Windows 7 Neuinstallation, ColorMedia lässt sich nicht entfernen

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01
Ran by AZi-PC (administrator) on AZI-PC on 25-01-2015 10:48:27
Running from C:\Users\AZi-PC\Desktop
Loaded Profiles: AZi-PC (Available profiles: AZi-PC)
Platform: Windows 7 Ultimate (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(EIZO Corporation) C:\Program Files (x86)\EIZO\ScreenSlicer\ESCSlicer.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(EIZO Corporation) C:\Program Files (x86)\EIZO\ScreenManager Pro for LCD\Lcdctrl.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2015-01-24] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [124208 2014-10-22] (Avira Operations GmbH & Co. KG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\EIZO ScreenSlicer.lnk
ShortcutTarget: EIZO ScreenSlicer.lnk -> C:\Windows\Installer\{292A177D-723F-4537-9985-BC8BFCD8B63D}\NewShortcut1_ECE901F38F8D425291BF1815F96683B4.exe (Macrovision Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ScreenManager Pro for LCD Ver3.3.3.lnk
ShortcutTarget: ScreenManager Pro for LCD Ver3.3.3.lnk -> C:\Program Files (x86)\EIZO\ScreenManager Pro for LCD\Lcdctrl.exe (EIZO Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:49436;https=127.0.0.1:49436;
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\S-1-5-21-3672898365-1647074900-201637474-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Winsock: Catalog9 01 C:\Windows\SysWOW64\ColorMedia.dll [324776] (CartCrunch Israel Ltd.)
Winsock: Catalog9 02 C:\Windows\SysWOW64\ColorMedia.dll [324776] (CartCrunch Israel Ltd.)
Winsock: Catalog9 03 C:\Windows\SysWOW64\ColorMedia.dll [324776] (CartCrunch Israel Ltd.)
Winsock: Catalog9 04 C:\Windows\SysWOW64\ColorMedia.dll [324776] (CartCrunch Israel Ltd.)
Winsock: Catalog9 15 C:\Windows\SysWOW64\ColorMedia.dll [324776] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 01 C:\Windows\system32\ColorMedia64.dll [370688] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 02 C:\Windows\system32\ColorMedia64.dll [370688] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 03 C:\Windows\system32\ColorMedia64.dll [370688] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 04 C:\Windows\system32\ColorMedia64.dll [370688] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 15 C:\Windows\system32\ColorMedia64.dll [370688] (CartCrunch Israel Ltd.)
Tcpip\..\Interfaces\{3FCFEC49-E79E-42E3-9AE6-CFF4F098A30B}: [NameServer] 192.168.0.1

FireFox:
========
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

Chrome: 
=======
CHR HomePage: Default -> 
CHR StartupUrls: Default -> "https://www.google.de/", "hxxp://istart.webssearches.com/?type=hppp&ts=1401179454&from=tugs&uid=395049983_266162_F0DFA897", "hxxp://istart.webssearches.com/?type=hppp&ts=1401342874&from=tugs&uid=395049983_266162_F0DFA897", "hxxp://istart.webssearches.com/?type=hppp&ts=1401392681&from=tugs&uid=395049983_266162_F0DFA897", "hxxp://istart.webssearches.com/?type=hppp&ts=1401470905&from=tugs&uid=395049983_266162_F0DFA897", "hxxp://istart.webssearches.com/?type=hppp&ts=1401534646&from=tugs&uid=395049983_266162_F0DFA897", "hxxp://istart.webssearches.com/?type=hppp&ts=1401613039&from=tugs&uid=395049983_266162_F0DFA897", "hxxp://istart.webssearches.com/?type=hppp&ts=1401814348&from=tugs&uid=395049983_266162_F0DFA897", "hxxp://istart.webssearches.com/?type=hppp&ts=1401981463&from=tugs&uid=395049983_266162_F0DFA897", "hxxp://istart.webssearches.com/?type=hppp&ts=1402251016&from=tugs&uid=395049983_266162_F0DFA897", "hxxp://istart.webssearches.com/?type=hppp&ts=1402332086&from=tugs&uid=395049983_266162_F0DFA897", "hxxp://istart.webssearches.com/?type=hppp&ts=1402681885&from=tugs&uid=395049983_266162_F0DFA897", "hxxp://istart.webssearches.com/?type=hppp&ts=1402772176&from=tugs&uid=395049983_266162_F0DFA897", "hxxp://istart.webssearches.com/?type=hppp&ts=1402851446&from=tugs&uid=395049983_266162_F0DFA897", "hxxp://istart.webssearches.com/?type=hppp&ts=1402913513&from=tugs&uid=395049983_266162_F0DFA897", "hxxp://istart.webssearches.com/?type=hppp&ts=1402990213&from=tugs&uid=395049983_266162_F0DFA897", "hxxp://istart.webssearches.com/?type=hppp&ts=1403171129&from=tugs&uid=395049983_266162_F0DFA897", "hxxp://istart.webssearches.com/?type=hppp&ts=1403182900&from=tugs&uid=395049983_266162_F0DFA897", "hxxp://istart.webssearches.com/?type=hppp&ts=1403194663&from=tugs&uid=395049983_266162_F0DFA897", "hxxp://istart.webssearches.com/?type=hppp&ts=1403361600&from=tugs&uid=395049983_266162_F0DFA897", "hxxp://istart.webssearches.com/?type=hp&ts=1422124986&from=cvs&uid=395049983_266162_54A4CF31", "hxxp://istart.webssearches.com/?type=hppp&ts=1422125000&from=cvs&uid=395049983_266162_54A4CF31"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\AZi-PC\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\AZi-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-24]
CHR Extension: (Google Docs) - C:\Users\AZi-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-24]
CHR Extension: (Google Drive) - C:\Users\AZi-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-24]
CHR Extension: (YouTube) - C:\Users\AZi-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-24]
CHR Extension: (Google-Suche) - C:\Users\AZi-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-24]
CHR Extension: (Google Tabellen) - C:\Users\AZi-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-24]
CHR Extension: (Avira Browserschutz) - C:\Users\AZi-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-01-24]
CHR Extension: (Bookmark Manager) - C:\Users\AZi-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-01-24]
CHR Extension: (Google Wallet) - C:\Users\AZi-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-24]
CHR Extension: (Google Mail) - C:\Users\AZi-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-24]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2015-01-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2015-01-24] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [164656 2014-10-22] (Avira Operations GmbH & Co. KG)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
S2 ColorMedia; C:\ProgramData\PicColor Utility\ColorMedia.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2015-01-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2015-01-24] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 cmwf; C:\Windows\system32\Drivers\cmwf.sys [33952 2015-01-07] () [File not signed]
R1 cmwr; C:\Windows\system32\Drivers\cmwr.sys [45216 2015-01-07] () [File not signed]
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-25 10:48 - 2015-01-25 10:48 - 00012363 _____ () C:\Users\AZi-PC\Desktop\FRST.txt
2015-01-25 10:48 - 2015-01-25 10:48 - 00000000 ____D () C:\FRST
2015-01-25 10:42 - 2015-01-25 10:42 - 02129920 _____ (Farbar) C:\Users\AZi-PC\Downloads\FRST64.exe
2015-01-25 10:42 - 2015-01-25 10:42 - 02129920 _____ (Farbar) C:\Users\AZi-PC\Desktop\FRST64.exe
2015-01-24 22:35 - 2015-01-24 22:39 - 00000000 ____D () C:\Users\AZi-PC\Documents\Tipard Studio
2015-01-24 22:35 - 2015-01-24 22:35 - 00001429 _____ () C:\Users\Public\Desktop\Tipard TS Converter.lnk
2015-01-24 22:35 - 2015-01-24 22:35 - 00000000 ____D () C:\Users\AZi-PC\AppData\Local\Tipard Studio
2015-01-24 22:35 - 2015-01-24 22:35 - 00000000 ____D () C:\ProgramData\Tipard Studio
2015-01-24 22:35 - 2015-01-24 22:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tipard
2015-01-24 22:35 - 2015-01-24 22:35 - 00000000 ____D () C:\Program Files (x86)\Tipard Studio
2015-01-24 22:34 - 2015-01-24 22:34 - 24154712 _____ (Tipard Studio ) C:\Users\AZi-PC\Downloads\ts71-converter.exe
2015-01-24 22:21 - 2015-01-24 22:21 - 00000000 ____D () C:\Users\AZi-PC\AppData\Local\Microsoft Games
2015-01-24 21:14 - 2015-01-25 10:36 - 00000000 ____D () C:\AdwCleaner
2015-01-24 21:13 - 2015-01-24 21:13 - 02194432 _____ () C:\Users\AZi-PC\Downloads\adwcleaner_4.109.exe
2015-01-24 20:58 - 2015-01-24 20:58 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk
2015-01-24 20:57 - 2015-01-24 20:54 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-01-24 20:49 - 2015-01-24 20:49 - 00003150 _____ () C:\Windows\System32\Tasks\{655729CA-F8E3-4BD9-A398-D24CC2E3B7DB}
2015-01-24 20:40 - 2015-01-24 20:40 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-01-24 20:40 - 2015-01-24 20:40 - 00000000 ____D () C:\Windows\system32\appraiser
2015-01-24 20:39 - 2015-01-24 20:39 - 00000000 ____D () C:\Users\AZi-PC\AppData\Roaming\EIZO
2015-01-24 20:39 - 2015-01-24 20:39 - 00000000 ____D () C:\Users\AZi-PC\AppData\Local\Downloaded Installations
2015-01-24 20:39 - 2015-01-24 20:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EIZO
2015-01-24 20:38 - 2015-01-24 20:38 - 07464870 _____ () C:\Users\AZi-PC\Downloads\ESCSlicer115.zip
2015-01-24 20:34 - 2015-01-24 20:39 - 00000000 ____D () C:\Program Files (x86)\EIZO
2015-01-24 20:34 - 2015-01-24 20:34 - 00000000 ____D () C:\Users\AZi-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EIZO
2015-01-24 20:32 - 2015-01-24 20:33 - 11569831 _____ () C:\Users\AZi-PC\Downloads\Smpl333B.zip
2015-01-24 20:31 - 2015-01-24 20:35 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-24 20:30 - 2014-12-04 03:32 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-01-24 20:30 - 2014-12-04 03:32 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-01-24 20:30 - 2014-12-04 03:32 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-01-24 20:30 - 2014-12-04 03:31 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-01-24 20:30 - 2014-12-04 03:31 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-01-24 20:30 - 2014-12-04 03:31 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-01-24 20:30 - 2014-12-04 03:26 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-01-24 20:30 - 2014-12-02 00:21 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-01-24 20:30 - 2011-04-09 07:58 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-01-24 20:30 - 2011-04-09 07:45 - 05509504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-24 20:30 - 2011-04-09 07:13 - 03957632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-24 20:30 - 2011-04-09 07:13 - 03901824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-24 20:30 - 2011-04-09 06:56 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-01-24 20:29 - 2014-09-15 01:44 - 03195392 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-01-24 20:29 - 2009-10-24 05:28 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2015-01-24 20:29 - 2009-10-24 05:27 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2015-01-24 20:26 - 2012-06-02 23:19 - 02428952 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-01-24 20:26 - 2012-06-02 23:19 - 00701976 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-01-24 20:26 - 2012-06-02 23:19 - 00057880 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-01-24 20:26 - 2012-06-02 23:19 - 00044056 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-01-24 20:26 - 2012-06-02 23:19 - 00038424 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-01-24 20:26 - 2012-06-02 23:15 - 02622464 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-01-24 20:26 - 2012-06-02 23:15 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-01-24 20:26 - 2012-06-02 15:19 - 00186752 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-01-24 20:26 - 2012-06-02 15:15 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-01-24 20:24 - 2015-01-24 20:24 - 00000000 ____D () C:\Users\AZi-PC\AppData\Roaming\ATI
2015-01-24 20:24 - 2015-01-24 20:24 - 00000000 ____D () C:\Users\AZi-PC\AppData\Local\ATI
2015-01-24 20:24 - 2015-01-24 20:24 - 00000000 ____D () C:\ProgramData\ATI
2015-01-24 20:22 - 2015-01-24 20:22 - 00000000 _____ () C:\Windows\ativpsrm.bin
2015-01-24 20:21 - 2015-01-24 20:21 - 00000000 ____D () C:\ProgramData\AMD
2015-01-24 20:20 - 2015-01-24 20:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2015-01-24 20:20 - 2015-01-24 20:20 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2015-01-24 20:19 - 2015-01-24 20:19 - 00000000 ____D () C:\Program Files\Common Files\ATI Technologies
2015-01-24 20:19 - 2015-01-24 20:19 - 00000000 ____D () C:\Program Files (x86)\AMD
2015-01-24 20:18 - 2015-01-24 20:18 - 01558224 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-01-24 20:17 - 2009-11-25 11:47 - 01942856 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2015-01-24 20:17 - 2009-11-25 11:47 - 01130824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2015-01-24 20:17 - 2009-11-25 11:47 - 00444752 _____ (Microsoft Corporation) C:\Windows\system32\mscoree.dll
2015-01-24 20:17 - 2009-11-25 11:47 - 00320352 _____ (Microsoft Corporation) C:\Windows\system32\PresentationHost.exe
2015-01-24 20:17 - 2009-11-25 11:47 - 00297808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscoree.dll
2015-01-24 20:17 - 2009-11-25 11:47 - 00295264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationHost.exe
2015-01-24 20:17 - 2009-11-25 11:47 - 00109912 _____ (Microsoft Corporation) C:\Windows\system32\PresentationHostProxy.dll
2015-01-24 20:17 - 2009-11-25 11:47 - 00099176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationHostProxy.dll
2015-01-24 20:17 - 2009-11-25 11:47 - 00049472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netfxperf.dll
2015-01-24 20:17 - 2009-11-25 11:47 - 00048960 _____ (Microsoft Corporation) C:\Windows\system32\netfxperf.dll
2015-01-24 20:16 - 2015-01-24 20:58 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-24 20:15 - 2015-01-24 20:20 - 00000000 ____D () C:\Program Files\AMD
2015-01-24 20:13 - 2015-01-24 20:13 - 00000000 ____D () C:\AMD
2015-01-24 19:58 - 2015-01-24 20:05 - 302470552 _____ (AMD Inc.) C:\Users\AZi-PC\Downloads\amd-catalyst-omega-14.12-with-dotnet45-win7-64bit.exe
2015-01-24 19:53 - 2015-01-24 19:53 - 00000000 ____D () C:\Users\AZi-PC\AppData\Roaming\Avira
2015-01-24 19:52 - 2015-01-24 20:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-01-24 19:52 - 2015-01-24 19:52 - 00002066 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2015-01-24 19:51 - 2015-01-24 20:58 - 00000000 ____D () C:\ProgramData\Avira
2015-01-24 19:51 - 2015-01-24 20:58 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-01-24 19:51 - 2015-01-24 20:54 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-01-24 19:51 - 2015-01-24 20:54 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-01-24 19:51 - 2015-01-24 19:51 - 00000000 ____D () C:\Users\AZi-PC\AppData\Roaming\dlg
2015-01-24 19:51 - 2013-12-18 09:32 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2015-01-24 19:44 - 2015-01-24 22:04 - 00000000 ____D () C:\ProgramData\PicColor Utility
2015-01-24 19:44 - 2015-01-24 20:41 - 00005264 _____ () C:\Windows\SysWOW64\ColorMedia.ini
2015-01-24 19:44 - 2015-01-24 20:41 - 00002864 _____ () C:\Windows\SysWOW64\ColorMediaOff.ini
2015-01-24 19:44 - 2015-01-24 20:41 - 00002864 _____ () C:\Windows\system32\ColorMediaOff.ini
2015-01-24 19:44 - 2015-01-07 21:07 - 00045216 _____ () C:\Windows\system32\Drivers\cmwr.sys
2015-01-24 19:44 - 2015-01-07 21:07 - 00033952 _____ () C:\Windows\system32\Drivers\cmwf.sys
2015-01-24 19:44 - 2015-01-07 20:54 - 00370688 _____ (CartCrunch Israel Ltd.) C:\Windows\system32\ColorMedia64.dll
2015-01-24 19:44 - 2015-01-07 20:54 - 00324776 _____ (CartCrunch Israel Ltd.) C:\Windows\SysWOW64\ColorMedia.dll
2015-01-24 19:42 - 2015-01-24 19:42 - 00616976 _____ () C:\Users\AZi-PC\Downloads\avira-free-antivir.exe
2015-01-24 19:37 - 2015-01-25 10:32 - 00126138 _____ () C:\Windows\PFRO.log
2015-01-24 19:34 - 2015-01-24 21:17 - 00001023 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-24 19:34 - 2015-01-24 21:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-24 19:32 - 2015-01-25 10:38 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-24 19:32 - 2015-01-25 10:33 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-24 19:32 - 2015-01-24 19:34 - 00000000 ____D () C:\Users\AZi-PC\AppData\Local\Google
2015-01-24 19:32 - 2015-01-24 19:34 - 00000000 ____D () C:\Users\AZi-PC\AppData\Local\Deployment
2015-01-24 19:32 - 2015-01-24 19:34 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-24 19:32 - 2015-01-24 19:32 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-01-24 19:32 - 2015-01-24 19:32 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-01-24 19:32 - 2015-01-24 19:32 - 00000000 ____D () C:\Users\AZi-PC\AppData\Local\Apps\2.0
2015-01-24 19:28 - 2015-01-24 19:28 - 00000010 _____ () C:\Users\AZi-PC\Desktop\Kennwort Heimnetzgruppe.txt
2015-01-24 19:21 - 2015-01-24 19:21 - 00057560 _____ () C:\Users\AZi-PC\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-24 19:11 - 2015-01-24 21:17 - 00000919 _____ () C:\Users\AZi-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-24 19:11 - 2015-01-24 21:17 - 00000851 _____ () C:\Users\AZi-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2015-01-24 19:11 - 2015-01-24 19:11 - 00000000 ____D () C:\Users\AZi-PC\AppData\Local\VirtualStore
2015-01-24 19:10 - 2015-01-24 19:11 - 00000000 ____D () C:\Users\AZi-PC
2015-01-24 19:10 - 2015-01-24 19:10 - 00000020 ___SH () C:\Users\AZi-PC\ntuser.ini
2015-01-24 19:10 - 2015-01-24 19:10 - 00000000 _SHDL () C:\Users\AZi-PC\Vorlagen
2015-01-24 19:10 - 2015-01-24 19:10 - 00000000 _SHDL () C:\Users\AZi-PC\Startmenü
2015-01-24 19:10 - 2015-01-24 19:10 - 00000000 _SHDL () C:\Users\AZi-PC\Netzwerkumgebung
2015-01-24 19:10 - 2015-01-24 19:10 - 00000000 _SHDL () C:\Users\AZi-PC\Lokale Einstellungen
2015-01-24 19:10 - 2015-01-24 19:10 - 00000000 _SHDL () C:\Users\AZi-PC\Eigene Dateien
2015-01-24 19:10 - 2015-01-24 19:10 - 00000000 _SHDL () C:\Users\AZi-PC\Druckumgebung
2015-01-24 19:10 - 2015-01-24 19:10 - 00000000 _SHDL () C:\Users\AZi-PC\Documents\Eigene Musik
2015-01-24 19:10 - 2015-01-24 19:10 - 00000000 _SHDL () C:\Users\AZi-PC\Documents\Eigene Bilder
2015-01-24 19:10 - 2015-01-24 19:10 - 00000000 _SHDL () C:\Users\AZi-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-01-24 19:10 - 2015-01-24 19:10 - 00000000 _SHDL () C:\Users\AZi-PC\AppData\Local\Verlauf
2015-01-24 19:10 - 2015-01-24 19:10 - 00000000 _SHDL () C:\Users\AZi-PC\AppData\Local\Anwendungsdaten
2015-01-24 19:10 - 2015-01-24 19:10 - 00000000 _SHDL () C:\Users\AZi-PC\Anwendungsdaten
2015-01-24 19:10 - 2009-07-14 05:54 - 00000000 ___RD () C:\Users\AZi-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-24 19:10 - 2009-07-14 05:49 - 00000000 ___RD () C:\Users\AZi-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-01-24 19:08 - 2015-01-24 19:08 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Musik
2015-01-24 19:08 - 2015-01-24 19:08 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Bilder
2015-01-24 19:08 - 2015-01-24 19:08 - 00000000 _SHDL () C:\Users\Default\Vorlagen
2015-01-24 19:08 - 2015-01-24 19:08 - 00000000 _SHDL () C:\Users\Default\Startmenü
2015-01-24 19:08 - 2015-01-24 19:08 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung
2015-01-24 19:08 - 2015-01-24 19:08 - 00000000 _SHDL () C:\Users\Default\Lokale Einstellungen
2015-01-24 19:08 - 2015-01-24 19:08 - 00000000 _SHDL () C:\Users\Default\Eigene Dateien
2015-01-24 19:08 - 2015-01-24 19:08 - 00000000 _SHDL () C:\Users\Default\Druckumgebung
2015-01-24 19:08 - 2015-01-24 19:08 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik
2015-01-24 19:08 - 2015-01-24 19:08 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder
2015-01-24 19:08 - 2015-01-24 19:08 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-01-24 19:08 - 2015-01-24 19:08 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf
2015-01-24 19:08 - 2015-01-24 19:08 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Anwendungsdaten
2015-01-24 19:08 - 2015-01-24 19:08 - 00000000 _SHDL () C:\Users\Default\Anwendungsdaten
2015-01-24 19:08 - 2015-01-24 19:08 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Musik
2015-01-24 19:08 - 2015-01-24 19:08 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Bilder
2015-01-24 19:08 - 2015-01-24 19:08 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-01-24 19:08 - 2015-01-24 19:08 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Verlauf
2015-01-24 19:08 - 2015-01-24 19:08 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Anwendungsdaten
2015-01-24 19:08 - 2015-01-24 19:08 - 00000000 _SHDL () C:\Programme
2015-01-24 19:08 - 2015-01-24 19:08 - 00000000 _SHDL () C:\ProgramData\Vorlagen
2015-01-24 19:08 - 2015-01-24 19:08 - 00000000 _SHDL () C:\ProgramData\Startmenü
2015-01-24 19:08 - 2015-01-24 19:08 - 00000000 _SHDL () C:\ProgramData\Microsoft\Windows\Start Menu\Programme
2015-01-24 19:08 - 2015-01-24 19:08 - 00000000 _SHDL () C:\ProgramData\Favoriten
2015-01-24 19:08 - 2015-01-24 19:08 - 00000000 _SHDL () C:\ProgramData\Dokumente
2015-01-24 19:08 - 2015-01-24 19:08 - 00000000 _SHDL () C:\ProgramData\Anwendungsdaten
2015-01-24 19:08 - 2015-01-24 19:08 - 00000000 _SHDL () C:\Program Files\Gemeinsame Dateien
2015-01-24 19:08 - 2015-01-24 19:08 - 00000000 _SHDL () C:\Dokumente und Einstellungen
2015-01-24 19:08 - 2015-01-24 19:08 - 00000000 __SHD () C:\Recovery
2015-01-24 19:07 - 2015-01-25 10:36 - 00358114 _____ () C:\Windows\WindowsUpdate.log
2015-01-24 19:02 - 2015-01-24 19:02 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2015-01-24 19:02 - 2015-01-24 19:02 - 00000000 ____D () C:\Windows\CSC

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-25 10:38 - 2009-07-14 05:45 - 00014192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-25 10:38 - 2009-07-14 05:45 - 00014192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-25 10:37 - 2009-07-14 18:58 - 00698688 _____ () C:\Windows\system32\perfh007.dat
2015-01-25 10:37 - 2009-07-14 18:58 - 00148828 _____ () C:\Windows\system32\perfc007.dat
2015-01-25 10:37 - 2009-07-14 06:13 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-25 10:32 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-25 10:32 - 2009-07-14 05:51 - 00025498 _____ () C:\Windows\setupact.log
2015-01-24 20:41 - 2009-07-14 05:45 - 00265696 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-24 20:40 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat
2015-01-24 20:16 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\system32\restore
2015-01-24 19:27 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Public\Libraries
2015-01-24 19:15 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-24 19:08 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2015-01-24 19:08 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Windows NT
2015-01-24 19:06 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2015-01-24 19:03 - 2009-10-14 07:04 - 00000000 ____D () C:\Windows\Panther
2015-01-24 19:03 - 2009-10-14 06:06 - 00003540 _____ () C:\Windows\TSSysprep.log
2015-01-24 19:03 - 2009-07-14 05:46 - 00002790 _____ () C:\Windows\DtcInstall.log
2015-01-24 19:01 - 2009-07-14 06:38 - 00025600 ___SH () C:\Windows\system32\config\BCD-Template.LOG
2015-01-24 19:01 - 2009-07-14 06:32 - 00028672 _____ () C:\Windows\system32\config\BCD-Template
2014-12-31 13:12 - 2009-10-14 06:12 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

Some content of TEMP:
====================
C:\Users\AZi-PC\AppData\Local\Temp\avgnt.exe
C:\Users\AZi-PC\AppData\Local\Temp\SpOrder.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2009-10-14 06:05

==================== End Of Log ============================
         

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-01-2015 01
Ran by AZi-PC at 2015-01-25 10:49:15
Running from C:\Users\AZi-PC\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Avira (HKLM-x32\...\{4241d738-563d-4685-803c-e58b90a2e5e8}) (Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
EIZO ScreenSlicer (HKLM-x32\...\{292A177D-723F-4537-9985-BC8BFCD8B63D}) (Version: 1.1.5.0 - EIZO Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.91 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
ScreenManager Pro for LCD (HKLM-x32\...\{DAB265AD-27B2-4651-B8D8-F4F3A8ECC705}) (Version: 3.3.3.0 - EIZO Corporation)
Tipard TS Converter 7.1.50 (HKLM-x32\...\{2D85A23D-06EF-4df2-BF09-B39AEDAE9140}_is1) (Version: 7.1.50 - Tipard Studio)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

24-01-2015 20:16:20 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
24-01-2015 20:17:03 Windows Update
24-01-2015 20:18:48 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
24-01-2015 20:26:25 Windows Update
24-01-2015 20:31:07 Windows Update
24-01-2015 20:39:31 Installed EIZO ScreenSlicer.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1E7525C4-0307-490A-9765-AD862E9C57D7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-24] (Google Inc.)
Task: {61006B44-E1ED-44A9-BFF0-F62971187898} - System32\Tasks\{655729CA-F8E3-4BD9-A398-D24CC2E3B7DB} => pcalua.exe -a C:\Users\AZi-PC\AppData\Roaming\webssearches\UninstallManager.exe -c  -ptid=cvs <==== ATTENTION
Task: {6C1A3B13-1C2C-4146-8DB8-D704DF4D40C1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-24] (Google Inc.)
Task: {DBA640B1-4B8E-4C61-92B4-3413D4C128D4} - \GNVLNUPDH No Task File <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2015-01-24 19:34 - 2015-01-21 04:41 - 01450312 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.91\libglesv2.dll
2015-01-24 19:34 - 2015-01-21 04:41 - 00205128 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.91\libegl.dll
2015-01-24 19:34 - 2015-01-21 04:41 - 10864456 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.91\pdf.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\cmwf.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\cmwr.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\cmwf.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\cmwr.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ColorMedia => ""="service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-3672898365-1647074900-201637474-500 - Administrator - Disabled)
AZi-PC (S-1-5-21-3672898365-1647074900-201637474-1000 - Administrator - Enabled) => C:\Users\AZi-PC
Gast (S-1-5-21-3672898365-1647074900-201637474-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3672898365-1647074900-201637474-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: Unknown Device
Description: Unknown Device
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard-USB-Hostcontroller)
Service: 
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. 


==================== Event log errors: =========================

Application errors:
==================
Error: (01/24/2015 10:20:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: adwcleaner_4.109.exe, Version: 4.1.0.9, Zeitstempel: 0x54c366b9
Name des fehlerhaften Moduls: adwcleaner_4.109.exe, Version: 4.1.0.9, Zeitstempel: 0x54c366b9
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0001f09e
ID des fehlerhaften Prozesses: 0x1340
Startzeit der fehlerhaften Anwendung: 0xadwcleaner_4.109.exe0
Pfad der fehlerhaften Anwendung: adwcleaner_4.109.exe1
Pfad des fehlerhaften Moduls: adwcleaner_4.109.exe2
Berichtskennung: adwcleaner_4.109.exe3

Error: (01/24/2015 09:02:42 PM) (Source: VSS) (EventID: 12310) (User: )
Description: Volumeschattenkopie-Dienstfehler: Die Schattenkopie kann nicht zugesichert werden - Vorgang hat das Zeitlimit überschritten.
Fehlerkontext: DeviceIoControl(\\?\Volume{20e48e70-a3f3-11e4-bb06-806e6f6e6963} - 0000000000000120,0x0053c010,00000000002FF1D0,0,00000000003001E0,4096,[0]).


Vorgang:
   Schattenkopien werden übertragen

Kontext:
   Ausführungskontext: System Provider

Error: (01/24/2015 07:49:49 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error: (01/24/2015 07:49:47 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error: (01/24/2015 07:49:47 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error: (01/24/2015 07:49:47 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error: (01/24/2015 07:49:45 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error: (01/24/2015 07:49:45 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error: (01/24/2015 07:49:45 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error: (01/24/2015 07:49:45 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.


System errors:
=============
Error: (01/25/2015 10:49:36 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "ColorMedia" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (01/25/2015 10:49:26 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "ColorMedia" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (01/25/2015 10:49:23 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "ColorMedia" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (01/25/2015 10:49:13 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "ColorMedia" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (01/25/2015 10:49:12 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "ColorMedia" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (01/25/2015 10:48:36 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "ColorMedia" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (01/25/2015 10:48:26 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "ColorMedia" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (01/25/2015 10:48:23 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "ColorMedia" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (01/25/2015 10:48:13 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "ColorMedia" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (01/25/2015 10:48:13 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "ColorMedia" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2


Microsoft Office Sessions:
=========================
Error: (01/24/2015 10:20:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: adwcleaner_4.109.exe4.1.0.954c366b9adwcleaner_4.109.exe4.1.0.954c366b9c00000050001f09e134001d0381b0afe5587C:\Users\AZi-PC\Downloads\adwcleaner_4.109.exeC:\Users\AZi-PC\Downloads\adwcleaner_4.109.execdd08aa3-a40e-11e4-b2ae-0015af079dfa

Error: (01/24/2015 09:02:42 PM) (Source: VSS) (EventID: 12310) (User: )
Description: DeviceIoControl(\\?\Volume{20e48e70-a3f3-11e4-bb06-806e6f6e6963} - 0000000000000120,0x0053c010,00000000002FF1D0,0,00000000003001E0,4096,[0])

Vorgang:
   Schattenkopien werden übertragen

Kontext:
   Ausführungskontext: System Provider

Error: (01/24/2015 07:49:49 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

Error: (01/24/2015 07:49:47 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

Error: (01/24/2015 07:49:47 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

Error: (01/24/2015 07:49:47 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

Error: (01/24/2015 07:49:45 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

Error: (01/24/2015 07:49:45 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

Error: (01/24/2015 07:49:45 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

Error: (01/24/2015 07:49:45 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.


==================== Memory info =========================== 

Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4200+
Percentage of memory in use: 35%
Total physical RAM: 4094.49 MB
Available physical RAM: 2635.29 MB
Total Pagefile: 8187.13 MB
Available Pagefile: 6141 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:117.28 GB) (Free:97.26 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 117.4 GB) (Disk ID: D0947A02)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=117.3 GB) - (Type=07 NTFS)

==================== End Of Log ============================