 2015-01-25 10:36 - 00000000 ____D () C:\AdwCleaner
2015-01-24 21:13 - 2015-01-24 21:13 - 02194432 _____ () C:\Users\AZi-PC\Downloads\adwcleaner_4.109.exe
2015-01-24 20:58 - 2015-01-24 20:58 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk
2015-01-24 20:57 - 2015-01-24 20:54 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-01-24 20:49 - 2015-01-24 20:49 - 00003150 _____ () C:\Windows\System32\Tasks\{655729CA-F8E3-4BD9-A398-D24CC2E3B7DB}
2015-01-24 20:40 - 2015-01-24 20:40 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-01-24 20:40 - 2015-01-24 20:40 - 00000000 ____D () C:\Windows\system32\appraiser
2015-01-24 20:39 - 2015-01-24 20:39 - 00000000 ____D () C:\Users\AZi-PC\AppData\Roaming\EIZO
2015-01-24 20:39 - 2015-01-24 20:39 - 00000000 ____D () C:\Users\AZi-PC\AppData\Local\Downloaded Installations
2015-01-24 20:39 - 2015-01-24 20:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EIZO
2015-01-24 20:38 - 2015-01-24 20:38 - 07464870 _____ () C:\Users\AZi-PC\Downloads\ESCSlicer115.zip
2015-01-24 20:34 - 2015-01-24 20:39 - 00000000 ____D () C:\Program Files (x86)\EIZO
2015-01-24 20:34 - 2015-01-24 20:34 - 00000000 ____D () C:\Users\AZi-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EIZO
2015-01-24 20:32 - 2015-01-24 20:33 - 11569831 _____ () C:\Users\AZi-PC\Downloads\Smpl333B.zip
2015-01-24 20:31 - 2015-01-24 20:35 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-24 20:30 - 2014-12-04 03:32 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-01-24 20:30 - 2014-12-04 03:32 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-01-24 20:30 - 2014-12-04 03:32 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-01-24 20:30 - 2014-12-04 03:31 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-01-24 20:30 - 2014-12-04 03:31 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-01-24 20:30 - 2014-12-04 03:31 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-01-24 20:30 - 2014-12-04 03:26 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-01-24 20:30 - 2014-12-02 00:21 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-01-24 20:30 - 2011-04-09 07:58 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-01-24 20:30 - 2011-04-09 07:45 - 05509504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-24 20:30 - 2011-04-09 07:13 - 03957632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-24 20:30 - 2011-04-09 07:13 - 03901824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-24 20:30 - 2011-04-09 06:56 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-01-24 20:29 - 2014-09-15 01:44 - 03195392 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-01-24 20:29 - 2009-10-24 05:28 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2015-01-24 20:29 - 2009-10-24 05:27 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2015-01-24 20:26 - 2012-06-02 23:19 - 02428952 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-01-24 20:26 - 2012-06-02 23:19 - 00701976 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-01-24 20:26 - 2012-06-02 23:19 - 00057880 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-01-24 20:26 - 2012-06-02 23:19 - 00044056 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-01-24 20:26 - 2012-06-02 23:19 - 00038424 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-01-24 20:26 - 2012-06-02 23:15 - 02622464 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-01-24 20:26 - 2012-06-02 23:15 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-01-24 20:26 - 2012-06-02 15:19 - 00186752 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-01-24 20:26 - 2012-06-02 15:15 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-01-24 20:24 - 2015-01-24 20:24 - 00000000 ____D () C:\Users\AZi-PC\AppData\Roaming\ATI
2015-01-24 20:24 - 2015-01-24 20:24 - 00000000 ____D () C:\Users\AZi-PC\AppData\Local\ATI
2015-01-24 20:24 - 2015-01-24 20:24 - 00000000 ____D () C:\ProgramData\ATI
2015-01-24 20:22 - 2015-01-24 20:22 - 00000000 _____ () C:\Windows\ativpsrm.bin
2015-01-24 20:21 - 2015-01-24 20:21 - 00000000 ____D () C:\ProgramData\AMD
2015-01-24 20:20 - 2015-01-24 20:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2015-01-24 20:20 - 2015-01-24 20:20 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2015-01-24 20:19 - 2015-01-24 20:19 - 00000000 ____D () C:\Program Files\Common Files\ATI Technologies
2015-01-24 20:19 - 2015-01-24 20:19 - 00000000 ____D () C:\Program Files (x86)\AMD
2015-01-24 20:18 - 2015-01-24 20:18 - 01558224 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-01-24 20:17 - 2009-11-25 11:47 - 01942856 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2015-01-24 20:17 - 2009-11-25 11:47 - 01130824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2015-01-24 20:17 - 2009-11-25 11:47 - 00444752 _____ (Microsoft Corporation) C:\Windows\system32\mscoree.dll
2015-01-24 20:17 - 2009-11-25 11:47 - 00320352 _____ (Microsoft Corporation) C:\Windows\system32\PresentationHost.exe
2015-01-24 20:17 - 2009-11-25 11:47 - 00297808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscoree.dll
2015-01-24 20:17 - 2009-11-25 11:47 - 00295264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationHost.exe
2015-01-24 20:17 - 2009-11-25 11:47 - 00109912 _____ (Microsoft Corporation) C:\Windows\system32\PresentationHostProxy.dll
2015-01-24 20:17 - 2009-11-25 11:47 - 00099176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationHostProxy.dll
2015-01-24 20:17 - 2009-11-25 11:47 - 00049472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netfxperf.dll
2015-01-24 20:17 - 2009-11-25 11:47 - 00048960 _____ (Microsoft Corporation) C:\Windows\system32\netfxperf.dll
2015-01-24 20:16 - 2015-01-24 20:58 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-24 20:15 - 2015-01-24 20:20 - 00000000 ____D () C:\Program Files\AMD
2015-01-24 20:13 - 2015-01-24 20:13 - 00000000 ____D () C:\AMD
2015-01-24 19:58 - 2015-01-24 20:05 - 302470552 _____ (AMD Inc.) C:\Users\AZi-PC\Downloads\amd-catalyst-omega-14.12-with-dotnet45-win7-64bit.exe
2015-01-24 19:53 - 2015-01-24 19:53 - 00000000 ____D () C:\Users\AZi-PC\AppData\Roaming\Avira
2015-01-24 19:52 - 2015-01-24 20:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-01-24 19:52 - 2015-01-24 19:52 - 00002066 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2015-01-24 19:51 - 2015-01-24 20:58 - 00000000 ____D () C:\ProgramData\Avira
2015-01-24 19:51 - 2015-01-24 20:58 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-01-24 19:51 - 2015-01-24 20:54 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-01-24 19:51 - 2015-01-24 20:54 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-01-24 19:51 - 2015-01-24 19:51 - 00000000 ____D () C:\Users\AZi-PC\AppData\Roaming\dlg
2015-01-24 19:51 - 2013-12-18 09:32 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2015-01-24 19:44 - 2015-01-24 22:04 - 00000000 ____D () C:\ProgramData\PicColor Utility
2015-01-24 19:44 - 2015-01-24 20:41 - 00005264 _____ () C:\Windows\SysWOW64\ColorMedia.ini
2015-01-24 19:44 - 2015-01-24 20:41 - 00002864 _____ () C:\Windows\SysWOW64\ColorMediaOff.ini
2015-01-24 19:44 - 2015-01-24 20:41 - 00002864 _____ () C:\Windows\system32\ColorMediaOff.ini
2015-01-24 19:44 - 2015-01-07 21:07 - 00045216 _____ () C:\Windows\system32\Drivers\cmwr.sys
2015-01-24 19:44 - 2015-01-07 21:07 - 00033952 _____ () C:\Windows\system32\Drivers\cmwf.sys
2015-01-24 19:44 - 2015-01-07 20:54 - 00370688 _____ (CartCrunch Israel Ltd.) C:\Windows\system32\ColorMedia64.dll
2015-01-24 19:44 - 2015-01-07 20:54 - 00324776 _____ (CartCrunch Israel Ltd.) C:\Windows\SysWOW64\ColorMedia.dll
2015-01-24 19:42 - 2015-01-24 19:42 - 00616976 _____ () C:\Users\AZi-PC\Downloads\avira-free-antivir.exe
2015-01-24 19:37 - 2015-01-25 10:32 - 00126138 _____ () C:\Windows\PFRO.log
2015-01-24 19:34 - 2015-01-24 21:17 - 00001023 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-24 19:34 - 2015-01-24 21:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-24 19:32 - 2015-01-25 10:38 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-24 19:32 - 2015-01-25 10:33 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-24 19:32 - 2015-01-24 19:34 - 00000000 ____D () C:\Users\AZi-PC\AppData\Local\Google
2015-01-24 19:32 - 2015-01-24 19:34 - 00000000 ____D () C:\Users\AZi-PC\AppData\Local\Deployment
2015-01-24 19:32 - 2015-01-24 19:34 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-24 19:32 - 2015-01-24 19:32 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-01-24 19:32 - 2015-01-24 19:32 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-01-24 19:32 - 2015-01-24 19:32 - 00000000 ____D () C:\Users\AZi-PC\AppData\Local\Apps\2.0
2015-01-24 19:28 - 2015-01-24 19:28 - 00000010 _____ () C:\Users\AZi-PC\Desktop\Kennwort Heimnetzgruppe.txt
2015-01-24 19:21 - 2015-01-24 19:21 - 00057560 _____ () C:\Users\AZi-PC\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-24 19:11 - 2015-01-24 21:17 - 00000919 _____ () C:\Users\AZi-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-24 19:11 - 2015-01-24 21:17 - 00000851 _____ () C:\Users\AZi-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2015-01-24 19:11 - 2015-01-24 19:11 - 00000000 ____D () C:\Users\AZi-PC\AppData\Local\VirtualStore
2015-01-24 19:10 - 2015-01-24 19:11 - 00000000 ____D () C:\Users\AZi-PC
2015-01-24 19:10 - 2015-01-24 19:10 - 00000020 ___SH () C:\Users\AZi-PC\ntuser.ini
2015-01-24 19:10 - 2015-01-24 19:10 - 00000000 _SHDL () C:\Users\AZi-PC\Vorlagen
2015-01-24 19:10 - 2015-01-24 19:10 - 00000000 _SHDL () C:\Users\AZi-PC\Startmenü
2015-01-24 19:10 - 2015-01-24 19:10 - 00000000 _SHDL () C:\Users\AZi-PC\Netzwerkumgebung
2015-01-24 19:10 - 2015-01-24 19:10 - 00000000 _SHDL () C:\Users\AZi-PC\Lokale Einstellungen
2015-01-24 19:10 - 2015-01-24 19:10 - 00000000 _SHDL () C:\Users\AZi-PC\Eigene Dateien
2015-01-24 19:10 - 2015-01-24 19:10 - 00000000 _SHDL () C:\Users\AZi-PC\Druckumgebung
2015-01-24 19:10 - 2015-01-24 19:10 - 00000000 _SHDL () C:\Users\AZi-PC\Documents\Eigene Musik
2015-01-24 19:10 - 2015-01-24 19:10 - 00000000 _SHDL () C:\Users\AZi-PC\Documents\Eigene Bilder
2015-01-24 19:10 - 2015-01-24 19:10 - 00000000 _SHDL () C:\Users\AZi-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-01-24 19:10 - 2015-01-24 19:10 - 00000000 _SHDL () C:\Users\AZi-PC\AppData\Local\Verlauf
2015-01-24 19:10 - 2015-01-24 19:10 - 00000000 _SHDL () C:\Users\AZi-PC\AppData\Local\Anwendungsdaten
2015-01-24 19:10 - 2015-01-24 19:10 - 00000000 _SHDL () C:\Users\AZi-PC\Anwendungsdaten
2015-01-24 19:10 - 2009-07-14 05:54 - 00000000 ___RD () C:\Users\AZi-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-24 19:10 - 2009-07-14 05:49 - 00000000 ___RD () C:\Users\AZi-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-01-24 19:08 - 2015-01-24 19:08 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Musik
2015-01-24 19:08 - 2015-01-24 19:08 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Bilder
2015-01-24 19:08 - 2015-01-24 19:08 - 00000000 _SHDL () C:\Users\Default\Vorlagen
2015-01-24 19:08 - 2015-01-24 19:08 - 00000000 _SHDL () C:\Users\Default\Startmenü
2015-01-24 19:08 - 2015-01-24 19:08 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung
2015-01-24 19:08 - 2015-01-24 19:08 - 00000000 _SHDL () C:\Users\Default\Lokale Einstellungen
2015-01-24 19:08 - 2015-01-24 19:08 - 00000000 _SHDL () C:\Users\Default\Eigene Dateien
2015-01-24 19:08 - 2015-01-24 19:08 - 00000000 _SHDL () C:\Users\Default\Druckumgebung
2015-01-24 19:08 - 2015-01-24 19:08 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik
2015-01-24 19:08 - 2015-01-24 19:08 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder
2015-01-24 19:08 - 2015-01-24 19:08 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-01-24 19:08 - 2015-01-24 19:08 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf
2015-01-24 19:08 - 2015-01-24 19:08 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Anwendungsdaten
2015-01-24 19:08 - 2015-01-24 19:08 - 00000000 _SHDL () C:\Users\Default\Anwendungsdaten
2015-01-24 19:08 - 2015-01-24 19:08 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Musik
2015-01-24 19:08 - 2015-01-24 19:08 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Bilder
2015-01-24 19:08 - 2015-01-24 19:08 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-01-24 19:08 - 2015-01-24 19:08 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Verlauf
2015-01-24 19:08 - 2015-01-24 19:08 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Anwendungsdaten
2015-01-24 19:08 - 2015-01-24 19:08 - 00000000 _SHDL () C:\Programme
2015-01-24 19:08 - 2015-01-24 19:08 - 00000000 _SHDL () C:\ProgramData\Vorlagen
2015-01-24 19:08 - 2015-01-24 19:08 - 00000000 _SHDL () C:\ProgramData\Startmenü
2015-01-24 19:08 - 2015-01-24 19:08 - 00000000 _SHDL () C:\ProgramData\Microsoft\Windows\Start Menu\Programme
2015-01-24 19:08 - 2015-01-24 19:08 - 00000000 _SHDL () C:\ProgramData\Favoriten
2015-01-24 19:08 - 2015-01-24 19:08 - 00000000 _SHDL () C:\ProgramData\Dokumente
2015-01-24 19:08 - 2015-01-24 19:08 - 00000000 _SHDL () C:\ProgramData\Anwendungsdaten
2015-01-24 19:08 - 2015-01-24 19:08 - 00000000 _SHDL () C:\Program Files\Gemeinsame Dateien
2015-01-24 19:08 - 2015-01-24 19:08 - 00000000 _SHDL () C:\Dokumente und Einstellungen
2015-01-24 19:08 - 2015-01-24 19:08 - 00000000 __SHD () C:\Recovery
2015-01-24 19:07 - 2015-01-25 10:36 - 00358114 _____ () C:\Windows\WindowsUpdate.log
2015-01-24 19:02 - 2015-01-24 19:02 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2015-01-24 19:02 - 2015-01-24 19:02 - 00000000 ____D () C:\Windows\CSC

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-25 10:38 - 2009-07-14 05:45 - 00014192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-25 10:38 - 2009-07-14 05:45 - 00014192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-25 10:37 - 2009-07-14 18:58 - 00698688 _____ () C:\Windows\system32\perfh007.dat
2015-01-25 10:37 - 2009-07-14 18:58 - 00148828 _____ () C:\Windows\system32\perfc007.dat
2015-01-25 10:37 - 2009-07-14 06:13 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-25 10:32 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-25 10:32 - 2009-07-14 05:51 - 00025498 _____ () C:\Windows\setupact.log
2015-01-24 20:41 - 2009-07-14 05:45 - 00265696 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-24 20:40 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat
2015-01-24 20:16 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\system32\restore
2015-01-24 19:27 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Public\Libraries
2015-01-24 19:15 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-24 19:08 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2015-01-24 19:08 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Windows NT
2015-01-24 19:06 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2015-01-24 19:03 - 2009-10-14 07:04 - 00000000 ____D () C:\Windows\Panther
2015-01-24 19:03 - 2009-10-14 06:06 - 00003540 _____ () C:\Windows\TSSysprep.log
2015-01-24 19:03 - 2009-07-14 05:46 - 00002790 _____ () C:\Windows\DtcInstall.log
2015-01-24 19:01 - 2009-07-14 06:38 - 00025600 ___SH () C:\Windows\system32\config\BCD-Template.LOG
2015-01-24 19:01 - 2009-07-14 06:32 - 00028672 _____ () C:\Windows\system32\config\BCD-Template
2014-12-31 13:12 - 2009-10-14 06:12 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

Some content of TEMP:
====================
C:\Users\AZi-PC\AppData\Local\Temp\avgnt.exe
C:\Users\AZi-PC\AppData\Local\Temp\SpOrder.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2009-10-14 06:05

==================== End Of Log ============================

--- --- ---

Addition

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-01-2015 01
Ran by AZi-PC at 2015-01-25 10:49:15
Running from C:\Users\AZi-PC\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Avira (HKLM-x32\...\{4241d738-563d-4685-803c-e58b90a2e5e8}) (Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
EIZO ScreenSlicer (HKLM-x32\...\{292A177D-723F-4537-9985-BC8BFCD8B63D}) (Version: 1.1.5.0 - EIZO Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.91 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
ScreenManager Pro for LCD (HKLM-x32\...\{DAB265AD-27B2-4651-B8D8-F4F3A8ECC705}) (Version: 3.3.3.0 - EIZO Corporation)
Tipard TS Converter 7.1.50 (HKLM-x32\...\{2D85A23D-06EF-4df2-BF09-B39AEDAE9140}_is1) (Version: 7.1.50 - Tipard Studio)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

24-01-2015 20:16:20 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
24-01-2015 20:17:03 Windows Update
24-01-2015 20:18:48 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
24-01-2015 20:26:25 Windows Update
24-01-2015 20:31:07 Windows Update
24-01-2015 20:39:31 Installed EIZO ScreenSlicer.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1E7525C4-0307-490A-9765-AD862E9C57D7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-24] (Google Inc.)
Task: {61006B44-E1ED-44A9-BFF0-F62971187898} - System32\Tasks\{655729CA-F8E3-4BD9-A398-D24CC2E3B7DB} => pcalua.exe -a C:\Users\AZi-PC\AppData\Roaming\webssearches\UninstallManager.exe -c  -ptid=cvs <==== ATTENTION
Task: {6C1A3B13-1C2C-4146-8DB8-D704DF4D40C1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-24] (Google Inc.)
Task: {DBA640B1-4B8E-4C61-92B4-3413D4C128D4} - \GNVLNUPDH No Task File <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2015-01-24 19:34 - 2015-01-21 04:41 - 01450312 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.91\libglesv2.dll
2015-01-24 19:34 - 2015-01-21 04:41 - 00205128 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.91\libegl.dll
2015-01-24 19:34 - 2015-01-21 04:41 - 10864456 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.91\pdf.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\cmwf.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\cmwr.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\cmwf.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\cmwr.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ColorMedia => ""="service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-3672898365-1647074900-201637474-500 - Administrator - Disabled)
AZi-PC (S-1-5-21-3672898365-1647074900-201637474-1000 - Administrator - Enabled) => C:\Users\AZi-PC
Gast (S-1-5-21-3672898365-1647074900-201637474-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3672898365-1647074900-201637474-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: Unknown Device
Description: Unknown Device
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard-USB-Hostcontroller)
Service: 
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. 


==================== Event log errors: =========================

Application errors:
==================
Error: (01/24/2015 10:20:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: adwcleaner_4.109.exe, Version: 4.1.0.9, Zeitstempel: 0x54c366b9
Name des fehlerhaften Moduls: adwcleaner_4.109.exe, Version: 4.1.0.9, Zeitstempel: 0x54c366b9
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0001f09e
ID des fehlerhaften Prozesses: 0x1340
Startzeit der fehlerhaften Anwendung: 0xadwcleaner_4.109.exe0
Pfad der fehlerhaften Anwendung: adwcleaner_4.109.exe1
Pfad des fehlerhaften Moduls: adwcleaner_4.109.exe2
Berichtskennung: adwcleaner_4.109.exe3

Error: (01/24/2015 09:02:42 PM) (Source: VSS) (EventID: 12310) (User: )
Description: Volumeschattenkopie-Dienstfehler: Die Schattenkopie kann nicht zugesichert werden - Vorgang hat das Zeitlimit überschritten.
Fehlerkontext: DeviceIoControl(\\?\Volume{20e48e70-a3f3-11e4-bb06-806e6f6e6963} - 0000000000000120,0x0053c010,00000000002FF1D0,0,00000000003001E0,4096,[0]).


Vorgang:
   Schattenkopien werden übertragen

Kontext:
   Ausführungskontext: System Provider

Error: (01/24/2015 07:49:49 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error: (01/24/2015 07:49:47 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error: (01/24/2015 07:49:47 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error: (01/24/2015 07:49:47 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error: (01/24/2015 07:49:45 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error: (01/24/2015 07:49:45 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error: (01/24/2015 07:49:45 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error: (01/24/2015 07:49:45 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.


System errors:
=============
Error: (01/25/2015 10:49:36 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "ColorMedia" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (01/25/2015 10:49:26 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "ColorMedia" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (01/25/2015 10:49:23 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "ColorMedia" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (01/25/2015 10:49:13 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "ColorMedia" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (01/25/2015 10:49:12 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "ColorMedia" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (01/25/2015 10:48:36 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "ColorMedia" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (01/25/2015 10:48:26 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "ColorMedia" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (01/25/2015 10:48:23 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "ColorMedia" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (01/25/2015 10:48:13 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "ColorMedia" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (01/25/2015 10:48:13 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "ColorMedia" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2


Microsoft Office Sessions:
=========================
Error: (01/24/2015 10:20:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: adwcleaner_4.109.exe4.1.0.954c366b9adwcleaner_4.109.exe4.1.0.954c366b9c00000050001f09e134001d0381b0afe5587C:\Users\AZi-PC\Downloads\adwcleaner_4.109.exeC:\Users\AZi-PC\Downloads\adwcleaner_4.109.execdd08aa3-a40e-11e4-b2ae-0015af079dfa

Error: (01/24/2015 09:02:42 PM) (Source: VSS) (EventID: 12310) (User: )
Description: DeviceIoControl(\\?\Volume{20e48e70-a3f3-11e4-bb06-806e6f6e6963} - 0000000000000120,0x0053c010,00000000002FF1D0,0,00000000003001E0,4096,[0])

Vorgang:
   Schattenkopien werden übertragen

Kontext:
   Ausführungskontext: System Provider

Error: (01/24/2015 07:49:49 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

Error: (01/24/2015 07:49:47 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

Error: (01/24/2015 07:49:47 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

Error: (01/24/2015 07:49:47 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

Error: (01/24/2015 07:49:45 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

Error: (01/24/2015 07:49:45 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

Error: (01/24/2015 07:49:45 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

Error: (01/24/2015 07:49:45 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.


==================== Memory info =========================== 

Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4200+
Percentage of memory in use: 35%
Total physical RAM: 4094.49 MB
Available physical RAM: 2635.29 MB
Total Pagefile: 8187.13 MB
Available Pagefile: 6141 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:117.28 GB) (Free:97.26 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 117.4 GB) (Disk ID: D0947A02)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=117.3 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Ich hoffe, Ihr könnt mir weiterhelfen.
Vielen Dank für Eure Unterstützung!

Viele Grüße,
Holger

schrauber · 25.01.2015, 12:00

hi,

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

holger-s2 · 25.01.2015, 13:17

Hallo,

super, vielen Dank für die schnelle Antwort.

Bitte kurze Info, was weiter zu tun ist/
wenn etwas fehlt oder
"alles ok" wenn mein Problem beseitigt ist.

Hier die geforderten Dateien:

mbam

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 25.01.2015
Suchlauf-Zeit: 12:24:44
Logdatei: mbam1.txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2015.01.25.06
Rootkit Datenbank: v2015.01.14.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7
CPU: x64
Dateisystem: NTFS
Benutzer: AZi-PC

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 315520
Verstrichene Zeit: 9 Min, 11 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 20
PUP.Optional.PicColor.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{B8D1E62C-5D04-4AB0-A09E-688FF75743EF}, In Quarantäne, [6f2bb04ba5e4a294b1891d4b22e113ed], 
PUP.Optional.PicColor.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{1B0071C9-831E-43DD-9EFE-722D8AEB9E2E}, In Quarantäne, [6f2bb04ba5e4a294b1891d4b22e113ed], 
PUP.Optional.PicColor.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{5217E897-1728-4B11-BC9D-5405AD551BEF}, In Quarantäne, [6f2bb04ba5e4a294b1891d4b22e113ed], 
PUP.Optional.PicColor.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{6073385E-A128-4464-9DFD-C7CF0F39A492}, In Quarantäne, [6f2bb04ba5e4a294b1891d4b22e113ed], 
PUP.Optional.PicColor.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{81E47395-D310-4064-B963-844C4088AB76}, In Quarantäne, [6f2bb04ba5e4a294b1891d4b22e113ed], 
PUP.Optional.PicColor.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{83E41C3D-190A-4052-A046-269722F3B4FD}, In Quarantäne, [6f2bb04ba5e4a294b1891d4b22e113ed], 
PUP.Optional.PicColor.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{A62D52D9-1E41-4772-A794-71B9B92AA014}, In Quarantäne, [6f2bb04ba5e4a294b1891d4b22e113ed], 
PUP.Optional.PicColor.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{D1C116A0-DC17-4257-9190-033AE10F90B9}, In Quarantäne, [6f2bb04ba5e4a294b1891d4b22e113ed], 
PUP.Optional.PicColor.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{ED5B55CA-994B-42B9-93B6-1FD306925967}, In Quarantäne, [6f2bb04ba5e4a294b1891d4b22e113ed], 
PUP.Optional.PicColor.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{FB7F9DF6-2A66-444F-BA5D-2F221F1B1AC8}, In Quarantäne, [6f2bb04ba5e4a294b1891d4b22e113ed], 
PUP.Optional.PicColor.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{1B0071C9-831E-43DD-9EFE-722D8AEB9E2E}, In Quarantäne, [6f2bb04ba5e4a294b1891d4b22e113ed], 
PUP.Optional.PicColor.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{5217E897-1728-4B11-BC9D-5405AD551BEF}, In Quarantäne, [6f2bb04ba5e4a294b1891d4b22e113ed], 
PUP.Optional.PicColor.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{6073385E-A128-4464-9DFD-C7CF0F39A492}, In Quarantäne, [6f2bb04ba5e4a294b1891d4b22e113ed], 
PUP.Optional.PicColor.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{81E47395-D310-4064-B963-844C4088AB76}, In Quarantäne, [6f2bb04ba5e4a294b1891d4b22e113ed], 
PUP.Optional.PicColor.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{83E41C3D-190A-4052-A046-269722F3B4FD}, In Quarantäne, [6f2bb04ba5e4a294b1891d4b22e113ed], 
PUP.Optional.PicColor.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{A62D52D9-1E41-4772-A794-71B9B92AA014}, In Quarantäne, [6f2bb04ba5e4a294b1891d4b22e113ed], 
PUP.Optional.PicColor.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{D1C116A0-DC17-4257-9190-033AE10F90B9}, In Quarantäne, [6f2bb04ba5e4a294b1891d4b22e113ed], 
PUP.Optional.PicColor.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{ED5B55CA-994B-42B9-93B6-1FD306925967}, In Quarantäne, [6f2bb04ba5e4a294b1891d4b22e113ed], 
PUP.Optional.PicColor.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FB7F9DF6-2A66-444F-BA5D-2F221F1B1AC8}, In Quarantäne, [6f2bb04ba5e4a294b1891d4b22e113ed], 
PUP.Optional.PicColor.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{B8D1E62C-5D04-4AB0-A09E-688FF75743EF}, In Quarantäne, [6f2bb04ba5e4a294b1891d4b22e113ed], 

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 1
PUP.Optional.PicColor.A, C:\ProgramData\PicColor Utility, Löschen bei Neustart, [6f2bb04ba5e4a294b1891d4b22e113ed], 

Dateien: 19
PUP.Optional.XTab.A, C:\Users\AZi-PC\AppData\Local\Temp\~dlFC9C\~dljyb\tmp\XTab_v4.0.exe, In Quarantäne, [05959b603356f83e248cb55259a92ad6], 
PUP.Optional.ColorMedia.A, C:\Windows\SysWOW64\ColorMedia.ini, In Quarantäne, [cfcb25d621685bdbb1498972669e9d63], 
PUP.Optional.ColorMedia.A, C:\Windows\System32\ColorMediaOff.ini, In Quarantäne, [4a50ca31a0e938fe73882ad1689c03fd], 
PUP.Optional.ColorMedia.A, C:\Windows\SysWOW64\ColorMediaOff.ini, In Quarantäne, [ecae40bb0b7e1f17d32851aa29db30d0], 
PUP.Optional.PicColor.A, C:\ProgramData\PicColor Utility\ColorMedia.tlb, Löschen bei Neustart, [6f2bb04ba5e4a294b1891d4b22e113ed], 
PUP.Optional.PicColor.A, C:\ProgramData\PicColor Utility\ColorMediaCrt.dll, Löschen bei Neustart, [6f2bb04ba5e4a294b1891d4b22e113ed], 
PUP.Optional.PicColor.A, C:\ProgramData\PicColor Utility\freebl3.dll, Löschen bei Neustart, [6f2bb04ba5e4a294b1891d4b22e113ed], 
PUP.Optional.PicColor.A, C:\ProgramData\PicColor Utility\libnspr4.dll, Löschen bei Neustart, [6f2bb04ba5e4a294b1891d4b22e113ed], 
PUP.Optional.PicColor.A, C:\ProgramData\PicColor Utility\libplc4.dll, Löschen bei Neustart, [6f2bb04ba5e4a294b1891d4b22e113ed], 
PUP.Optional.PicColor.A, C:\ProgramData\PicColor Utility\libplds4.dll, Löschen bei Neustart, [6f2bb04ba5e4a294b1891d4b22e113ed], 
PUP.Optional.PicColor.A, C:\ProgramData\PicColor Utility\nss3.dll, Löschen bei Neustart, [6f2bb04ba5e4a294b1891d4b22e113ed], 
PUP.Optional.PicColor.A, C:\ProgramData\PicColor Utility\nssckbi.dll, Löschen bei Neustart, [6f2bb04ba5e4a294b1891d4b22e113ed], 
PUP.Optional.PicColor.A, C:\ProgramData\PicColor Utility\nssdbm3.dll, Löschen bei Neustart, [6f2bb04ba5e4a294b1891d4b22e113ed], 
PUP.Optional.PicColor.A, C:\ProgramData\PicColor Utility\nssutil3.dll, Löschen bei Neustart, [6f2bb04ba5e4a294b1891d4b22e113ed], 
PUP.Optional.PicColor.A, C:\ProgramData\PicColor Utility\RfndNSIS.dll, Löschen bei Neustart, [6f2bb04ba5e4a294b1891d4b22e113ed], 
PUP.Optional.PicColor.A, C:\ProgramData\PicColor Utility\smime3.dll, Löschen bei Neustart, [6f2bb04ba5e4a294b1891d4b22e113ed], 
PUP.Optional.PicColor.A, C:\ProgramData\PicColor Utility\softokn3.dll, Löschen bei Neustart, [6f2bb04ba5e4a294b1891d4b22e113ed], 
PUP.Optional.PicColor.A, C:\ProgramData\PicColor Utility\sqlite3.dll, Löschen bei Neustart, [6f2bb04ba5e4a294b1891d4b22e113ed], 
PUP.Optional.PicColor.A, C:\ProgramData\PicColor Utility\ssl3.dll, Löschen bei Neustart, [6f2bb04ba5e4a294b1891d4b22e113ed], 

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)

adwcleaner(s4)

Code:

ATTFilter

# AdwCleaner v4.109 - Bericht erstellt am 25/01/2015 um 12:56:35
# Aktualisiert 24/01/2015 von Xplode
# Database : 2015-01-24.4 [Live]
# Betriebssystem : Windows 7 Ultimate  (64 bits)
# Benutzername : AZi-PC - AZI-PC
# Gestartet von : C:\Users\AZi-PC\Downloads\Safety\adwcleaner_4.109.exe
# Option : Löschen

***** [ Dienste ] *****

[#] Dienst Gelöscht : ColorMedia
[#] Dienst Gelöscht : cmwf
[#] Dienst Gelöscht : cmwr

***** [ Dateien / Ordner ] *****

Datei Gelöscht : C:\Windows\System32\drivers\cmwr.sys
Datei Gelöscht : C:\Windows\System32\drivers\cmwf.sys

***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Browser ] *****

-\\ Internet Explorer v8.0.7600.16385


-\\ Google Chrome v40.0.2214.91

[C:\Users\AZi-PC\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://istart.webssearches.com/web/?type=dspp&ts=1422125000&from=cvs&uid=395049983_266162_54A4CF31&q={searchTerms}
[C:\Users\AZi-PC\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://istart.webssearches.com/web/?type=dspp&ts=1422125000&from=cvs&uid=395049983_266162_54A4CF31&q={searchTerms}
[C:\Users\AZi-PC\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://search.iminent.com/?appId=402A8546-4CC4-45CD-A31E-F0B5DE4435C2&ref=toolbox&q={searchTerms}
[C:\Users\AZi-PC\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://istart.webssearches.com/web/?type=dspp&ts=1422125000&from=cvs&uid=395049983_266162_54A4CF31&q={searchTerms}
[C:\Users\AZi-PC\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://istart.webssearches.com/web/?type=dspp&ts=1422125000&from=cvs&uid=395049983_266162_54A4CF31&q={searchTerms}
[C:\Users\AZi-PC\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://isearch.babylon.com/?q={searchTerms}&affID=120519&babsrc=SP_ss_bayi&mntrId=F0DF0015AF079DFA
[C:\Users\AZi-PC\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://isearch.babylon.com/?q={searchTerms}&affID=120519&babsrc=SP_ss_bayi&mntrId=F0DF0015AF079DFA
[C:\Users\AZi-PC\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://isearch.babylon.com/?q={searchTerms}&affID=120519&babsrc=SP_ss_bayi&mntrId=F0DF0015AF079DFA

*************************

AdwCleaner[R0].txt - [9102 octets] - [24/01/2015 21:14:10]
AdwCleaner[R1].txt - [2813 octets] - [24/01/2015 22:09:24]
AdwCleaner[R2].txt - [1237 octets] - [24/01/2015 22:16:52]
AdwCleaner[R3].txt - [3022 octets] - [24/01/2015 22:56:45]
AdwCleaner[R4].txt - [3112 octets] - [25/01/2015 10:29:13]
AdwCleaner[R5].txt - [1537 octets] - [25/01/2015 10:33:52]
AdwCleaner[R6].txt - [1597 octets] - [25/01/2015 11:02:24]
AdwCleaner[R7].txt - [3308 octets] - [25/01/2015 12:54:07]
AdwCleaner[S0].txt - [9213 octets] - [24/01/2015 21:17:32]
AdwCleaner[S1].txt - [2890 octets] - [24/01/2015 22:14:05]
AdwCleaner[S2].txt - [465 octets] - [24/01/2015 22:20:21]
AdwCleaner[S3].txt - [3189 octets] - [25/01/2015 10:31:42]
AdwCleaner[S4].txt - [3241 octets] - [25/01/2015 12:56:35]

########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [3301 octets] ##########

JRT

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Ultimate x64
Ran by AZi-PC on 25.01.2015 at 13:01:22,18
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 25.01.2015 at 13:06:02,07
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01
Ran by AZi-PC (administrator) on AZI-PC on 25-01-2015 13:10:13
Running from C:\Users\AZi-PC\Desktop
Loaded Profiles: AZi-PC (Available profiles: AZi-PC)
Platform: Windows 7 Ultimate (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(EIZO Corporation) C:\Program Files (x86)\EIZO\ScreenSlicer\ESCSlicer.exe
(EIZO Corporation) C:\Program Files (x86)\EIZO\ScreenManager Pro for LCD\Lcdctrl.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2015-01-24] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [124208 2014-10-22] (Avira Operations GmbH & Co. KG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\EIZO ScreenSlicer.lnk
ShortcutTarget: EIZO ScreenSlicer.lnk -> C:\Windows\Installer\{292A177D-723F-4537-9985-BC8BFCD8B63D}\NewShortcut1_ECE901F38F8D425291BF1815F96683B4.exe (Macrovision Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ScreenManager Pro for LCD Ver3.3.3.lnk
ShortcutTarget: ScreenManager Pro for LCD Ver3.3.3.lnk -> C:\Program Files (x86)\EIZO\ScreenManager Pro for LCD\Lcdctrl.exe (EIZO Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:49436;https=127.0.0.1:49436;
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\S-1-5-21-3672898365-1647074900-201637474-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Winsock: Catalog9 01 C:\Windows\SysWOW64\ColorMedia.dll [324776] (CartCrunch Israel Ltd.)
Winsock: Catalog9 02 C:\Windows\SysWOW64\ColorMedia.dll [324776] (CartCrunch Israel Ltd.)
Winsock: Catalog9 03 C:\Windows\SysWOW64\ColorMedia.dll [324776] (CartCrunch Israel Ltd.)
Winsock: Catalog9 04 C:\Windows\SysWOW64\ColorMedia.dll [324776] (CartCrunch Israel Ltd.)
Winsock: Catalog9 15 C:\Windows\SysWOW64\ColorMedia.dll [324776] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 01 C:\Windows\system32\ColorMedia64.dll [370688] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 02 C:\Windows\system32\ColorMedia64.dll [370688] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 03 C:\Windows\system32\ColorMedia64.dll [370688] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 04 C:\Windows\system32\ColorMedia64.dll [370688] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 15 C:\Windows\system32\ColorMedia64.dll [370688] (CartCrunch Israel Ltd.)
Tcpip\..\Interfaces\{3FCFEC49-E79E-42E3-9AE6-CFF4F098A30B}: [NameServer] 192.168.0.1

FireFox:
========
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

Chrome: 
=======
CHR HomePage: Default -> 
CHR StartupUrls: Default -> "https://www.google.de/", "hxxp://istart.webssearches.com/?type=hppp&ts=1401179454&from=tugs&uid=395049983_266162_F0DFA897", "hxxp://istart.webssearches.com/?type=hppp&ts=1401342874&from=tugs&uid=395049983_266162_F0DFA897", "hxxp://istart.webssearches.com/?type=hppp&ts=1401392681&from=tugs&uid=395049983_266162_F0DFA897", "hxxp://istart.webssearches.com/?type=hppp&ts=1401470905&from=tugs&uid=395049983_266162_F0DFA897", "hxxp://istart.webssearches.com/?type=hppp&ts=1401534646&from=tugs&uid=395049983_266162_F0DFA897", "hxxp://istart.webssearches.com/?type=hppp&ts=1401613039&from=tugs&uid=395049983_266162_F0DFA897", "hxxp://istart.webssearches.com/?type=hppp&ts=1401814348&from=tugs&uid=395049983_266162_F0DFA897", "hxxp://istart.webssearches.com/?type=hppp&ts=1401981463&from=tugs&uid=395049983_266162_F0DFA897", "hxxp://istart.webssearches.com/?type=hppp&ts=1402251016&from=tugs&uid=395049983_266162_F0DFA897", "hxxp://istart.webssearches.com/?type=hppp&ts=1402332086&from=tugs&uid=395049983_266162_F0DFA897", "hxxp://istart.webssearches.com/?type=hppp&ts=1402681885&from=tugs&uid=395049983_266162_F0DFA897", "hxxp://istart.webssearches.com/?type=hppp&ts=1402772176&from=tugs&uid=395049983_266162_F0DFA897", "hxxp://istart.webssearches.com/?type=hppp&ts=1402851446&from=tugs&uid=395049983_266162_F0DFA897", "hxxp://istart.webssearches.com/?type=hppp&ts=1402913513&from=tugs&uid=395049983_266162_F0DFA897", "hxxp://istart.webssearches.com/?type=hppp&ts=1402990213&from=tugs&uid=395049983_266162_F0DFA897", "hxxp://istart.webssearches.com/?type=hppp&ts=1403171129&from=tugs&uid=395049983_266162_F0DFA897", "hxxp://istart.webssearches.com/?type=hppp&ts=1403182900&from=tugs&uid=395049983_266162_F0DFA897", "hxxp://istart.webssearches.com/?type=hppp&ts=1403194663&from=tugs&uid=395049983_266162_F0DFA897", "hxxp://istart.webssearches.com/?type=hppp&ts=1403361600&from=tugs&uid=395049983_266162_F0DFA897", "hxxp://istart.webssearches.com/?type=hp&ts=1422124986&from=cvs&uid=395049983_266162_54A4CF31", "hxxp://istart.webssearches.com/?type=hppp&ts=1422125000&from=cvs&uid=395049983_266162_54A4CF31"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\AZi-PC\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\AZi-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-24]
CHR Extension: (Google Docs) - C:\Users\AZi-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-24]
CHR Extension: (Google Drive) - C:\Users\AZi-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-24]
CHR Extension: (YouTube) - C:\Users\AZi-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-24]
CHR Extension: (Google-Suche) - C:\Users\AZi-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-24]
CHR Extension: (Google Tabellen) - C:\Users\AZi-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-24]
CHR Extension: (Avira Browserschutz) - C:\Users\AZi-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-01-24]
CHR Extension: (Bookmark Manager) - C:\Users\AZi-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-01-24]
CHR Extension: (Google Wallet) - C:\Users\AZi-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-24]
CHR Extension: (Google Mail) - C:\Users\AZi-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-24]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2015-01-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2015-01-24] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [164656 2014-10-22] (Avira Operations GmbH & Co. KG)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
S2 ColorMedia; C:\ProgramData\PicColor Utility\ColorMedia.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2015-01-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2015-01-24] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 cmwf; C:\Windows\system32\Drivers\cmwf.sys [33952 2015-01-07] () [File not signed]
R1 cmwr; C:\Windows\system32\Drivers\cmwr.sys [45216 2015-01-07] () [File not signed]
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-25] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-25 13:06 - 2015-01-25 13:06 - 00000622 _____ () C:\Users\AZi-PC\Desktop\JRT1.txt
2015-01-25 13:06 - 2015-01-25 13:06 - 00000622 _____ () C:\Users\AZi-PC\Desktop\JRT.txt
2015-01-25 13:01 - 2015-01-25 13:01 - 00000000 ____D () C:\Windows\ERUNT
2015-01-25 12:59 - 2015-01-25 12:59 - 00003381 _____ () C:\Users\AZi-PC\Desktop\AdwCleaner[S4].txt
2015-01-25 12:52 - 2015-01-25 12:52 - 00006766 _____ () C:\Users\AZi-PC\Desktop\mbam1.txt
2015-01-25 12:46 - 2015-01-25 12:46 - 00006765 _____ () C:\Users\AZi-PC\Desktop\mbam.txt
2015-01-25 12:24 - 2015-01-25 13:09 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-25 12:23 - 2015-01-25 12:23 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-01-25 12:23 - 2015-01-25 12:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-01-25 12:23 - 2015-01-25 12:23 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-25 12:23 - 2015-01-25 12:23 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-01-25 12:23 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-25 12:23 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-25 12:23 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-25 12:22 - 2015-01-25 12:22 - 00000000 ____D () C:\Users\AZi-PC\Downloads\Safety
2015-01-25 12:22 - 2015-01-25 12:22 - 00000000 ____D () C:\Users\AZi-PC\Downloads\Grafik
2015-01-25 12:22 - 2015-01-25 12:21 - 01707939 _____ (Thisisu) C:\Users\AZi-PC\Desktop\JRT.exe
2015-01-25 12:21 - 2015-01-25 12:21 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\AZi-PC\Desktop\mbam-setup-2.0.4.1028.exe
2015-01-25 10:49 - 2015-01-25 10:49 - 00018284 _____ () C:\Users\AZi-PC\Desktop\Addition.txt
2015-01-25 10:48 - 2015-01-25 13:10 - 00012603 _____ () C:\Users\AZi-PC\Desktop\FRST.txt
2015-01-25 10:48 - 2015-01-25 13:10 - 00000000 ____D () C:\FRST
2015-01-25 10:42 - 2015-01-25 10:42 - 02129920 _____ (Farbar) C:\Users\AZi-PC\Desktop\FRST64.exe
2015-01-24 22:35 - 2015-01-24 22:39 - 00000000 ____D () C:\Users\AZi-PC\Documents\Tipard Studio
2015-01-24 22:35 - 2015-01-24 22:35 - 00001429 _____ () C:\Users\Public\Desktop\Tipard TS Converter.lnk
2015-01-24 22:35 - 2015-01-24 22:35 - 00000000 ____D () C:\Users\AZi-PC\AppData\Local\Tipard Studio
2015-01-24 22:35 - 2015-01-24 22:35 - 00000000 ____D () C:\ProgramData\Tipard Studio
2015-01-24 22:35 - 2015-01-24 22:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tipard
2015-01-24 22:35 - 2015-01-24 22:35 - 00000000 ____D () C:\Program Files (x86)\Tipard Studio
2015-01-24 22:34 - 2015-01-24 22:34 - 24154712 _____ (Tipard Studio ) C:\Users\AZi-PC\Downloads\ts71-converter.exe
2015-01-24 22:21 - 2015-01-24 22:21 - 00000000 ____D () C:\Users\AZi-PC\AppData\Local\Microsoft Games
2015-01-24 21:14 - 2015-01-25 12:56 - 00000000 ____D () C:\AdwCleaner
2015-01-24 20:58 - 2015-01-24 20:58 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk
2015-01-24 20:57 - 2015-01-24 20:54 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-01-24 20:49 - 2015-01-24 20:49 - 00003150 _____ () C:\Windows\System32\Tasks\{655729CA-F8E3-4BD9-A398-D24CC2E3B7DB}
2015-01-24 20:40 - 2015-01-24 20:40 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-01-24 20:40 - 2015-01-24 20:40 - 00000000 ____D () C:\Windows\system32\appraiser
2015-01-24 20:39 - 2015-01-24 20:39 - 00000000 ____D () C:\Users\AZi-PC\AppData\Roaming\EIZO
2015-01-24 20:39 - 2015-01-24 20:39 - 00000000 ____D () C:\Users\AZi-PC\AppData\Local\Downloaded Installations
2015-01-24 20:39 - 2015-01-24 20:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EIZO
2015-01-24 20:34 - 2015-01-24 20:39 - 00000000 ____D () C:\Program Files (x86)\EIZO
2015-01-24 20:34 - 2015-01-24 20:34 - 00000000 ____D () C:\Users\AZi-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EIZO
2015-01-24 20:31 - 2015-01-24 20:35 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-24 20:30 - 2014-12-04 03:32 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-01-24 20:30 - 2014-12-04 03:32 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-01-24 20:30 - 2014-12-04 03:32 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-01-24 20:30 - 2014-12-04 03:31 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-01-24 20:30 - 2014-12-04 03:31 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-01-24 20:30 - 2014-12-04 03:31 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-01-24 20:30 - 2014-12-04 03:26 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-01-24 20:30 - 2014-12-02 00:21 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-01-24 20:30 - 2011-04-09 07:58 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-01-24 20:30 - 2011-04-09 07:45 - 05509504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-24 20:30 - 2011-04-09 07:13 - 03957632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-24 20:30 - 2011-04-09 07:13 - 03901824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-24 20:30 - 2011-04-09 06:56 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-01-24 20:29 - 2014-09-15 01:44 - 03195392 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-01-24 20:29 - 2009-10-24 05:28 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2015-01-24 20:29 - 2009-10-24 05:27 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2015-01-24 20:26 - 2012-06-02 23:19 - 02428952 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-01-24 20:26 - 2012-06-02 23:19 - 00701976 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-01-24 20:26 - 2012-06-02 23:19 - 00057880 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-01-24 20:26 - 2012-06-02 23:19 - 00044056 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-01-24 20:26 - 2012-06-02 23:19 - 00038424 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-01-24 20:26 - 2012-06-02 23:15 - 02622464 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-01-24 20:26 - 2012-06-02 23:15 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-01-24 20:26 - 2012-06-02 15:19 - 00186752 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-01-24 20:26 - 2012-06-02 15:15 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-01-24 20:24 - 2015-01-24 20:24 - 00000000 ____D () C:\Users\AZi-PC\AppData\Roaming\ATI
2015-01-24 20:24 - 2015-01-24 20:24 - 00000000 ____D () C:\Users\AZi-PC\AppData\Local\ATI
2015-01-24 20:24 - 2015-01-24 20:24 - 00000000 ____D () C:\ProgramData\ATI
2015-01-24 20:22 - 2015-01-24 20:22 - 00000000 _____ () C:\Windows\ativpsrm.bin
2015-01-24 20:21 - 2015-01-24 20:21 - 00000000 ____D () C:\ProgramData\AMD
2015-01-24 20:20 - 2015-01-24 20:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2015-01-24 20:20 - 2015-01-24 20:20 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2015-01-24 20:19 - 2015-01-24 20:19 - 00000000 ____D () C:\Program Files\Common Files\ATI Technologies
2015-01-24 20:19 - 2015-01-24 20:19 - 00000000 ____D () C:\Program Files (x86)\AMD
2015-01-24 20:18 - 2015-01-24 20:18 - 01558224 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-01-24 20:17 - 2009-11-25 11:47 - 01942856 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2015-01-24 20:17 - 2009-11-25 11:47 - 01130824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2015-01-24 20:17 - 2009-11-25 11:47 - 00444752 _____ (Microsoft Corporation) C:\Windows\system32\mscoree.dll
2015-01-24 20:17 - 2009-11-25 11:47 - 00320352 _____ (Microsoft Corporation) C:\Windows\system32\PresentationHost.exe
2015-01-24 20:17 - 2009-11-25 11:47 - 00297808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscoree.dll
2015-01-24 20:17 - 2009-11-25 11:47 - 00295264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationHost.exe
2015-01-24 20:17 - 2009-11-25 11:47 - 00109912 _____ (Microsoft Corporation) C:\Windows\system32\PresentationHostProxy.dll
2015-01-24 20:17 - 2009-11-25 11:47 - 00099176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationHostProxy.dll
2015-01-24 20:17 - 2009-11-25 11:47 - 00049472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netfxperf.dll
2015-01-24 20:17 - 2009-11-25 11:47 - 00048960 _____ (Microsoft Corporation) C:\Windows\system32\netfxperf.dll
2015-01-24 20:16 - 2015-01-24 20:58 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-24 20:15 - 2015-01-24 20:20 - 00000000 ____D () C:\Program Files\AMD
2015-01-24 20:13 - 2015-01-24 20:13 - 00000000 ____D () C:\AMD
2015-01-24 19:53 - 2015-01-24 19:53 - 00000000 ____D () C:\Users\AZi-PC\AppData\Roaming\Avira
2015-01-24 19:52 - 2015-01-24 20:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-01-24 19:52 - 2015-01-24 19:52 - 00002066 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2015-01-24 19:51 - 2015-01-24 20:58 - 00000000 ____D () C:\ProgramData\Avira
2015-01-24 19:51 - 2015-01-24 20:58 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-01-24 19:51 - 2015-01-24 20:54 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-01-24 19:51 - 2015-01-24 20:54 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-01-24 19:51 - 2015-01-24 19:51 - 00000000 ____D () C:\Users\AZi-PC\AppData\Roaming\dlg
2015-01-24 19:51 - 2013-12-18 09:32 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2015-01-24 19:44 - 2015-01-07 21:07 - 00045216 _____ () C:\Windows\system32\Drivers\cmwr.sys
2015-01-24 19:44 - 2015-01-07 21:07 - 00033952 _____ () C:\Windows\system32\Drivers\cmwf.sys
2015-01-24 19:44 - 2015-01-07 20:54 - 00370688 _____ (CartCrunch Israel Ltd.) C:\Windows\system32\ColorMedia64.dll
2015-01-24 19:44 - 2015-01-07 20:54 - 00324776 _____ (CartCrunch Israel Ltd.) C:\Windows\SysWOW64\ColorMedia.dll
2015-01-24 19:37 - 2015-01-25 12:57 - 00131632 _____ () C:\Windows\PFRO.log
2015-01-24 19:34 - 2015-01-24 21:17 - 00001023 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-24 19:34 - 2015-01-24 21:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-24 19:32 - 2015-01-25 13:09 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-24 19:32 - 2015-01-25 12:37 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-24 19:32 - 2015-01-24 19:34 - 00000000 ____D () C:\Users\AZi-PC\AppData\Local\Google
2015-01-24 19:32 - 2015-01-24 19:34 - 00000000 ____D () C:\Users\AZi-PC\AppData\Local\Deployment
2015-01-24 19:32 - 2015-01-24 19:34 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-24 19:32 - 2015-01-24 19:32 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-01-24 19:32 - 2015-01-24 19:32 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-01-24 19:32 - 2015-01-24 19:32 - 00000000 ____D () C:\Users\AZi-PC\AppData\Local\Apps\2.0
2015-01-24 19:28 - 2015-01-24 19:28 - 00000010 _____ () C:\Users\AZi-PC\Desktop\Kennwort Heimnetzgruppe.txt
2015-01-24 19:21 - 2015-01-24 19:21 - 00057560 _____ () C:\Users\AZi-PC\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-24 19:11 - 2015-01-24 21:17 - 00000919 _____ () C:\Users\AZi-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-24 19:11 - 2015-01-24 21:17 - 00000851 _____ () C:\Users\AZi-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2015-01-24 19:11 - 2015-01-24 19:11 - 00000000 ____D () C:\Users\AZi-PC\AppData\Local\VirtualStore
2015-01-24 19:10 - 2015-01-24 19:11 - 00000000 ____D () C:\Users\AZi-PC
2015-01-24 19:10 - 2015-01-24 19:10 - 00000020 ___SH () C:\Users\AZi-PC\ntuser.ini
2015-01-24 19:10 - 2015-01-24 19:10 - 00000000 _SHDL () C:\Users\AZi-PC\Vorlagen
2015-01-24 19:10 - 2015-01-24 19:10 - 00000000 _SHDL () C:\Users\AZi-PC\Startmenü
2015-01-24 19:10 - 2015-01-24 19:10 - 00000000 _SHDL () C:\Users\AZi-PC\Netzwerkumgebung
2015-01-24 19:10 - 2015-01-24 19:10 - 00000000 _SHDL () C:\Users\AZi-PC\Lokale Einstellungen
2015-01-24 19:10 - 2015-01-24 19:10 - 00000000 _SHDL () C:\Users\AZi-PC\Eigene Dateien
2015-01-24 19:10 - 2015-01-24 19:10 - 00000000 _SHDL () C:\Users\AZi-PC\Druckumgebung
2015-01-24 19:10 - 2015-01-24 19:10 - 00000000 _SHDL () C:\Users\AZi-PC\Documents\Eigene Musik
2015-01-24 19:10 - 2015-01-24 19:10 - 00000000 _SHDL () C:\Users\AZi-PC\Documents\Eigene Bilder
2015-01-24 19:10 - 2015-01-24 19:10 - 00000000 _SHDL () C:\Users\AZi-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-01-24 19:10 - 2015-01-24 19:10 - 00000000 _SHDL () C:\Users\AZi-PC\AppData\Local\Verlauf
2015-01-24 19:10 - 2015-01-24 19:10 - 00000000 _SHDL () C:\Users\AZi-PC\AppData\Local\Anwendungsdaten
2015-01-24 19:10 - 2015-01-24 19:10 - 00000000 _SHDL () C:\Users\AZi-PC\Anwendungsdaten
2015-01-24 19:10 - 2009-07-14 05:54 - 00000000 ___RD () C:\Users\AZi-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-24 19:10 - 2009-07-14 05:49 - 00000000 ___RD () C:\Users\AZi-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-01-24 19:08 - 2015-01-24 19:08 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Musik
2015-01-24 19:08 - 2015-01-24 19:08 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Bilder
2015-01-24 19:08 - 2015-01-24 19:08 - 00000000 _SHDL () C:\Users\Default\Vorlagen
2015-01-24 19:08 - 2015-01-24 19:08 - 00000000 _SHDL () C:\Users\Default\Startmenü
2015-01-24 19:08 - 2015-01-24 19:08 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung
2015-01-24 19:08 - 2015-01-24 19:08 - 00000000 _SHDL () C:\Users\Default\Lokale Einstellungen
2015-01-24 19:08 - 2015-01-24 19:08 - 00000000 _SHDL () C:\Users\Default\Eigene Dateien
2015-01-24 19:08 - 2015-01-24 19:08 - 00000000 _SHDL () C:\Users\Default\Druckumgebung
2015-01-24 19:08 - 2015-01-24 19:08 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik
2015-01-24 19:08 - 2015-01-24 19:08 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder
2015-01-24 19:08 - 2015-01-24 19:08 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-01-24 19:08 - 2015-01-24 19:08 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf
2015-01-24 19:08 - 2015-01-24 19:08 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Anwendungsdaten
2015-01-24 19:08 - 2015-01-24 19:08 - 00000000 _SHDL () C:\Users\Default\Anwendungsdaten
2015-01-24 19:08 - 2015-01-24 19:08 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Musik
2015-01-24 19:08 - 2015-01-24 19:08 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Bilder
2015-01-24 19:08 - 2015-01-24 19:08 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-01-24 19:08 - 2015-01-24 19:08 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Verlauf
2015-01-24 19:08 - 2015-01-24 19:08 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Anwendungsdaten
2015-01-24 19:08 - 2015-01-24 19:08 - 00000000 _SHDL () C:\Programme
2015-01-24 19:08 - 2015-01-24 19:08 - 00000000 _SHDL () C:\ProgramData\Vorlagen
2015-01-24 19:08 - 2015-01-24 19:08 - 00000000 _SHDL () C:\ProgramData\Startmenü
2015-01-24 19:08 - 2015-01-24 19:08 - 00000000 _SHDL () C:\ProgramData\Microsoft\Windows\Start Menu\Programme
2015-01-24 19:08 - 2015-01-24 19:08 - 00000000 _SHDL () C:\ProgramData\Favoriten
2015-01-24 19:08 - 2015-01-24 19:08 - 00000000 _SHDL () C:\ProgramData\Dokumente
2015-01-24 19:08 - 2015-01-24 19:08 - 00000000 _SHDL () C:\ProgramData\Anwendungsdaten
2015-01-24 19:08 - 2015-01-24 19:08 - 00000000 _SHDL () C:\Program Files\Gemeinsame Dateien
2015-01-24 19:08 - 2015-01-24 19:08 - 00000000 _SHDL () C:\Dokumente und Einstellungen
2015-01-24 19:08 - 2015-01-24 19:08 - 00000000 __SHD () C:\Recovery
2015-01-24 19:07 - 2015-01-25 13:06 - 00383449 _____ () C:\Windows\WindowsUpdate.log
2015-01-24 19:02 - 2015-01-24 19:02 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2015-01-24 19:02 - 2015-01-24 19:02 - 00000000 ____D () C:\Windows\CSC

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-25 13:07 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-25 13:07 - 2009-07-14 05:51 - 00025722 _____ () C:\Windows\setupact.log
2015-01-25 13:04 - 2009-07-14 18:58 - 00698688 _____ () C:\Windows\system32\perfh007.dat
2015-01-25 13:04 - 2009-07-14 18:58 - 00148828 _____ () C:\Windows\system32\perfc007.dat
2015-01-25 13:04 - 2009-07-14 06:13 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-25 13:03 - 2009-07-14 05:45 - 00014192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-25 13:03 - 2009-07-14 05:45 - 00014192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-25 12:48 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\Performance
2015-01-24 20:41 - 2009-07-14 05:45 - 00265696 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-24 20:40 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat
2015-01-24 20:16 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\system32\restore
2015-01-24 19:27 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Public\Libraries
2015-01-24 19:15 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-24 19:08 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2015-01-24 19:08 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Windows NT
2015-01-24 19:06 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2015-01-24 19:03 - 2009-10-14 07:04 - 00000000 ____D () C:\Windows\Panther
2015-01-24 19:03 - 2009-10-14 06:06 - 00003540 _____ () C:\Windows\TSSysprep.log
2015-01-24 19:03 - 2009-07-14 05:46 - 00002790 _____ () C:\Windows\DtcInstall.log
2015-01-24 19:01 - 2009-07-14 06:38 - 00025600 ___SH () C:\Windows\system32\config\BCD-Template.LOG
2015-01-24 19:01 - 2009-07-14 06:32 - 00028672 _____ () C:\Windows\system32\config\BCD-Template
2014-12-31 13:12 - 2009-10-14 06:12 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

Some content of TEMP:
====================
C:\Users\AZi-PC\AppData\Local\Temp\avgnt.exe
C:\Users\AZi-PC\AppData\Local\Temp\Quarantine.exe
C:\Users\AZi-PC\AppData\Local\Temp\SpOrder.dll
C:\Users\AZi-PC\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2009-10-14 06:05

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

Viele Grüße,
Holger

schrauber · 25.01.2015, 16:02

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

CloseProcesses:
S2 ColorMedia; C:\ProgramData\PicColor Utility\ColorMedia.exe [X]
C:\ProgramData\PicColor Utility
R1 cmwf; C:\Windows\system32\Drivers\cmwf.sys [33952 2015-01-07] () [File not signed]
R1 cmwr; C:\Windows\system32\Drivers\cmwr.sys [45216 2015-01-07] () [File not signed]
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:49436;https=127.0.0.1:49436;
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Winsock: Catalog9 01 C:\Windows\SysWOW64\ColorMedia.dll [324776] (CartCrunch Israel Ltd.)
Winsock: Catalog9 02 C:\Windows\SysWOW64\ColorMedia.dll [324776] (CartCrunch Israel Ltd.)
Winsock: Catalog9 03 C:\Windows\SysWOW64\ColorMedia.dll [324776] (CartCrunch Israel Ltd.)
Winsock: Catalog9 04 C:\Windows\SysWOW64\ColorMedia.dll [324776] (CartCrunch Israel Ltd.)
Winsock: Catalog9 15 C:\Windows\SysWOW64\ColorMedia.dll [324776] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 01 C:\Windows\system32\ColorMedia64.dll [370688] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 02 C:\Windows\system32\ColorMedia64.dll [370688] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 03 C:\Windows\system32\ColorMedia64.dll [370688] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 04 C:\Windows\system32\ColorMedia64.dll [370688] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 15 C:\Windows\system32\ColorMedia64.dll [370688] (CartCrunch Israel Ltd.)
C:\Windows\SysWOW64\ColorMedia.dll
C:\Windows\system32\ColorMedia64.dll
cmd: netsh winsock reset
Emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Rechner neu starten, dann:

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

cmd: netsh winsock reset

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

holger-s2 · 25.01.2015, 19:56

Hallo Schrauber,

erste Fixlog

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-01-2015 01
Ran by AZi-PC at 2015-01-25 19:45:12 Run:1
Running from C:\Users\AZi-PC\Desktop
Loaded Profiles: AZi-PC (Available profiles: AZi-PC)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CloseProcesses:
S2 ColorMedia; C:\ProgramData\PicColor Utility\ColorMedia.exe [X]
C:\ProgramData\PicColor Utility
R1 cmwf; C:\Windows\system32\Drivers\cmwf.sys [33952 2015-01-07] () [File not signed]
R1 cmwr; C:\Windows\system32\Drivers\cmwr.sys [45216 2015-01-07] () [File not signed]
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:49436;https=127.0.0.1:49436;
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Winsock: Catalog9 01 C:\Windows\SysWOW64\ColorMedia.dll [324776] (CartCrunch Israel Ltd.)
Winsock: Catalog9 02 C:\Windows\SysWOW64\ColorMedia.dll [324776] (CartCrunch Israel Ltd.)
Winsock: Catalog9 03 C:\Windows\SysWOW64\ColorMedia.dll [324776] (CartCrunch Israel Ltd.)
Winsock: Catalog9 04 C:\Windows\SysWOW64\ColorMedia.dll [324776] (CartCrunch Israel Ltd.)
Winsock: Catalog9 15 C:\Windows\SysWOW64\ColorMedia.dll [324776] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 01 C:\Windows\system32\ColorMedia64.dll [370688] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 02 C:\Windows\system32\ColorMedia64.dll [370688] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 03 C:\Windows\system32\ColorMedia64.dll [370688] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 04 C:\Windows\system32\ColorMedia64.dll [370688] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 15 C:\Windows\system32\ColorMedia64.dll [370688] (CartCrunch Israel Ltd.)
C:\Windows\SysWOW64\ColorMedia.dll
C:\Windows\system32\ColorMedia64.dll
cmd: netsh winsock reset
Emptytemp:
         
*****************

Processes closed successfully.
ColorMedia => Error deleting Service
"C:\ProgramData\PicColor Utility" => File/Directory not found.
cmwf => Unable to stop service
cmwf => Error deleting Service
cmwr => Unable to stop service
cmwr => Error deleting Service
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
Winsock: Catalog entry 000000000001 => Could not be deleted.
Winsock: Catalog entry 000000000002 => Could not be deleted.
Winsock: Catalog entry 000000000003 => Could not be deleted.
Winsock: Catalog entry 000000000004 => Could not be deleted.
Winsock: Catalog entry 000000000015 => Could not be deleted.
Winsock: Catalog entry 000000000001 => Could not be deleted.
Winsock: Catalog entry 000000000002 => Could not be deleted.
Winsock: Catalog entry 000000000003 => Could not be deleted.
Winsock: Catalog entry 000000000004 => Could not be deleted.
Winsock: Catalog entry 000000000015 => Could not be deleted.
Could not move "C:\Windows\SysWOW64\ColorMedia.dll" => Scheduled to move on reboot.
Could not move "C:\Windows\system32\ColorMedia64.dll" => Scheduled to move on reboot.

=========  netsh winsock reset =========

Zugriff verweigert



========= End of CMD: =========

EmptyTemp: => Removed 258.6 MB temporary data.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-01-25 19:48:29)<=

"C:\Windows\SysWOW64\ColorMedia.dll" => File could not move.
"C:\Windows\system32\ColorMedia64.dll" => File could not move.

==== End of Fixlog 19:48:29 ====

zweite Fixlog

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-01-2015 01
Ran by AZi-PC at 2015-01-25 19:50:57 Run:2
Running from C:\Users\AZi-PC\Desktop
Loaded Profiles: AZi-PC (Available profiles: AZi-PC)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
cmd: netsh winsock reset
*****************


=========  netsh winsock reset =========

Zugriff verweigert



========= End of CMD: =========


==== End of Fixlog 19:51:01 ====

Zugriff verweigert verstehe ich nicht. Hab´s eigentlich so gemacht wie im vorigen Beitrag beschrieben...?

Viele Grüße,
Holger

schrauber · 26.01.2015, 09:51

Nee das liegt nicht an dir.

Poste bitte nochmal ein frisches FRST log.

holger-s2 · 26.01.2015, 17:54

Hallo,

hoffe das bringt Klarheit:

FRST-Log

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01
Ran by AZi-PC (administrator) on AZI-PC on 26-01-2015 17:48:42
Running from C:\Users\AZi-PC\Desktop
Loaded Profiles: AZi-PC (Available profiles: AZi-PC)
Platform: Windows 7 Ultimate (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(EIZO Corporation) C:\Program Files (x86)\EIZO\ScreenSlicer\ESCSlicer.exe
(EIZO Corporation) C:\Program Files (x86)\EIZO\ScreenManager Pro for LCD\Lcdctrl.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2015-01-24] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [124208 2014-10-22] (Avira Operations GmbH & Co. KG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\EIZO ScreenSlicer.lnk
ShortcutTarget: EIZO ScreenSlicer.lnk -> C:\Windows\Installer\{292A177D-723F-4537-9985-BC8BFCD8B63D}\NewShortcut1_ECE901F38F8D425291BF1815F96683B4.exe (Macrovision Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ScreenManager Pro for LCD Ver3.3.3.lnk
ShortcutTarget: ScreenManager Pro for LCD Ver3.3.3.lnk -> C:\Program Files (x86)\EIZO\ScreenManager Pro for LCD\Lcdctrl.exe (EIZO Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:49436;https=127.0.0.1:49436;
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\S-1-5-21-3672898365-1647074900-201637474-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
Winsock: Catalog9 01 C:\Windows\SysWOW64\ColorMedia.dll [324776] (CartCrunch Israel Ltd.)
Winsock: Catalog9 02 C:\Windows\SysWOW64\ColorMedia.dll [324776] (CartCrunch Israel Ltd.)
Winsock: Catalog9 03 C:\Windows\SysWOW64\ColorMedia.dll [324776] (CartCrunch Israel Ltd.)
Winsock: Catalog9 04 C:\Windows\SysWOW64\ColorMedia.dll [324776] (CartCrunch Israel Ltd.)
Winsock: Catalog9 15 C:\Windows\SysWOW64\ColorMedia.dll [324776] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 01 C:\Windows\system32\ColorMedia64.dll [370688] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 02 C:\Windows\system32\ColorMedia64.dll [370688] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 03 C:\Windows\system32\ColorMedia64.dll [370688] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 04 C:\Windows\system32\ColorMedia64.dll [370688] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 15 C:\Windows\system32\ColorMedia64.dll [370688] (CartCrunch Israel Ltd.)
Tcpip\..\Interfaces\{3FCFEC49-E79E-42E3-9AE6-CFF4F098A30B}: [NameServer] 192.168.0.1

FireFox:
========
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

Chrome: 
=======
CHR HomePage: Default -> 
CHR StartupUrls: Default -> "https://www.google.de/", "hxxp://istart.webssearches.com/?type=hppp&ts=1401179454&from=tugs&uid=395049983_266162_F0DFA897", "hxxp://istart.webssearches.com/?type=hppp&ts=1401342874&from=tugs&uid=395049983_266162_F0DFA897", "hxxp://istart.webssearches.com/?type=hppp&ts=1401392681&from=tugs&uid=395049983_266162_F0DFA897", "hxxp://istart.webssearches.com/?type=hppp&ts=1401470905&from=tugs&uid=395049983_266162_F0DFA897", "hxxp://istart.webssearches.com/?type=hppp&ts=1401534646&from=tugs&uid=395049983_266162_F0DFA897", "hxxp://istart.webssearches.com/?type=hppp&ts=1401613039&from=tugs&uid=395049983_266162_F0DFA897", "hxxp://istart.webssearches.com/?type=hppp&ts=1401814348&from=tugs&uid=395049983_266162_F0DFA897", "hxxp://istart.webssearches.com/?type=hppp&ts=1401981463&from=tugs&uid=395049983_266162_F0DFA897", "hxxp://istart.webssearches.com/?type=hppp&ts=1402251016&from=tugs&uid=395049983_266162_F0DFA897", "hxxp://istart.webssearches.com/?type=hppp&ts=1402332086&from=tugs&uid=395049983_266162_F0DFA897", "hxxp://istart.webssearches.com/?type=hppp&ts=1402681885&from=tugs&uid=395049983_266162_F0DFA897", "hxxp://istart.webssearches.com/?type=hppp&ts=1402772176&from=tugs&uid=395049983_266162_F0DFA897", "hxxp://istart.webssearches.com/?type=hppp&ts=1402851446&from=tugs&uid=395049983_266162_F0DFA897", "hxxp://istart.webssearches.com/?type=hppp&ts=1402913513&from=tugs&uid=395049983_266162_F0DFA897", "hxxp://istart.webssearches.com/?type=hppp&ts=1402990213&from=tugs&uid=395049983_266162_F0DFA897", "hxxp://istart.webssearches.com/?type=hppp&ts=1403171129&from=tugs&uid=395049983_266162_F0DFA897", "hxxp://istart.webssearches.com/?type=hppp&ts=1403182900&from=tugs&uid=395049983_266162_F0DFA897", "hxxp://istart.webssearches.com/?type=hppp&ts=1403194663&from=tugs&uid=395049983_266162_F0DFA897", "hxxp://istart.webssearches.com/?type=hppp&ts=1403361600&from=tugs&uid=395049983_266162_F0DFA897", "hxxp://istart.webssearches.com/?type=hp&ts=1422124986&from=cvs&uid=395049983_266162_54A4CF31", "hxxp://istart.webssearches.com/?type=hppp&ts=1422125000&from=cvs&uid=395049983_266162_54A4CF31"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\AZi-PC\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\AZi-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-24]
CHR Extension: (Google Docs) - C:\Users\AZi-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-24]
CHR Extension: (Google Drive) - C:\Users\AZi-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-24]
CHR Extension: (YouTube) - C:\Users\AZi-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-24]
CHR Extension: (Google-Suche) - C:\Users\AZi-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-24]
CHR Extension: (Google Tabellen) - C:\Users\AZi-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-24]
CHR Extension: (Avira Browserschutz) - C:\Users\AZi-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-01-24]
CHR Extension: (Bookmark Manager) - C:\Users\AZi-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-01-24]
CHR Extension: (Google Wallet) - C:\Users\AZi-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-24]
CHR Extension: (Google Mail) - C:\Users\AZi-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-24]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2015-01-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2015-01-24] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [164656 2014-10-22] (Avira Operations GmbH & Co. KG)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
S2 ColorMedia; C:\ProgramData\PicColor Utility\ColorMedia.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2015-01-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2015-01-24] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 cmwf; C:\Windows\system32\Drivers\cmwf.sys [33952 2015-01-07] () [File not signed]
R1 cmwr; C:\Windows\system32\Drivers\cmwr.sys [45216 2015-01-07] () [File not signed]
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-26] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-25 20:09 - 2015-01-24 21:13 - 02194432 _____ () C:\Users\AZi-PC\Desktop\adwcleaner_4.109.exe
2015-01-25 13:11 - 2015-01-25 13:11 - 00033241 _____ () C:\Users\AZi-PC\Desktop\FRST1.txt
2015-01-25 13:06 - 2015-01-25 13:06 - 00000622 _____ () C:\Users\AZi-PC\Desktop\JRT1.txt
2015-01-25 13:06 - 2015-01-25 13:06 - 00000622 _____ () C:\Users\AZi-PC\Desktop\JRT.txt
2015-01-25 13:01 - 2015-01-25 13:01 - 00000000 ____D () C:\Windows\ERUNT
2015-01-25 12:59 - 2015-01-25 12:59 - 00003381 _____ () C:\Users\AZi-PC\Desktop\AdwCleaner[S4].txt
2015-01-25 12:52 - 2015-01-25 12:52 - 00006766 _____ () C:\Users\AZi-PC\Desktop\mbam1.txt
2015-01-25 12:46 - 2015-01-25 12:46 - 00006765 _____ () C:\Users\AZi-PC\Desktop\mbam.txt
2015-01-25 12:24 - 2015-01-26 17:46 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-25 12:23 - 2015-01-25 12:23 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-01-25 12:23 - 2015-01-25 12:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-01-25 12:23 - 2015-01-25 12:23 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-25 12:23 - 2015-01-25 12:23 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-01-25 12:23 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-25 12:23 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-25 12:23 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-25 12:22 - 2015-01-25 19:42 - 00000000 ____D () C:\Users\AZi-PC\Downloads\Safety
2015-01-25 12:22 - 2015-01-25 12:22 - 00000000 ____D () C:\Users\AZi-PC\Downloads\Grafik
2015-01-25 12:22 - 2015-01-25 12:21 - 01707939 _____ (Thisisu) C:\Users\AZi-PC\Desktop\JRT.exe
2015-01-25 10:49 - 2015-01-25 10:49 - 00018284 _____ () C:\Users\AZi-PC\Desktop\Addition.txt
2015-01-25 10:48 - 2015-01-26 17:49 - 00012481 _____ () C:\Users\AZi-PC\Desktop\FRST.txt
2015-01-25 10:48 - 2015-01-26 17:48 - 00000000 ____D () C:\FRST
2015-01-25 10:42 - 2015-01-25 10:42 - 02129920 _____ (Farbar) C:\Users\AZi-PC\Desktop\FRST64.exe
2015-01-24 22:35 - 2015-01-24 22:39 - 00000000 ____D () C:\Users\AZi-PC\Documents\Tipard Studio
2015-01-24 22:35 - 2015-01-24 22:35 - 00001429 _____ () C:\Users\Public\Desktop\Tipard TS Converter.lnk
2015-01-24 22:35 - 2015-01-24 22:35 - 00000000 ____D () C:\Users\AZi-PC\AppData\Local\Tipard Studio
2015-01-24 22:35 - 2015-01-24 22:35 - 00000000 ____D () C:\ProgramData\Tipard Studio
2015-01-24 22:35 - 2015-01-24 22:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tipard
2015-01-24 22:35 - 2015-01-24 22:35 - 00000000 ____D () C:\Program Files (x86)\Tipard Studio
2015-01-24 22:34 - 2015-01-24 22:34 - 24154712 _____ (Tipard Studio ) C:\Users\AZi-PC\Downloads\ts71-converter.exe
2015-01-24 22:21 - 2015-01-24 22:21 - 00000000 ____D () C:\Users\AZi-PC\AppData\Local\Microsoft Games
2015-01-24 21:14 - 2015-01-25 20:11 - 00000000 ____D () C:\AdwCleaner
2015-01-24 20:58 - 2015-01-24 20:58 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk
2015-01-24 20:57 - 2015-01-24 20:54 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-01-24 20:49 - 2015-01-24 20:49 - 00003150 _____ () C:\Windows\System32\Tasks\{655729CA-F8E3-4BD9-A398-D24CC2E3B7DB}
2015-01-24 20:40 - 2015-01-24 20:40 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-01-24 20:40 - 2015-01-24 20:40 - 00000000 ____D () C:\Windows\system32\appraiser
2015-01-24 20:39 - 2015-01-24 20:39 - 00000000 ____D () C:\Users\AZi-PC\AppData\Roaming\EIZO
2015-01-24 20:39 - 2015-01-24 20:39 - 00000000 ____D () C:\Users\AZi-PC\AppData\Local\Downloaded Installations
2015-01-24 20:39 - 2015-01-24 20:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EIZO
2015-01-24 20:34 - 2015-01-24 20:39 - 00000000 ____D () C:\Program Files (x86)\EIZO
2015-01-24 20:34 - 2015-01-24 20:34 - 00000000 ____D () C:\Users\AZi-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EIZO
2015-01-24 20:31 - 2015-01-24 20:35 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-24 20:30 - 2014-12-04 03:32 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-01-24 20:30 - 2014-12-04 03:32 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-01-24 20:30 - 2014-12-04 03:32 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-01-24 20:30 - 2014-12-04 03:31 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-01-24 20:30 - 2014-12-04 03:31 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-01-24 20:30 - 2014-12-04 03:31 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-01-24 20:30 - 2014-12-04 03:26 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-01-24 20:30 - 2014-12-02 00:21 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-01-24 20:30 - 2011-04-09 07:58 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-01-24 20:30 - 2011-04-09 07:45 - 05509504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-24 20:30 - 2011-04-09 07:13 - 03957632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-24 20:30 - 2011-04-09 07:13 - 03901824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-24 20:30 - 2011-04-09 06:56 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-01-24 20:29 - 2014-09-15 01:44 - 03195392 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-01-24 20:29 - 2009-10-24 05:28 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2015-01-24 20:29 - 2009-10-24 05:27 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2015-01-24 20:26 - 2012-06-02 23:19 - 02428952 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-01-24 20:26 - 2012-06-02 23:19 - 00701976 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-01-24 20:26 - 2012-06-02 23:19 - 00057880 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-01-24 20:26 - 2012-06-02 23:19 - 00044056 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-01-24 20:26 - 2012-06-02 23:19 - 00038424 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-01-24 20:26 - 2012-06-02 23:15 - 02622464 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-01-24 20:26 - 2012-06-02 23:15 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-01-24 20:26 - 2012-06-02 15:19 - 00186752 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-01-24 20:26 - 2012-06-02 15:15 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-01-24 20:24 - 2015-01-24 20:24 - 00000000 ____D () C:\Users\AZi-PC\AppData\Roaming\ATI
2015-01-24 20:24 - 2015-01-24 20:24 - 00000000 ____D () C:\Users\AZi-PC\AppData\Local\ATI
2015-01-24 20:24 - 2015-01-24 20:24 - 00000000 ____D () C:\ProgramData\ATI
2015-01-24 20:22 - 2015-01-24 20:22 - 00000000 _____ () C:\Windows\ativpsrm.bin
2015-01-24 20:21 - 2015-01-24 20:21 - 00000000 ____D () C:\ProgramData\AMD
2015-01-24 20:20 - 2015-01-24 20:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2015-01-24 20:20 - 2015-01-24 20:20 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2015-01-24 20:19 - 2015-01-24 20:19 - 00000000 ____D () C:\Program Files\Common Files\ATI Technologies
2015-01-24 20:19 - 2015-01-24 20:19 - 00000000 ____D () C:\Program Files (x86)\AMD
2015-01-24 20:18 - 2015-01-24 20:18 - 01558224 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-01-24 20:17 - 2009-11-25 11:47 - 01942856 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2015-01-24 20:17 - 2009-11-25 11:47 - 01130824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2015-01-24 20:17 - 2009-11-25 11:47 - 00444752 _____ (Microsoft Corporation) C:\Windows\system32\mscoree.dll
2015-01-24 20:17 - 2009-11-25 11:47 - 00320352 _____ (Microsoft Corporation) C:\Windows\system32\PresentationHost.exe
2015-01-24 20:17 - 2009-11-25 11:47 - 00297808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscoree.dll
2015-01-24 20:17 - 2009-11-25 11:47 - 00295264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationHost.exe
2015-01-24 20:17 - 2009-11-25 11:47 - 00109912 _____ (Microsoft Corporation) C:\Windows\system32\PresentationHostProxy.dll
2015-01-24 20:17 - 2009-11-25 11:47 - 00099176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationHostProxy.dll
2015-01-24 20:17 - 2009-11-25 11:47 - 00049472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netfxperf.dll
2015-01-24 20:17 - 2009-11-25 11:47 - 00048960 _____ (Microsoft Corporation) C:\Windows\system32\netfxperf.dll
2015-01-24 20:16 - 2015-01-24 20:58 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-24 20:15 - 2015-01-24 20:20 - 00000000 ____D () C:\Program Files\AMD
2015-01-24 20:13 - 2015-01-24 20:13 - 00000000 ____D () C:\AMD
2015-01-24 19:53 - 2015-01-24 19:53 - 00000000 ____D () C:\Users\AZi-PC\AppData\Roaming\Avira
2015-01-24 19:52 - 2015-01-24 20:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-01-24 19:52 - 2015-01-24 19:52 - 00002066 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2015-01-24 19:51 - 2015-01-24 20:58 - 00000000 ____D () C:\ProgramData\Avira
2015-01-24 19:51 - 2015-01-24 20:58 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-01-24 19:51 - 2015-01-24 20:54 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-01-24 19:51 - 2015-01-24 20:54 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-01-24 19:51 - 2015-01-24 19:51 - 00000000 ____D () C:\Users\AZi-PC\AppData\Roaming\dlg
2015-01-24 19:51 - 2013-12-18 09:32 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2015-01-24 19:44 - 2015-01-07 21:07 - 00045216 _____ () C:\Windows\system32\Drivers\cmwr.sys
2015-01-24 19:44 - 2015-01-07 21:07 - 00033952 _____ () C:\Windows\system32\Drivers\cmwf.sys
2015-01-24 19:44 - 2015-01-07 20:54 - 00370688 _____ (CartCrunch Israel Ltd.) C:\Windows\system32\ColorMedia64.dll
2015-01-24 19:44 - 2015-01-07 20:54 - 00324776 _____ (CartCrunch Israel Ltd.) C:\Windows\SysWOW64\ColorMedia.dll
2015-01-24 19:37 - 2015-01-25 19:46 - 00132344 _____ () C:\Windows\PFRO.log
2015-01-24 19:34 - 2015-01-24 21:17 - 00001023 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-24 19:34 - 2015-01-24 21:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-24 19:32 - 2015-01-26 17:44 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-24 19:32 - 2015-01-25 13:37 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-24 19:32 - 2015-01-24 19:34 - 00000000 ____D () C:\Users\AZi-PC\AppData\Local\Google
2015-01-24 19:32 - 2015-01-24 19:34 - 00000000 ____D () C:\Users\AZi-PC\AppData\Local\Deployment
2015-01-24 19:32 - 2015-01-24 19:34 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-24 19:32 - 2015-01-24 19:32 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-01-24 19:32 - 2015-01-24 19:32 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-01-24 19:32 - 2015-01-24 19:32 - 00000000 ____D () C:\Users\AZi-PC\AppData\Local\Apps\2.0
2015-01-24 19:28 - 2015-01-24 19:28 - 00000010 _____ () C:\Users\AZi-PC\Desktop\Kennwort Heimnetzgruppe.txt
2015-01-24 19:21 - 2015-01-24 19:21 - 00057560 _____ () C:\Users\AZi-PC\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-24 19:11 - 2015-01-24 21:17 - 00000919 _____ () C:\Users\AZi-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-24 19:11 - 2015-01-24 21:17 - 00000851 _____ () C:\Users\AZi-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2015-01-24 19:11 - 2015-01-24 19:11 - 00000000 ____D () C:\Users\AZi-PC\AppData\Local\VirtualStore
2015-01-24 19:10 - 2015-01-24 19:11 - 00000000 ____D () C:\Users\AZi-PC
2015-01-24 19:10 - 2015-01-24 19:10 - 00000020 ___SH () C:\Users\AZi-PC\ntuser.ini
2015-01-24 19:10 - 2015-01-24 19:10 - 00000000 _SHDL () C:\Users\AZi-PC\Vorlagen
2015-01-24 19:10 - 2015-01-24 19:10 - 00000000 _SHDL () C:\Users\AZi-PC\Startmenü
2015-01-24 19:10 - 2015-01-24 19:10 - 00000000 _SHDL () C:\Users\AZi-PC\Netzwerkumgebung
2015-01-24 19:10 - 2015-01-24 19:10 - 00000000 _SHDL () C:\Users\AZi-PC\Lokale Einstellungen
2015-01-24 19:10 - 2015-01-24 19:10 - 00000000 _SHDL () C:\Users\AZi-PC\Eigene Dateien
2015-01-24 19:10 - 2015-01-24 19:10 - 00000000 _SHDL () C:\Users\AZi-PC\Druckumgebung
2015-01-24 19:10 - 2015-01-24 19:10 - 00000000 _SHDL () C:\Users\AZi-PC\Documents\Eigene Musik
2015-01-24 19:10 - 2015-01-24 19:10 - 00000000 _SHDL () C:\Users\AZi-PC\Documents\Eigene Bilder
2015-01-24 19:10 - 2015-01-24 19:10 - 00000000 _SHDL () C:\Users\AZi-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-01-24 19:10 - 2015-01-24 19:10 - 00000000 _SHDL () C:\Users\AZi-PC\AppData\Local\Verlauf
2015-01-24 19:10 - 2015-01-24 19:10 - 00000000 _SHDL () C:\Users\AZi-PC\AppData\Local\Anwendungsdaten
2015-01-24 19:10 - 2015-01-24 19:10 - 00000000 _SHDL () C:\Users\AZi-PC\Anwendungsdaten
2015-01-24 19:10 - 2009-07-14 05:54 - 00000000 ___RD () C:\Users\AZi-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-24 19:10 - 2009-07-14 05:49 - 00000000 ___RD () C:\Users\AZi-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-01-24 19:08 - 2015-01-24 19:08 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Musik
2015-01-24 19:08 - 2015-01-24 19:08 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Bilder
2015-01-24 19:08 - 2015-01-24 19:08 - 00000000 _SHDL () C:\Users\Default\Vorlagen
2015-01-24 19:08 - 2015-01-24 19:08 - 00000000 _SHDL () C:\Users\Default\Startmenü
2015-01-24 19:08 - 2015-01-24 19:08 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung
2015-01-24 19:08 - 2015-01-24 19:08 - 00000000 _SHDL () C:\Users\Default\Lokale Einstellungen
2015-01-24 19:08 - 2015-01-24 19:08 - 00000000 _SHDL () C:\Users\Default\Eigene Dateien
2015-01-24 19:08 - 2015-01-24 19:08 - 00000000 _SHDL () C:\Users\Default\Druckumgebung
2015-01-24 19:08 - 2015-01-24 19:08 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik
2015-01-24 19:08 - 2015-01-24 19:08 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder
2015-01-24 19:08 - 2015-01-24 19:08 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-01-24 19:08 - 2015-01-24 19:08 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf
2015-01-24 19:08 - 2015-01-24 19:08 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Anwendungsdaten
2015-01-24 19:08 - 2015-01-24 19:08 - 00000000 _SHDL () C:\Users\Default\Anwendungsdaten
2015-01-24 19:08 - 2015-01-24 19:08 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Musik
2015-01-24 19:08 - 2015-01-24 19:08 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Bilder
2015-01-24 19:08 - 2015-01-24 19:08 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-01-24 19:08 - 2015-01-24 19:08 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Verlauf
2015-01-24 19:08 - 2015-01-24 19:08 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Anwendungsdaten
2015-01-24 19:08 - 2015-01-24 19:08 - 00000000 _SHDL () C:\Programme
2015-01-24 19:08 - 2015-01-24 19:08 - 00000000 _SHDL () C:\ProgramData\Vorlagen
2015-01-24 19:08 - 2015-01-24 19:08 - 00000000 _SHDL () C:\ProgramData\Startmenü
2015-01-24 19:08 - 2015-01-24 19:08 - 00000000 _SHDL () C:\ProgramData\Microsoft\Windows\Start Menu\Programme
2015-01-24 19:08 - 2015-01-24 19:08 - 00000000 _SHDL () C:\ProgramData\Favoriten
2015-01-24 19:08 - 2015-01-24 19:08 - 00000000 _SHDL () C:\ProgramData\Dokumente
2015-01-24 19:08 - 2015-01-24 19:08 - 00000000 _SHDL () C:\ProgramData\Anwendungsdaten
2015-01-24 19:08 - 2015-01-24 19:08 - 00000000 _SHDL () C:\Program Files\Gemeinsame Dateien
2015-01-24 19:08 - 2015-01-24 19:08 - 00000000 _SHDL () C:\Dokumente und Einstellungen
2015-01-24 19:08 - 2015-01-24 19:08 - 00000000 __SHD () C:\Recovery
2015-01-24 19:07 - 2015-01-26 17:48 - 00454372 _____ () C:\Windows\WindowsUpdate.log
2015-01-24 19:02 - 2015-01-24 19:02 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2015-01-24 19:02 - 2015-01-24 19:02 - 00000000 ____D () C:\Windows\CSC

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-26 17:48 - 2009-07-14 18:58 - 00698688 _____ () C:\Windows\system32\perfh007.dat
2015-01-26 17:48 - 2009-07-14 18:58 - 00148828 _____ () C:\Windows\system32\perfc007.dat
2015-01-26 17:48 - 2009-07-14 06:13 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-26 17:44 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-26 17:44 - 2009-07-14 05:51 - 00025946 _____ () C:\Windows\setupact.log
2015-01-25 22:47 - 2009-07-14 05:45 - 00014192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-25 22:47 - 2009-07-14 05:45 - 00014192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-25 12:48 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\Performance
2015-01-24 20:41 - 2009-07-14 05:45 - 00265696 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-24 20:40 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat
2015-01-24 20:16 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\system32\restore
2015-01-24 19:27 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Public\Libraries
2015-01-24 19:15 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-24 19:08 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2015-01-24 19:08 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Windows NT
2015-01-24 19:06 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2015-01-24 19:03 - 2009-10-14 07:04 - 00000000 ____D () C:\Windows\Panther
2015-01-24 19:03 - 2009-10-14 06:06 - 00003540 _____ () C:\Windows\TSSysprep.log
2015-01-24 19:03 - 2009-07-14 05:46 - 00002790 _____ () C:\Windows\DtcInstall.log
2015-01-24 19:01 - 2009-07-14 06:38 - 00025600 ___SH () C:\Windows\system32\config\BCD-Template.LOG
2015-01-24 19:01 - 2009-07-14 06:32 - 00028672 _____ () C:\Windows\system32\config\BCD-Template
2014-12-31 13:12 - 2009-10-14 06:12 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

Some content of TEMP:
====================
C:\Users\AZi-PC\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2009-10-14 06:05

==================== End Of Log ============================

--- --- ---

--- --- ---

Addition.txt

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-01-2015 01
Ran by AZi-PC at 2015-01-26 17:49:33
Running from C:\Users\AZi-PC\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Avira (HKLM-x32\...\{4241d738-563d-4685-803c-e58b90a2e5e8}) (Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
EIZO ScreenSlicer (HKLM-x32\...\{292A177D-723F-4537-9985-BC8BFCD8B63D}) (Version: 1.1.5.0 - EIZO Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.91 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
ScreenManager Pro for LCD (HKLM-x32\...\{DAB265AD-27B2-4651-B8D8-F4F3A8ECC705}) (Version: 3.3.3.0 - EIZO Corporation)
Tipard TS Converter 7.1.50 (HKLM-x32\...\{2D85A23D-06EF-4df2-BF09-B39AEDAE9140}_is1) (Version: 7.1.50 - Tipard Studio)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

24-01-2015 20:16:20 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
24-01-2015 20:17:03 Windows Update
24-01-2015 20:18:48 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
24-01-2015 20:26:25 Windows Update
24-01-2015 20:31:07 Windows Update
24-01-2015 20:39:31 Installed EIZO ScreenSlicer.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1E7525C4-0307-490A-9765-AD862E9C57D7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-24] (Google Inc.)
Task: {61006B44-E1ED-44A9-BFF0-F62971187898} - System32\Tasks\{655729CA-F8E3-4BD9-A398-D24CC2E3B7DB} => pcalua.exe -a C:\Users\AZi-PC\AppData\Roaming\webssearches\UninstallManager.exe -c  -ptid=cvs <==== ATTENTION
Task: {6C1A3B13-1C2C-4146-8DB8-D704DF4D40C1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-24] (Google Inc.)
Task: {DBA640B1-4B8E-4C61-92B4-3413D4C128D4} - \GNVLNUPDH No Task File <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============


==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\cmwf.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\cmwr.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\cmwf.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\cmwr.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ColorMedia => ""="service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-3672898365-1647074900-201637474-500 - Administrator - Disabled)
AZi-PC (S-1-5-21-3672898365-1647074900-201637474-1000 - Administrator - Enabled) => C:\Users\AZi-PC
Gast (S-1-5-21-3672898365-1647074900-201637474-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3672898365-1647074900-201637474-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: Unknown Device
Description: Unknown Device
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard-USB-Hostcontroller)
Service: 
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. 


==================== Event log errors: =========================

Application errors:
==================
Error: (01/25/2015 10:54:45 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error: (01/25/2015 10:54:45 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error: (01/25/2015 10:54:45 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error: (01/25/2015 01:28:54 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error: (01/25/2015 01:28:54 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.


System errors:
=============
Error: (01/26/2015 05:49:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "ColorMedia" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (01/26/2015 05:49:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "ColorMedia" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (01/26/2015 05:49:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "ColorMedia" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (01/26/2015 05:49:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "ColorMedia" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (01/26/2015 05:48:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "ColorMedia" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (01/26/2015 05:48:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "ColorMedia" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (01/26/2015 05:48:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "ColorMedia" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (01/26/2015 05:48:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "ColorMedia" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (01/26/2015 05:48:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "ColorMedia" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (01/26/2015 05:47:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "ColorMedia" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2


Microsoft Office Sessions:
=========================
Error: (01/25/2015 10:54:45 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

Error: (01/25/2015 10:54:45 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

Error: (01/25/2015 10:54:45 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

Error: (01/25/2015 01:28:54 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

Error: (01/25/2015 01:28:54 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.


==================== Memory info =========================== 

Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4200+
Percentage of memory in use: 32%
Total physical RAM: 4094.49 MB
Available physical RAM: 2747.78 MB
Total Pagefile: 8187.13 MB
Available Pagefile: 6449.44 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:117.28 GB) (Free:96.33 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 117.4 GB) (Disk ID: D0947A02)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=117.3 GB) - (Type=07 NTFS)

==================== End Of Log ============================

VG
Holger

schrauber · 26.01.2015, 22:21

Lade dir bitte BlitzBlank (von Emsisoft) herunter und speichere es auf den Desktop.

Starte die BlitzBlank.exe und bestätige die Warnung mit OK.
Wechsle in den Reiter Script.
Kopiere nun folgenden Inhalt aus der Codebox und füge ihn ins Textfeld von BlitzBlank ein:
(Wichtig: Falls du deinen Benutzernamen unkenntlich gemacht hast (z.B. durch ***), dann mach das hier im Skript wieder rückgängig.)
Code:
ATTFilter
```
DeleteFile:
C:\Windows\SysWOW64\ColorMedia.dll
C:\Windows\system32\ColorMedia64.dll
DisableDriver:
ColorMedia
         
```
Schließe jetzt alle anderen laufenden Programme und Anwendungen.
Drücke dann auf Jetzt ausführen.
Bestätige die Warnung und den Neustart jeweils mit OK. Der Rechner wird neu gestartet.
Nach dem Neustart findest du ein Logfile unter C:\blitzblank.log. Poste dessen Inhalt bitte hier in deinen Thread.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

CloseProcesses:
S2 ColorMedia; C:\ProgramData\PicColor Utility\ColorMedia.exe [X]
C:\ProgramData\PicColor Utility
R1 cmwf; C:\Windows\system32\Drivers\cmwf.sys [33952 2015-01-07] () [File not signed]
R1 cmwr; C:\Windows\system32\Drivers\cmwr.sys [45216 2015-01-07] () [File not signed]
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:49436;https=127.0.0.1:49436;
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Winsock: Catalog9 01 C:\Windows\SysWOW64\ColorMedia.dll [324776] (CartCrunch Israel Ltd.)
Winsock: Catalog9 02 C:\Windows\SysWOW64\ColorMedia.dll [324776] (CartCrunch Israel Ltd.)
Winsock: Catalog9 03 C:\Windows\SysWOW64\ColorMedia.dll [324776] (CartCrunch Israel Ltd.)
Winsock: Catalog9 04 C:\Windows\SysWOW64\ColorMedia.dll [324776] (CartCrunch Israel Ltd.)
Winsock: Catalog9 15 C:\Windows\SysWOW64\ColorMedia.dll [324776] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 01 C:\Windows\system32\ColorMedia64.dll [370688] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 02 C:\Windows\system32\ColorMedia64.dll [370688] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 03 C:\Windows\system32\ColorMedia64.dll [370688] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 04 C:\Windows\system32\ColorMedia64.dll [370688] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 15 C:\Windows\system32\ColorMedia64.dll [370688] (CartCrunch Israel Ltd.)
C:\Windows\SysWOW64\ColorMedia.dll
C:\Windows\system32\ColorMedia64.dll
cmd: netsh winsock reset
Emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

holger-s2 · 28.01.2015, 21:21

Hallo,

bei Blitzblank erscheint nach Klick auf "Jetzt ausführen" die Fehlermeldung

"Syntax Fehler in Zeile 3, ungültiger Dateipfad."

Die Dateien sind aber jeweils in genau diesem Pfad existent, das hab ich mit dem Datei Explorer nachgesehen.

Was mach´ ich falsch?

Bevor Blitzblank nicht funktioniert hat, macht FRST wahrscheinlich wenig Sinn, daher starte ich das erstmal nicht.

Vielen Dank.

Kann es sein, dass ich mir die Probleme mit der Installation von Chrome reingeholt habe und macht es eventuell Sinn, Windows nochmal neu zu installieren? Ich hab´ ja wie eingangs geschrieben noch keine weiteren Programme installiert und die Viren/ Malware ist echt hartnäckig, oder?

Viele Grüße,
Holger

schrauber · 29.01.2015, 07:19

Das ist eigentlich nur Adware, aber die sitzt hartnäckig im Stack

.

Formatieren bereinigt das auf jeden Fall. Sag mir nur ob wir weiter machen sollen

holger-s2 · 29.01.2015, 20:28

Hallo,

jetzt sind wir so weit, da möchte ich schon gerne weitermachen und hoffe das Problem mit Deiner Unterstützung beseitigt zu bekommen.

Es gibt allerdings noch ein weiteres Problem:
In den letzten Tagen hab ich eigentlich den PC nur laufen lassen, wenn ich die Aktionen nach Anleitung durchgeführt hatte und ein paarmal über Chrome gesurft aber keine Daten auf den PC kopiert oder Programme installiert.
Jetzt sind auf der Festplatte ca. 8 GB mehr belegt als am letzten WE. Den Cache von Chrome hab´ ich gelöscht, das war nichts in GB zählbares.

2x sind Windows-Updates installiert worden beim Neustart. Aber das kann doch nicht so viel sein, oder?

Beim Scannen der Festplatte (Suche: Neue Dateien der letzten 3 Tage) zeigt der WinExplorer viele kleine Dateien in C:\Windows\Winsxs und ...\sysWOW64 und \SoftwareDistribution. Aber das ergibt alles nicht den in den Tagen auf der Festplatte belegen Speicherplatz, es sind etwa 8.600 Dateien mit einer Gesamtgröße von 1,8 GB angelegt/ geändert worden.

Hängt das mit der Adware zusammen und lässt sich das beseitigen?

Viele Grüße,
Holger

schrauber · 30.01.2015, 08:05

TreeSize Free - Download - Filepony

Installieren udn laufen lassen. das Tool scannt die Festplatte. Wenn es fertig is bitte nen Screenshot davon.

holger-s2 · 30.01.2015, 18:21

Screenshot Treesizefile anbei.
Sind weitere Ebenen erforderlich?

schrauber · 31.01.2015, 11:32

Die beiden Dateien mit insgesamt 7 GB mal anschauen, ebenso Ordner Windows aufklappen, schauen ob da irgendwas extrem viel GB braucht.

holger-s2 · 01.02.2015, 09:35

Hallo,

TreeSize nochmal gestartet.

Die beiden Dateien sehen so aus:
pagefile.sys - 4GB
hiberfil.sys - 3GB
Dateien jeweils 1, letzte Änderung jeweils heute.

Windows Verzeichnis im Anhang, der Größe nach sortiert, soviel wie auf den ersten Bildschirm gepasst hat.

Wenn ich noch etwas schicken soll (nächste Ebene), bitte sagen.
Sonst bitte den nächsten Schritt, damit ich die doofe Adware loswerde.

Viele Grüße,
Holger

26.01.2015, 09:51	#6
schrauber /// the machine /// TB-Ausbilder	Windows 7 Neuinstallation, ColorMedia lässt sich nicht entfernen Nee das liegt nicht an dir. Poste bitte nochmal ein frisches FRST log. __________________ --> Windows 7 Neuinstallation, ColorMedia lässt sich nicht entfernen

Windows 7 Neuinstallation, ColorMedia lässt sich nicht entfernen

Log-Analyse und Auswertung: Windows 7 Neuinstallation, ColorMedia lässt sich nicht entfernen