Buzzdock Virus, Windows 7: MBAM, AdwCleaner, JRT, ESET bereits laufen lassen

Katharina_14 · 08.02.2015, 23:36

Hallo zusammen,

ich habe mir auf meinem Laptop anscheinend das Buzzdock Virus eingefangen. Mein Freund hat sich ein Youtube Converter Programm heruntergeladen und uns dabei anscheinend das fiese Virus eingebrockt.
Es öffnen sich ständig Pop-Ups und bei Google Suchergebnissen sind oben die Ergebnisse von "Buzzdock" gelistet. Es lässt sich keine Seite mehr und "normalen" Bedingungen öffnen. Ich werde auch ständig auf irgendwelche anderen Seiten weitergeleitet, ohne mein direktes Einwirken.

Folgende Dinge habe ich bereits unternommen:

1. Alle neusten Programme über die Systemsteuerung deinstalliert
2. Virusprogramm Avira laufen lassen
3. CC Cleaner laufen lassen

Da das Virus danach leider immer noch nicht beseitigt war, habe ich Hilfe hier im Forum gesucht. Ich habe wie beschrieben:

1. MBAM
2. AdwCleaner
3. JRT
4. ESET

laufen lassen.

Die Berichte der jeweiligen Programme habe ich ebenfalls wie beschrieben angehängt. Leider hat ESET keinen Bericht erzeugt, aber das Programm hat keine gefährlichen Dateien finden können.

Ich hoffe wirklich sehr, dass mir jemand weiterhelfen kann.

Vielen Dank im Voraus.

Viele Grüße
Katharina

cosinus · 08.02.2015, 23:58

Hi und

Logs bitte nicht anhängen, notfalls splitten und über mehrere Postings verteilt posten

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Katharina_14 · 09.02.2015, 07:41

Hi cosinus,

vielen Dank für deine schnelle Antwort. Nachfolgend findest du/ihr die Logfiles.

Malware:

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org


Update, 08.02.2015 19:05:52, SYSTEM, USER-NB, Manual, Remediation Database, 2013.10.16.1, 2014.12.6.1, 
Update, 08.02.2015 19:05:52, SYSTEM, USER-NB, Manual, Rootkit Database, 2014.11.18.1, 2015.2.3.1, 
Protection, 08.02.2015 19:05:57, SYSTEM, USER-NB, Protection, Malware Protection, Starting, 
Protection, 08.02.2015 19:05:57, SYSTEM, USER-NB, Protection, Malware Protection, Started, 
Protection, 08.02.2015 19:05:57, SYSTEM, USER-NB, Protection, Malicious Website Protection, Starting, 
Update, 08.02.2015 19:05:59, SYSTEM, USER-NB, Manual, Malware Database, 2014.11.20.6, 2015.2.8.5, 
Protection, 08.02.2015 19:05:59, SYSTEM, USER-NB, Protection, Refresh, Starting, 
Protection, 08.02.2015 19:06:34, SYSTEM, USER-NB, Protection, Malicious Website Protection, Started, 
Protection, 08.02.2015 19:06:34, SYSTEM, USER-NB, Protection, Malicious Website Protection, Stopping, 
Protection, 08.02.2015 19:06:34, SYSTEM, USER-NB, Protection, Malicious Website Protection, Stopped, 
Protection, 08.02.2015 19:06:50, SYSTEM, USER-NB, Protection, Refresh, Success, 
Protection, 08.02.2015 19:06:51, SYSTEM, USER-NB, Protection, Malicious Website Protection, Starting, 
Protection, 08.02.2015 19:06:51, SYSTEM, USER-NB, Protection, Malicious Website Protection, Started, 
Detection, 08.02.2015 19:07:16, SYSTEM, USER-NB, Protection, Malicious Website Protection, IP, 80.252.188.229, 52024, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 08.02.2015 19:07:16, SYSTEM, USER-NB, Protection, Malicious Website Protection, IP, 80.252.188.229, 52024, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 08.02.2015 19:07:17, SYSTEM, USER-NB, Protection, Malicious Website Protection, IP, 80.252.188.229, 52025, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 08.02.2015 19:08:30, SYSTEM, USER-NB, Protection, Malicious Website Protection, IP, 80.252.188.228, d9ae99824.se, 52147, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 08.02.2015 19:08:31, SYSTEM, USER-NB, Protection, Malicious Website Protection, IP, 80.252.188.228, d9ae99824.se, 52148, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 08.02.2015 19:08:31, SYSTEM, USER-NB, Protection, Malicious Website Protection, IP, 80.252.188.228, d9ae99824.se, 52147, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Scan, 08.02.2015 19:43:22, SYSTEM, USER-NB, Manual, Start: % 1 "% 2", Dauer: % 1 min 34 Sekunden, Bedrohungs-Suchlauf, Abgeschlossen, 6 Malwareerkennung, 172-Malwareerkennung, 
Protection, 08.02.2015 19:50:57, SYSTEM, USER-NB, Protection, Malware Protection, Starting, 
Protection, 08.02.2015 19:50:57, SYSTEM, USER-NB, Protection, Malware Protection, Started, 
Protection, 08.02.2015 19:50:58, SYSTEM, USER-NB, Protection, Malicious Website Protection, Starting, 
Protection, 08.02.2015 19:52:46, SYSTEM, USER-NB, Protection, Malicious Website Protection, Started, 

(end)

AdwClenaer:

Code:

ATTFilter

Shortcut Cleaner 1.3.4 by Lawrence Abrams (Grinler)
hxxp://www.bleepingcomputer.com/
Copyright 2008-2015 BleepingComputer.com
More Information about Shortcut Cleaner can be found at this link:
 hxxp://www.bleepingcomputer.com/download/shortcut-cleaner/

Windows Version: Windows 7 Home Premium Service Pack 1
Program started at: 02/08/2015 08:44:11 PM.

Scanning for registry hijacks:

 * No issues found in the Registry.

Searching for Hijacked Shortcuts:

Searching C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\

Searching C:\ProgramData\Microsoft\Windows\Start Menu\

Searching C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\

Searching C:\Users\Public\Desktop\

Searching C:\Users\User\Desktop


0 bad shortcuts found.

Program finished at: 02/08/2015 08:44:12 PM
Execution time: 0 hours(s), 0 minute(s), and 1 seconds(s)

JRT:

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 7 Home Premium x64
Ran by User on 08.02.2015 at 20:32:49,88
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110111611150}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110111611150}



~~~ Files

Successfully deleted: [File] "C:\Users\User\appdata\local\google\chrome\user data\default\local storage\http_www.superfish.com_0.localstorage"
Successfully deleted: [File] "C:\Users\User\appdata\local\google\chrome\user data\default\local storage\http_www.superfish.com_0.localstorage-journal"
Successfully deleted: [File] "C:\Users\User\appdata\locallow\microsoft\silverlight\outofbrowser\index\portal.qtrax.com"



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\User\appdata\local\{13AA9AC5-BCF8-4407-AA3A-CFF6EFD70A78}
Successfully deleted: [Empty Folder] C:\Users\User\appdata\local\{1DA0388F-914D-4E69-8A44-4C80707C7613}
Successfully deleted: [Empty Folder] C:\Users\User\appdata\local\{DCE08AB9-C313-4F96-8004-E81BD4A5324F}
Successfully deleted: [Empty Folder] C:\Users\User\appdata\local\{FBB0340D-746C-4863-A824-AA1820C26596}



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 08.02.2015 at 20:40:50,28
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

cosinus · 09.02.2015, 09:43

Scan mit Farbar's Recovery Scan Tool (FRST)

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Katharina_14 · 09.02.2015, 19:31

Hi cosinus,

anbei der FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-02-2015
Ran by User (administrator) on USER-NB on 09-02-2015 19:24:49
Running from C:\Users\User\Downloads
Loaded Profiles: User &  (Available profiles: User)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Lexware\Installer Service\LxInstallerService.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exe
() C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Spotify Ltd) C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Dropbox, Inc.) C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\Easy Support Center\SamoyedAgent.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
() C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2015-02-08] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126712 2014-12-31] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1365210169-2043555165-912279061-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23308256 2015-01-15] (Google)
HKU\S-1-5-21-1365210169-2043555165-912279061-1000\...\Run: [EPSON SX420W Series] => C:\windows\system32\spool\DRIVERS\x64\3\E_IATIGCE.EXE [224768 2013-02-16] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1365210169-2043555165-912279061-1000\...\Run: [Epson Stylus SX420W(Netzwerk)] => C:\windows\system32\spool\DRIVERS\x64\3\E_IATIGCE.EXE [224768 2013-02-16] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1365210169-2043555165-912279061-1000\...\Run: [SFTray] => C:\Users\User\AppData\Local\SuperFast\tray\sftrayicon.exe
HKU\S-1-5-21-1365210169-2043555165-912279061-1000\...\Run: [GoogleChromeAutoLaunch_BCEA24321E5E4F1401136BBEDFB545FE] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-02-04] (Google Inc.)
HKU\S-1-5-21-1365210169-2043555165-912279061-1000\...\Run: [Spotify Web Helper] => C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2015-01-04] (Spotify Ltd)
HKU\S-1-5-21-1365210169-2043555165-912279061-1000\...\MountPoints2: {94860e43-c212-11e3-8292-c485080b55c6} - D:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-1365210169-2043555165-912279061-1000\...\MountPoints2: {a478dfdd-39e5-11e4-b05f-e8039aad9601} - D:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-1365210169-2043555165-912279061-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23308256 2015-01-15] (Google)
HKU\S-1-5-21-1365210169-2043555165-912279061-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [EPSON SX420W Series] => C:\windows\system32\spool\DRIVERS\x64\3\E_IATIGCE.EXE [224768 2013-02-16] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1365210169-2043555165-912279061-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Epson Stylus SX420W(Netzwerk)] => C:\windows\system32\spool\DRIVERS\x64\3\E_IATIGCE.EXE [224768 2013-02-16] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1365210169-2043555165-912279061-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [SFTray] => C:\Users\User\AppData\Local\SuperFast\tray\sftrayicon.exe
HKU\S-1-5-21-1365210169-2043555165-912279061-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleChromeAutoLaunch_BCEA24321E5E4F1401136BBEDFB545FE] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-02-04] (Google Inc.)
HKU\S-1-5-21-1365210169-2043555165-912279061-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Spotify Web Helper] => C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2015-01-04] (Spotify Ltd)
HKU\S-1-5-21-1365210169-2043555165-912279061-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {94860e43-c212-11e3-8292-c485080b55c6} - D:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-1365210169-2043555165-912279061-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {a478dfdd-39e5-11e4-b05f-e8039aad9601} - D:\HTC_Sync_Manager_PC.exe
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1365210169-2043555165-912279061-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung.msn.com
HKU\S-1-5-21-1365210169-2043555165-912279061-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.2

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\a802c9ez.default
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin: @java.com/DTPlugin,version=10.6.2 -> C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.6.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Extension: Avira Browser Safety - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\a802c9ez.default\Extensions\abs@avira.com [2015-02-04]
FF Extension: Garmin Communicator - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\a802c9ez.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2014-07-21]
FF Extension: JavaScript Debugger - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\a802c9ez.default\Extensions\{f13b157f-b174-47e7-a34d-4815ddfdfeb8}.xpi [2012-12-05]
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-04-27]
FF Extension: No Name - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\a802c9ez.default\extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900}.xpi [Not Found]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www%2Cgoogle.de/"
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-03-07]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-07]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-03-05]
CHR Extension: (Facebook) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm [2013-03-05]
CHR Extension: (Gmail offline) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2013-03-05]
CHR Extension: (Avira Browserschutz) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-08-23]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-18]
CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR HKU\S-1-5-21-1365210169-2043555165-912279061-1000\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path
CHR HKU\S-1-5-21-1365210169-2043555165-912279061-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2015-02-08] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2015-02-08] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [178424 2014-12-31] (Avira Operations GmbH & Co. KG)
R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2013-01-29] (Nero AG)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-08] ()
R2 irstrtsv; C:\windows\SysWOW64\irstrtsv.exe [193536 2012-02-06] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-08] (Intel Corporation)
R2 Lexware Installations Dienst; C:\Program Files (x86)\lexware\installer service\LxInstallerService.exe [24064 2012-10-07] (Haufe-Lexware GmbH & Co. KG) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2011-12-08] ()
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 SamsungDeviceConfigurationWinService; C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe [31624 2012-02-13] () [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [594704 2011-12-08] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31920 2013-06-02] (Wondershare)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2015-02-08] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2015-02-08] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-01] (Avira Operations GmbH & Co. KG)
R3 irstrtdv; C:\Windows\System32\DRIVERS\irstrtdv.sys [26504 2012-02-07] (Intel Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-09] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-09 19:24 - 2015-02-09 19:25 - 00022433 _____ () C:\Users\User\Downloads\FRST.txt
2015-02-09 19:24 - 2015-02-09 19:24 - 00000000 ____D () C:\FRST
2015-02-09 19:22 - 2015-02-09 19:23 - 02132992 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe
2015-02-09 07:41 - 2015-02-09 07:41 - 00001781 _____ () C:\Users\User\Downloads\JRT (2).txt
2015-02-09 07:40 - 2015-02-09 07:40 - 00001790 _____ () C:\Users\User\Downloads\sc-cleaner (1).txt
2015-02-09 07:37 - 2015-02-09 07:37 - 00003098 _____ () C:\Users\User\Downloads\mbam (2).txt
2015-02-08 23:36 - 2015-02-08 23:36 - 00001781 _____ () C:\Users\User\Downloads\JRT (1).txt
2015-02-08 23:35 - 2015-02-08 23:35 - 00003098 _____ () C:\Users\User\Downloads\mbam (1).txt
2015-02-08 23:35 - 2015-02-08 23:35 - 00001790 _____ () C:\Users\User\Downloads\sc-cleaner.txt
2015-02-08 21:55 - 2015-02-08 21:55 - 00028330 _____ () C:\Users\User\Downloads\AdwCleaner[S0].txt
2015-02-08 21:55 - 2015-02-08 21:55 - 00003098 _____ () C:\Users\User\Downloads\mbam.txt
2015-02-08 21:55 - 2015-02-08 21:55 - 00001781 _____ () C:\Users\User\Downloads\JRT.txt
2015-02-08 20:49 - 2015-02-08 20:49 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-02-08 20:45 - 2015-02-08 20:46 - 02347384 _____ (ESET) C:\Users\User\Downloads\esetsmartinstaller_deu.exe
2015-02-08 20:44 - 2015-02-08 20:44 - 00001790 _____ () C:\sc-cleaner.txt
2015-02-08 20:43 - 2015-02-08 20:43 - 00441592 _____ (Bleeping Computer, LLC) C:\Users\User\Downloads\sc-cleaner.exe
2015-02-08 20:40 - 2015-02-08 20:40 - 00001781 _____ () C:\Users\User\Desktop\JRT.txt
2015-02-08 20:32 - 2015-02-08 20:32 - 01388274 _____ (Thisisu) C:\Users\User\Downloads\JRT (1).exe
2015-02-08 20:30 - 2015-02-08 20:31 - 01388274 _____ (Thisisu) C:\Users\User\Downloads\JRT.exe
2015-02-08 20:14 - 2010-03-02 18:14 - 00038224 ____N (CANON INC.) C:\windows\SysWOW64\IJRMF.exe
2015-02-08 20:00 - 2015-02-08 20:06 - 00000000 ____D () C:\AdwCleaner
2015-02-08 19:59 - 2015-02-08 19:59 - 02112512 _____ () C:\Users\User\Downloads\AdwCleaner_4.110.exe
2015-02-08 19:57 - 2015-02-08 19:57 - 00003098 _____ () C:\mbam.txt
2015-02-08 19:48 - 2015-02-08 19:48 - 00000368 _____ () C:\windows\PFRO.log
2015-02-08 19:05 - 2015-02-09 07:34 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-08 19:05 - 2015-02-08 19:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-02-08 19:05 - 2015-02-08 19:05 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-08 19:05 - 2015-02-08 19:05 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-02-08 19:05 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-02-08 19:05 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-02-08 19:05 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-02-08 19:03 - 2015-02-08 19:03 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\User\Downloads\mbam-setup-2.0.4.1028.exe
2015-02-08 14:45 - 2015-02-08 20:07 - 00000551 _____ () C:\windows\setupact.log
2015-02-08 14:45 - 2015-02-08 14:45 - 00000000 _____ () C:\windows\setuperr.log
2015-02-08 14:37 - 2012-03-14 11:49 - 02212176 _____ (ELAN Microelectronics Corp.) C:\windows\ETDUninst.dll
2015-02-08 09:46 - 2015-02-08 09:46 - 00003774 _____ () C:\windows\System32\Tasks\Lexware-Online-Aktualisierungsprogramm
2015-02-08 09:46 - 2015-02-08 09:46 - 00003704 _____ () C:\windows\System32\Tasks\Java Update Scheduler
2015-02-05 18:00 - 2015-02-05 18:00 - 00001405 _____ () C:\Users\User\FreeYTVDownloader.xml
2015-02-05 18:00 - 2015-02-05 18:00 - 00000008 _____ () C:\Users\User\FreeYTVDownloader.xml.lck
2015-02-05 18:00 - 2015-02-05 18:00 - 00000000 ____D () C:\Users\User\Desktop\ISTANBUL
2015-02-04 06:54 - 2015-02-04 06:53 - 40103885 _____ () C:\Users\User\Downloads\Istanbul Club Reina.mp4
2015-02-04 06:48 - 2015-02-08 13:40 - 00000238 _____ () C:\Users\User\updhelper.xml
2015-02-04 06:48 - 2015-02-04 06:48 - 00000008 _____ () C:\Users\User\updhelper.xml.lck
2015-02-04 06:48 - 2015-02-04 06:48 - 00000000 ____D () C:\Users\User\AppData\Roaming\TuneUp Software
2015-02-04 06:48 - 2015-02-04 06:48 - 00000000 ____D () C:\Users\User\AppData\Local\TuneUp Software
2015-02-04 06:46 - 2015-02-08 09:46 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2015-02-04 06:46 - 2015-02-04 06:49 - 00000000 ____D () C:\ProgramData\TuneUp Software
2015-02-04 06:45 - 2015-02-08 13:41 - 00000000 ____D () C:\Users\User\AppData\Roaming\DVDVideoSoft
2015-02-04 06:44 - 2015-02-04 06:44 - 03533024 _____ (DVDVideoSoft Ltd. ) C:\Users\User\Downloads\FreeYouTube53Download.exe
2015-02-04 06:40 - 2015-02-04 06:41 - 127379880 _____ () C:\Users\User\Downloads\Landung - Groß.m4v
2015-02-02 20:54 - 2015-02-02 20:54 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk
2015-01-26 21:03 - 2015-02-08 13:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-13 21:07 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys
2015-01-13 21:07 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\windows\system32\nlasvc.dll
2015-01-13 21:07 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncsi.dll
2015-01-13 21:07 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\windows\SysWOW64\nlaapi.dll
2015-01-13 21:06 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll
2015-01-13 21:06 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-01-13 21:06 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-01-13 21:06 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-01-13 21:06 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-01-13 21:06 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-01-13 21:06 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-01-13 21:06 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-01-13 21:06 - 2014-12-11 18:47 - 00087040 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2015-01-11 17:36 - 2015-01-11 17:36 - 00006913 _____ () C:\Users\User\Downloads\Praxis Fechner Zeugnis eigen.odt
2015-01-10 10:44 - 2015-01-10 10:44 - 00000000 __SHD () C:\Users\User\AppData\Local\EmieBrowserModeList

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-09 19:18 - 2012-11-07 16:32 - 00001110 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-09 19:18 - 2012-11-07 15:57 - 00003922 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{D99212E1-08C3-47C2-8035-3402CA755C95}
2015-02-09 19:17 - 2012-09-06 08:36 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-02-09 19:17 - 2012-04-12 09:46 - 00000830 _____ () C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2015-02-08 22:15 - 2012-11-07 16:32 - 00001106 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-08 20:25 - 2012-12-29 22:35 - 00000000 ____D () C:\Program Files (x86)\Lexware
2015-02-08 20:25 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\Help
2015-02-08 20:23 - 2014-01-26 14:58 - 00000000 ____D () C:\Program Files (x86)\SQL Anywhere 12
2015-02-08 20:23 - 2012-12-29 22:35 - 00000000 ____D () C:\ProgramData\Lexware
2015-02-08 20:18 - 2009-07-14 05:45 - 00028848 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-08 20:18 - 2009-07-14 05:45 - 00028848 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-08 20:16 - 2012-04-12 09:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2015-02-08 20:15 - 2012-09-22 13:53 - 00000000 ____D () C:\Program Files (x86)\Canon
2015-02-08 20:14 - 2012-04-13 01:55 - 00699666 _____ () C:\windows\system32\perfh007.dat
2015-02-08 20:14 - 2012-04-13 01:55 - 00149774 _____ () C:\windows\system32\perfc007.dat
2015-02-08 20:14 - 2009-07-14 06:13 - 01620612 _____ () C:\windows\system32\PerfStringBackup.INI
2015-02-08 20:11 - 2012-09-26 11:15 - 00000000 ___RD () C:\Users\User\Dropbox
2015-02-08 20:11 - 2012-09-26 11:11 - 00000000 ____D () C:\Users\User\AppData\Roaming\Dropbox
2015-02-08 20:09 - 2013-04-19 18:42 - 00000000 ____D () C:\Users\User\AppData\Local\HTC MediaHub
2015-02-08 20:09 - 2012-11-07 16:35 - 00000000 ___RD () C:\Users\User\Google Drive
2015-02-08 20:07 - 2012-04-12 09:46 - 00000828 _____ () C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2015-02-08 20:07 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-02-08 20:06 - 2012-04-13 01:41 - 01150934 _____ () C:\windows\WindowsUpdate.log
2015-02-08 19:50 - 2012-10-14 21:13 - 00000000 ____D () C:\Users\User\AppData\Local\CrashDumps
2015-02-08 14:36 - 2012-04-12 09:54 - 00000000 ____D () C:\ProgramData\WildTangent
2015-02-08 14:36 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-02-08 14:34 - 2012-04-12 09:47 - 00000000 ____D () C:\Program Files (x86)\Realtek
2015-02-08 14:34 - 2012-04-12 09:45 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-02-08 14:32 - 2012-04-12 09:47 - 00000000 ___HD () C:\Program Files (x86)\Temp
2015-02-08 14:13 - 2012-08-16 11:19 - 00113936 _____ () C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-08 14:11 - 2009-07-14 05:45 - 00423336 _____ () C:\windows\system32\FNTCACHE.DAT
2015-02-08 13:57 - 2013-05-22 12:58 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2015-02-08 13:47 - 2013-06-26 20:14 - 00000000 ____D () C:\Program Files (x86)\Wondershare
2015-02-08 13:43 - 2012-12-29 22:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexware
2015-02-08 09:46 - 2013-04-19 18:40 - 00000000 ____D () C:\Users\User\AppData\Local\Downloaded Installations
2015-02-08 09:46 - 2012-09-26 11:12 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-08 09:46 - 2012-09-07 15:25 - 00000000 ____D () C:\Users\User\AppData\Roaming\HpUpdate
2015-02-08 09:46 - 2012-09-03 21:29 - 00000000 ____D () C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2015-02-08 09:46 - 2012-08-28 20:57 - 00000000 ____D () C:\Users\User\AppData\Local\Microsoft Help
2015-02-08 09:36 - 2011-02-11 20:57 - 00000000 ____D () C:\windows\Panther
2015-02-08 09:26 - 2013-08-05 12:27 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avnetflt.sys
2015-02-08 09:26 - 2013-08-05 12:26 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys
2015-02-08 09:26 - 2013-08-05 12:26 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys
2015-02-07 10:03 - 2013-03-05 12:05 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-06 06:48 - 2012-09-06 08:36 - 00701616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-02-06 06:48 - 2012-09-06 08:36 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-06 06:48 - 2012-09-06 08:36 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-02-03 22:10 - 2012-11-07 16:32 - 00004106 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-03 22:10 - 2012-11-07 16:32 - 00003854 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-02 20:54 - 2014-08-17 12:32 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-02 20:54 - 2013-08-05 12:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-02-02 20:53 - 2013-08-05 12:26 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-01-29 19:24 - 2012-11-07 16:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-01-18 19:21 - 2013-07-24 08:18 - 00000000 ____D () C:\windows\system32\MRT
2015-01-18 19:05 - 2012-08-17 11:01 - 113365784 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-01-18 17:52 - 2013-02-08 13:23 - 03725312 _____ () C:\Users\User\AppData\Local\wnc.db
2015-01-18 17:52 - 2013-02-08 13:23 - 00037745 _____ () C:\Users\User\Documents\WriteNCite.trace.log
2015-01-17 09:25 - 2013-02-08 13:23 - 01298339 _____ () C:\Users\User\AppData\Local\wnc.log.0
2015-01-17 09:24 - 2013-02-08 13:23 - 00000000 _____ () C:\Users\User\AppData\Local\wnc.log.0.lck

==================== Files in the root of some directories =======

2012-08-16 11:18 - 2012-08-16 11:19 - 0000046 _____ () C:\Users\User\AppData\Roaming\AbsoluteReminder.xml
2013-02-08 13:23 - 2015-01-18 17:52 - 3725312 _____ () C:\Users\User\AppData\Local\wnc.db
2013-02-08 13:23 - 2015-01-17 09:25 - 1298339 _____ () C:\Users\User\AppData\Local\wnc.log.0
2013-02-16 13:44 - 2013-08-22 15:51 - 0006129 _____ () C:\Users\User\AppData\Local\wnc.log.0.1
2013-02-16 13:44 - 2013-08-22 15:49 - 0000000 _____ () C:\Users\User\AppData\Local\wnc.log.0.1.lck
2013-02-08 13:23 - 2015-01-17 09:24 - 0000000 _____ () C:\Users\User\AppData\Local\wnc.log.0.lck
2013-02-08 13:23 - 2013-02-08 13:23 - 0000440 _____ () C:\Users\User\AppData\Local\wnc.properties
2012-09-03 17:59 - 2012-09-03 17:59 - 0000048 ____H () C:\ProgramData\ezsidmv.dat
2012-09-07 15:16 - 2013-07-17 12:29 - 0006419 _____ () C:\ProgramData\hpzinstall.log

Some content of TEMP:
====================
C:\Users\User\AppData\Local\Temp\avgnt.exe
C:\Users\User\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprnfiah.dll
C:\Users\User\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpykfo5q.dll
C:\Users\User\AppData\Local\Temp\Quarantine.exe
C:\Users\User\AppData\Local\Temp\sqlite3.dll
C:\Users\User\AppData\Local\Temp\uninst.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-08 18:46

==================== End Of Log ============================

--- --- ---

Addition Logfile:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-02-2015
Ran by User at 2015-02-09 19:26:47
Running from C:\Users\User\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

„Windows Live Essentials“ (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
„Windows Live Mail“ (x32 Version: 15.4.3502.0922 - „Microsoft Corporation“) Hidden
„Windows Live Messenger“ (x32 Version: 15.4.3538.0513 - „Microsoft Corporation“) Hidden
„Windows Live“ fotogalerija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
2007 Microsoft Office system (HKLM-x32\...\PROHYBRIDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Avira (HKLM-x32\...\{2c18809c-4097-4b51-a4d0-3deade730ef3}) (Version: 1.1.29.22350 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.29.22350 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
CCleaner (HKLM\...\CCleaner) (Version: 3.28 - Piriform)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.5016 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKU\S-1-5-21-1365210169-2043555165-912279061-1000\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
Dropbox (HKU\S-1-5-21-1365210169-2043555165-912279061-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
Druckerdeinstallation für EPSON SX420W Series (HKLM\...\EPSON SX420W Series) (Version:  - SEIKO EPSON Corporation)
Easy File Share (HKLM-x32\...\{12F81925-F3C1-40DB-91F7-777817974319}) (Version: 1.2.4 - Samsung Electronics CO., LTD.)
Easy Migration (HKLM-x32\...\{EDE7A262-DB20-4432-A630-2ACEE186C416}) (Version: 1.0 - Samsung Electronics CO., LTD.)
Easy Settings (HKLM-x32\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 1.1 - Samsung Electronics CO., LTD.)
Easy Software Manager (HKLM-x32\...\{DE256D8B-D971-456D-BC02-CB64DA24F115}) (Version: 1.2.17.12 - Samsung Electronics CO., LTD.)
Easy Support Center (HKLM\...\{0738F5F1-8E70-49A6-8692-F5722E1E5A4D}) (Version: 1.2.23 - Samsung Electronics CO., LTD.)
E-POP (HKLM-x32\...\{F06DD8D9-9DC8-430C-835C-C9BF21E05CC1}) (Version: 1.0.1 - Samsung Electronics CO., LTD.)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION)
EpsonNet Setup 3.3 (HKLM-x32\...\{C9D8A041-2963-4B31-8FFC-1500F3DB9293}) (Version: 3.3b - SEIKO EPSON CORPORATION)
Fast Flash Sleep Resume (x32 Version: 1.0.19 - Samsung) Hidden
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Garmin Communicator Plugin (HKLM-x32\...\{032A13FF-D26D-4844-9597-7EF698627985}) (Version: 4.1.0 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin x64 (HKLM\...\{AFA301E1-B410-4F1B-B1C0-2E92FDCD94AD}) (Version: 4.1.0 - Garmin Ltd or its subsidiaries)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)
Google Drive (HKLM-x32\...\{65EACBB4-B0B8-4A5B-AE46-22DBE15C70B5}) (Version: 1.19.8406.6504 - Google, Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.1.0.001 - HTC Corporation)
HTC Sync Manager (HKLM-x32\...\{5002C5B1-B688-474A-AB3A-9B65DBD38FF9}) (Version: 2.0.52.0 - HTC)
Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.35342 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.2.1410 - Intel Corporation)
Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2618 - Intel Corporation)
Intel(R) PROSet/Wireless for Bluetooth(R) 3.0 + High Speed (HKLM\...\{2C0E6BD4-65B1-4E82-B2AC-43EFFC8F100C}) (Version: 15.0.0.0059 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{520C4DD4-2BC7-409B-BA48-E1A4F832662D}) (Version: 2.1.0.0140 - Intel Corporation)
Intel(R) Rapid Start Technology (HKLM-x32\...\3D073343-CEEB-4ce7-85AC-A69A7631B5D6) (Version: 1.0.0.1021 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.1.209 - Intel Corporation)
Intel(R) WiDi (HKLM-x32\...\{93F34C5C-ACAA-48F3-9B26-70359A117F12}) (Version: 3.0.12.0 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{DF7756DD-656A-45C3-BA71-74673E8259A9}) (Version: 15.00.0000.0642 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.8 - HTC)
Java 7 Update 6 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417006FF}) (Version: 7.0.60 - Oracle)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lexware Installations Dienst (HKLM-x32\...\{2388A683-06AA-4A2E-96B1-65E557E53D1D}) (Version: 2.00.00.0036 - Haufe-Lexware GmbH & Co.KG)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mein CEWE FOTOBUCH (HKLM-x32\...\Mein CEWE FOTOBUCH) (Version: 5.0.4 - CEWE COLOR AG u Co. OHG)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft – Speichern als PDF – Add-In für 2007 Microsoft Office-Programme (HKLM-x32\...\{90120000-00B0-0407-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [DEU] (HKLM-x32\...\{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Native Client (HKLM\...\{79A2C6E8-C727-4D12-B4B3-19790C181DEA}) (Version: 10.52.4000.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Setup (English) (HKLM\...\{C3525BF7-3698-4CD3-A8C3-69BD6F57BA3B}) (Version: 10.52.4000.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server Browser (HKLM-x32\...\{BF9BF038-FE03-429D-9B26-2FA0FD756052}) (Version: 10.52.4000.0 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{288D79EE-A2D1-42AF-9597-B0ADCC23A8ED}) (Version: 10.52.4000.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Mozilla Thunderbird 31.3.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.3.0 (x86 de)) (Version: 31.3.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Multimedia POP (HKLM-x32\...\{89515152-B92C-4E1C-8274-AD897985DE9F}) (Version: 1.1 - Samsung Electronics CO., LTD.)
PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.0 - pdfforge)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Samsung Recovery Solution 5 (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 5.0.2.6 - Samsung Electronics CO., LTD.)
Service Pack 2 for SQL Server 2008 R2 (KB2630458) (64-bit) (HKLM\...\KB2630458) (Version: 10.52.4000.0 - Microsoft Corporation)
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
Software Launcher (HKLM-x32\...\{B750B5C2-CC17-4967-905B-29F4EB986131}) (Version: 1.0.2 - Samsung Electronics CO., LTD.)
Spotify (HKU\S-1-5-21-1365210169-2043555165-912279061-1000\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
Spotify (HKU\S-1-5-21-1365210169-2043555165-912279061-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
TAXMAN 2013 (HKLM-x32\...\{F289D934-2224-473B-B57E-0040D2693F83}) (Version: 19.07.00.0004 - Haufe-Lexware GmbH & Co.KG)
TAXMAN 2014 (HKLM-x32\...\{4A1C559D-38F6-49CF-BDA5-CF354FFE04E4}) (Version: 20.04.00.0003 - Haufe-Lexware GmbH & Co.KG)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
User Guide (HKLM-x32\...\{5EE414DC-70E2-47F4-B60D-5C3316A1DA0A}) (Version: 1.2 - )
VLC media player 2.0.3 (HKLM-x32\...\VLC media player) (Version: 2.0.3 - VideoLAN)
Windows Live 程式集 (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1365210169-2043555165-912279061-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1365210169-2043555165-912279061-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1365210169-2043555165-912279061-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1365210169-2043555165-912279061-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1365210169-2043555165-912279061-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1365210169-2043555165-912279061-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1365210169-2043555165-912279061-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1365210169-2043555165-912279061-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1365210169-2043555165-912279061-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

03-02-2015 22:21:14 Windows Update
07-02-2015 10:12:19 Windows Update
08-02-2015 13:37:54 TuneUp Utilities 2014 wird entfernt
08-02-2015 13:39:24 TuneUp Utilities 2014 (de-DE) wird entfernt
08-02-2015 13:42:22 Removed TAXMAN 2012.
08-02-2015 13:47:40 Removed IBM SPSS Statistics 20.
08-02-2015 13:49:22 Removed IBM SPSS Statistics 20.
08-02-2015 13:54:23 Removed Cuttermaran 1.70
08-02-2015 13:55:03 Removed iTunes
08-02-2015 13:58:00 Removed QuickTime
08-02-2015 13:59:31 Removed Apple Application Support
08-02-2015 14:00:34 Removed Geosense for Windows
08-02-2015 14:02:29 Removed Write-N-Cite.
08-02-2015 14:04:41 Removed Absolute Reminder
08-02-2015 14:06:31 Removed ExpressCache.
08-02-2015 14:33:27 Removed Realtek Ethernet Controller Driver
08-02-2015 20:15:39 Removed User Guide
08-02-2015 20:17:36 Removed Lexware Datenbank plus 2013.
08-02-2015 20:20:50 Removed Lexware reisekosten plus 2013.
08-02-2015 20:23:59 Removed Lexware Info Service.
08-02-2015 20:25:01 Removed Lexware online banking.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {114B90F0-AF00-4E9D-886F-6E6576AEFDAE} - System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe [2012-04-03] (Samsung Electronics Co., Ltd.)
Task: {14F500A4-AB0F-4383-BCDE-626C640B8D30} - System32\Tasks\MovieColorEnhancer => C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe [2012-01-31] (Samsung Electronics Co., Ltd.)
Task: {177075BE-C15C-487D-A9D7-456F7456C931} - System32\Tasks\{55CFD477-4871-4EDF-9DB1-CBC2076BA24E} => pcalua.exe -a C:\Users\User\Downloads\epson374999eu.exe -d C:\Users\User\Downloads
Task: {36519359-8423-4BD2-803F-B65CD1A2A622} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {394CB7D7-0799-47DC-BB41-8602BCE8E2A7} - System32\Tasks\FFSRConfigurer => C:\Program Files (x86)\Samsung\Fast Flash Sleep Resume\FFSRConfigurer.exe [2012-03-29] (Samsung)
Task: {396B284D-BF7D-4D14-AFCF-1458610B1F47} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-06] (Adobe Systems Incorporated)
Task: {3A4472E3-7891-47B9-B6BC-D89493ABDF07} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
Task: {3E7C3E55-C7CB-465C-A8C3-BFA114EE0F2B} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {41ADF3CC-A9EE-4806-A9DB-AF8340F82B1F} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {45441369-69EA-47A1-B088-17AC1D4143B8} - System32\Tasks\EasySupportCenter => C:\Program Files\Samsung\Easy Support Center\SamoyedAgent.exe [2012-04-19] (Samsung Electronics CO., LTD.)
Task: {564DA579-EFE2-45ED-9376-B71944ABB078} - System32\Tasks\WLANStartup => C:\Program Files (x86)\Samsung\Easy Settings\WLANStartup.exe [2012-04-03] (Samsung Electronics)
Task: {6133C906-F3A7-4516-A3C2-4E1DC899CE84} - System32\Tasks\EasyBatteryManager => C:\Program Files (x86)\Samsung\Easy Settings\EBM\EasyBatteryMgr4.exe [2011-11-18] (SAMSUNG Electronics co., LTD.)
Task: {6D1338E0-FA4A-45FE-8440-7E8D5D139866} - System32\Tasks\SCCSpeedBoot => C:\Program Files (x86)\Samsung\Easy Settings\SCCSpeedBoot.exe [2012-03-27] (Samsung Electronics Co., Ltd.)
Task: {7888AEAF-5DF1-4CE6-96FB-3F73393102CA} - System32\Tasks\Intel® Rapid Start Technology Manager => C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe [2012-02-06] (Intel)
Task: {78E67463-45A0-4923-B9E0-F2498E20F626} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {7B5A0EB6-C526-4E20-95C4-6655C556F840} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-02-16] (CyberLink)
Task: {84104818-BFE6-4B07-AE43-B246AC1CE493} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-07] (Google Inc.)
Task: {8EDDEB03-1F82-4047-87AA-AD1BF4553B06} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {A56A400A-E53D-41E9-BD5D-3EBEC2C10DC7} - System32\Tasks\Easy Software Manager Agent => C:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exe [2012-04-06] (Samsung Electronics CO., LTD.)
Task: {AB5704FF-8788-4C87-948D-1FECF4F84A88} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-02-19] (Piriform Ltd)
Task: {ACD3B2E8-5AB1-42D6-9785-BD2C2B54E8B4} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-09-26] (Oracle Corporation)
Task: {AD37742E-776F-4715-B947-FBEDA4E43F2E} - System32\Tasks\EasySpeedUpManager => C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe [2012-01-31] (Samsung Electronics)
Task: {C41B4925-F8C4-4D2D-9F7E-DBA4490821BB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-07] (Google Inc.)
Task: {CA174AFB-6101-4330-8297-8B2464BC5473} - System32\Tasks\advSRS5 => C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe [2012-01-28] (SEC)
Task: {CC9B7305-AAA6-434F-93B6-721F22635CEC} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {D2C96A0F-34AB-4A4A-8C98-1E68F7CC9D43} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {DA025B60-3345-4668-B805-CC6C99EC2F2D} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {DA27D27A-D373-4D51-9417-5D419E1CEA12} - System32\Tasks\SmartSetting => C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe [2012-03-27] (Samsung Electronics Co., Ltd.)
Task: {E694B5B1-68BF-4AE0-A4B4-6E854DC440E8} - System32\Tasks\Lexware-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Lexware\Update Manager\LxUpdateManager.exe
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe

==================== Loaded Modules (whitelisted) ==============

2012-04-12 09:45 - 2012-02-08 03:03 - 00128280 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
2013-04-03 12:29 - 2013-04-03 12:29 - 00169312 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
2012-12-07 17:27 - 2012-12-07 17:27 - 00167424 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2012-04-12 10:03 - 2012-02-13 07:02 - 00031624 _____ () C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe
2013-04-03 12:26 - 2013-04-03 12:26 - 00030056 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DbAccess.dll
2013-04-03 12:27 - 2013-04-03 12:27 - 00607376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\sqlite3.dll
2013-04-03 12:28 - 2013-04-03 12:28 - 00044392 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NAdvLog.dll
2013-04-03 12:28 - 2013-04-03 12:28 - 00036216 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NFileCacheDBAccess.dll
2013-04-03 12:29 - 2013-04-03 12:29 - 00080248 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\ninstallerhelper.dll
2013-04-03 12:37 - 2013-04-03 12:37 - 00223592 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DevConnMon.dll
2012-04-12 10:03 - 2006-08-12 04:48 - 00049152 _____ () C:\Program Files (x86)\Samsung\Easy Settings\HookDllPS2.dll
2012-04-12 10:03 - 2011-02-16 17:03 - 00203776 _____ () C:\Program Files (x86)\Samsung\Easy Settings\WinCRT.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00750080 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-02-08 20:09 - 2015-02-08 20:09 - 00043008 _____ () c:\users\user\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprnfiah.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00047616 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\libEGL.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00863744 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00200704 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2015-02-08 20:08 - 2015-02-08 20:08 - 00098816 _____ () C:\Users\User\AppData\Local\Temp\_MEI26962\win32api.pyd
2015-02-08 20:08 - 2015-02-08 20:08 - 00110080 _____ () C:\Users\User\AppData\Local\Temp\_MEI26962\pywintypes27.dll
2015-02-08 20:08 - 2015-02-08 20:08 - 00364544 _____ () C:\Users\User\AppData\Local\Temp\_MEI26962\pythoncom27.dll
2015-02-08 20:08 - 2015-02-08 20:08 - 00045568 _____ () C:\Users\User\AppData\Local\Temp\_MEI26962\_socket.pyd
2015-02-08 20:08 - 2015-02-08 20:08 - 01160704 _____ () C:\Users\User\AppData\Local\Temp\_MEI26962\_ssl.pyd
2015-02-08 20:08 - 2015-02-08 20:08 - 00320512 _____ () C:\Users\User\AppData\Local\Temp\_MEI26962\win32com.shell.shell.pyd
2015-02-08 20:08 - 2015-02-08 20:08 - 00713216 _____ () C:\Users\User\AppData\Local\Temp\_MEI26962\_hashlib.pyd
2015-02-08 20:08 - 2015-02-08 20:08 - 01175040 _____ () C:\Users\User\AppData\Local\Temp\_MEI26962\wx._core_.pyd
2015-02-08 20:08 - 2015-02-08 20:08 - 00805888 _____ () C:\Users\User\AppData\Local\Temp\_MEI26962\wx._gdi_.pyd
2015-02-08 20:08 - 2015-02-08 20:08 - 00811008 _____ () C:\Users\User\AppData\Local\Temp\_MEI26962\wx._windows_.pyd
2015-02-08 20:08 - 2015-02-08 20:08 - 01062400 _____ () C:\Users\User\AppData\Local\Temp\_MEI26962\wx._controls_.pyd
2015-02-08 20:08 - 2015-02-08 20:08 - 00735232 _____ () C:\Users\User\AppData\Local\Temp\_MEI26962\wx._misc_.pyd
2015-02-08 20:08 - 2015-02-08 20:08 - 00557056 _____ () C:\Users\User\AppData\Local\Temp\_MEI26962\pysqlite2._sqlite.pyd
2015-02-08 20:08 - 2015-02-08 20:08 - 00128512 _____ () C:\Users\User\AppData\Local\Temp\_MEI26962\_elementtree.pyd
2015-02-08 20:08 - 2015-02-08 20:08 - 00127488 _____ () C:\Users\User\AppData\Local\Temp\_MEI26962\pyexpat.pyd
2015-02-08 20:08 - 2015-02-08 20:08 - 00087552 _____ () C:\Users\User\AppData\Local\Temp\_MEI26962\_ctypes.pyd
2015-02-08 20:08 - 2015-02-08 20:08 - 00119808 _____ () C:\Users\User\AppData\Local\Temp\_MEI26962\win32file.pyd
2015-02-08 20:08 - 2015-02-08 20:08 - 00108544 _____ () C:\Users\User\AppData\Local\Temp\_MEI26962\win32security.pyd
2015-02-08 20:08 - 2015-02-08 20:08 - 00007168 _____ () C:\Users\User\AppData\Local\Temp\_MEI26962\hashobjs_ext.pyd
2015-02-08 20:08 - 2015-02-08 20:08 - 00167936 _____ () C:\Users\User\AppData\Local\Temp\_MEI26962\win32gui.pyd
2015-02-08 20:08 - 2015-02-08 20:08 - 00018432 _____ () C:\Users\User\AppData\Local\Temp\_MEI26962\win32event.pyd
2015-02-08 20:08 - 2015-02-08 20:08 - 00038912 _____ () C:\Users\User\AppData\Local\Temp\_MEI26962\win32inet.pyd
2015-02-08 20:08 - 2015-02-08 20:08 - 00011264 _____ () C:\Users\User\AppData\Local\Temp\_MEI26962\win32crypt.pyd
2015-02-08 20:08 - 2015-02-08 20:08 - 00070656 _____ () C:\Users\User\AppData\Local\Temp\_MEI26962\wx._html2.pyd
2015-02-08 20:08 - 2015-02-08 20:08 - 00027136 _____ () C:\Users\User\AppData\Local\Temp\_MEI26962\_multiprocessing.pyd
2015-02-08 20:08 - 2015-02-08 20:08 - 00035840 _____ () C:\Users\User\AppData\Local\Temp\_MEI26962\win32process.pyd
2015-02-08 20:08 - 2015-02-08 20:08 - 00686080 _____ () C:\Users\User\AppData\Local\Temp\_MEI26962\unicodedata.pyd
2015-02-08 20:08 - 2015-02-08 20:08 - 00122368 _____ () C:\Users\User\AppData\Local\Temp\_MEI26962\wx._wizard.pyd
2015-02-08 20:08 - 2015-02-08 20:08 - 00024064 _____ () C:\Users\User\AppData\Local\Temp\_MEI26962\win32pipe.pyd
2015-02-08 20:08 - 2015-02-08 20:08 - 00025600 _____ () C:\Users\User\AppData\Local\Temp\_MEI26962\win32pdh.pyd
2015-02-08 20:08 - 2015-02-08 20:08 - 00525640 _____ () C:\Users\User\AppData\Local\Temp\_MEI26962\windows._lib_cacheinvalidation.pyd
2015-02-08 20:08 - 2015-02-08 20:08 - 00010240 _____ () C:\Users\User\AppData\Local\Temp\_MEI26962\select.pyd
2015-02-08 20:08 - 2015-02-08 20:08 - 00017408 _____ () C:\Users\User\AppData\Local\Temp\_MEI26962\win32profile.pyd
2015-02-08 20:08 - 2015-02-08 20:08 - 00022528 _____ () C:\Users\User\AppData\Local\Temp\_MEI26962\win32ts.pyd
2015-02-08 20:08 - 2015-02-08 20:08 - 00078336 _____ () C:\Users\User\AppData\Local\Temp\_MEI26962\wx._animate.pyd
2012-04-12 09:53 - 2011-09-08 11:40 - 01645056 _____ () C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll
2012-04-12 09:45 - 2012-02-08 02:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2015-02-07 10:03 - 2015-02-04 10:02 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libglesv2.dll
2015-02-07 10:03 - 2015-02-04 10:02 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libegl.dll
2015-02-07 10:03 - 2015-02-04 10:02 - 09170760 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\pdf.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Registry Areas =====================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1365210169-2043555165-912279061-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1365210169-2043555165-912279061-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: ApplePhotoStreams => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BLEServicesCtrl => C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
MSCONFIG\startupreg: BTMTrayAgent => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
MSCONFIG\startupreg: com.apple.dav.bookmarks.daemon => C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
MSCONFIG\startupreg: ETDCtrl => %ProgramFiles%\Elantech\ETDCtrl.exe
MSCONFIG\startupreg: HotKeysCmds => C:\windows\system32\hkcmd.exe
MSCONFIG\startupreg: iCloudServices => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
MSCONFIG\startupreg: IgfxTray => C:\windows\system32\igfxtray.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LexwareInfoService => C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart
MSCONFIG\startupreg: Norton Online Backup => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
MSCONFIG\startupreg: Persistence => C:\windows\system32\igfxpers.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: Spotify => "C:\Users\User\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: USB3MON => "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"

==================== Accounts: =============================

Administrator (S-1-5-21-1365210169-2043555165-912279061-500 - Administrator - Disabled)
Gast (S-1-5-21-1365210169-2043555165-912279061-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1365210169-2043555165-912279061-1004 - Limited - Enabled)
User (S-1-5-21-1365210169-2043555165-912279061-1000 - Administrator - Enabled) => C:\Users\User

==================== Faulty Device Manager Devices =============

Name: Ethernet-Controller
Description: Ethernet-Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/09/2015 07:23:20 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (02/08/2015 11:22:22 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (02/08/2015 11:22:16 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (02/08/2015 11:22:16 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (02/08/2015 11:21:55 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (02/08/2015 11:21:37 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.


System errors:
=============
Error: (02/09/2015 07:33:54 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst MBAMScheduler erreicht.

Error: (02/08/2015 08:56:56 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}


Microsoft Office Sessions:
=========================
Error: (08/16/2013 03:24:27 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 20895 seconds with 2940 seconds of active time.  This session ended with a crash.

Error: (08/16/2013 11:05:01 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 4890 seconds with 3000 seconds of active time.  This session ended with a crash.

Error: (08/13/2013 09:59:39 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 6407 seconds with 4320 seconds of active time.  This session ended with a crash.

Error: (08/05/2013 00:21:44 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 13010 seconds with 2460 seconds of active time.  This session ended with a crash.

Error: (04/27/2013 08:04:36 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 27137 seconds with 10500 seconds of active time.  This session ended with a crash.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-3317U CPU @ 1.70GHz
Percentage of memory in use: 61%
Total physical RAM: 5925.54 MB
Available physical RAM: 2274.79 MB
Total Pagefile: 11849.25 MB
Available Pagefile: 7605.84 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:442.4 GB) (Free:347.36 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 97B4250C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=442.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=23.3 GB) - (Type=27)

========================================================
Disk: 1 (Size: 22.4 GB) (Disk ID: 74F02DEA)
Partition 1: (Not Active) - (Size=17.9 GB) - (Type=73)
Partition 2: (Not Active) - (Size=4.5 GB) - (Type=84)

==================== End Of Log ============================

Vielen Dank & viele Grüße

Katharina

cosinus · 09.02.2015, 21:35

Zukünftig bitte beachten:

Zitat:

Running from C:\Users\User\Downloads

Leider hast du unsere Anleitung nicht richtig befolgt:
Bitte alle Tools direkt auf den Desktop downloaden bzw. dorthin verschieben und vom Desktop starten, da unsere Anleitungen daraufhin ausgelegt sind.
Zudem lassen sich dann am Ende der Bereinigung alle verwendeten Tools sehr einfach entfernen.
Alle Tools bis zum Ende der Bereinigung auf dem Desktop lassen, evtl. benötigen wir manche öfter.

Adware/Junkware/Toolbars entfernen

Alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop!
Virenscanner jetzt vor dem Einsatz dieser Tools bitte komplett deaktivieren!

1. Schritt: adwCleaner

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Katharina_14 · 09.02.2015, 22:38

Hallo cosinus,

ohje, da habe ich wohl alles falsch gemacht. Sorry dafür und vielen Dank für die Geduld!

Anbei der (hoffentlich) richtige Logfile:

AdwCleaner:

Code:

ATTFilter

# AdwCleaner v4.110 - Bericht erstellt 09/02/2015 um 22:05:46
# Aktualisiert 05/02/2015 von Xplode
# Datenbank : 2015-02-09.1 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64)
# Benutzername : User - USER-NB
# Gestarted von : C:\Users\User\Desktop\AdwCleaner_4.110.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Datei Gelöscht : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
Datei Gelöscht : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
Datei Gelöscht : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
Datei Gelöscht : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal

***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Mozilla Firefox v


-\\ Google Chrome v40.0.2214.111


*************************

AdwCleaner[R0].txt - [27635 Bytes] - [08/02/2015 20:00:46]
AdwCleaner[R1].txt - [1470 Bytes] - [09/02/2015 22:01:52]
AdwCleaner[S0].txt - [28330 Bytes] - [08/02/2015 20:05:53]
AdwCleaner[S1].txt - [1392 Bytes] - [09/02/2015 22:05:46]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1451  Bytes] ##########

JRT:

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 7 Home Premium x64
Ran by User on 09.02.2015 at 22:18:36,38
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] "C:\Users\User\appdata\local\google\chrome\user data\default\local storage\http_www.superfish.com_0.localstorage"
Successfully deleted: [File] "C:\Users\User\appdata\local\google\chrome\user data\default\local storage\http_www.superfish.com_0.localstorage-journal"



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 09.02.2015 at 22:28:58,58
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-02-2015
Ran by User (administrator) on USER-NB on 09-02-2015 22:34:33
Running from C:\Users\User\Desktop
Loaded Profiles: User (Available profiles: User)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exe
(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Lexware\Installer Service\LxInstallerService.exe
() C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Spotify Ltd) C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Dropbox, Inc.) C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\Easy Support Center\SamoyedAgent.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
() C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Thisisu) C:\Users\User\Desktop\JRT.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2015-02-08] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126712 2015-01-19] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1365210169-2043555165-912279061-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23308256 2015-01-15] (Google)
HKU\S-1-5-21-1365210169-2043555165-912279061-1000\...\Run: [EPSON SX420W Series] => C:\windows\system32\spool\DRIVERS\x64\3\E_IATIGCE.EXE [224768 2013-02-16] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1365210169-2043555165-912279061-1000\...\Run: [Epson Stylus SX420W(Netzwerk)] => C:\windows\system32\spool\DRIVERS\x64\3\E_IATIGCE.EXE [224768 2013-02-16] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1365210169-2043555165-912279061-1000\...\Run: [SFTray] => C:\Users\User\AppData\Local\SuperFast\tray\sftrayicon.exe
HKU\S-1-5-21-1365210169-2043555165-912279061-1000\...\Run: [GoogleChromeAutoLaunch_BCEA24321E5E4F1401136BBEDFB545FE] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-02-04] (Google Inc.)
HKU\S-1-5-21-1365210169-2043555165-912279061-1000\...\Run: [Spotify Web Helper] => C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2015-01-04] (Spotify Ltd)
HKU\S-1-5-21-1365210169-2043555165-912279061-1000\...\MountPoints2: {94860e43-c212-11e3-8292-c485080b55c6} - D:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-1365210169-2043555165-912279061-1000\...\MountPoints2: {a478dfdd-39e5-11e4-b05f-e8039aad9601} - D:\HTC_Sync_Manager_PC.exe
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1365210169-2043555165-912279061-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.2

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\a802c9ez.default
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin: @java.com/DTPlugin,version=10.6.2 -> C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.6.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Extension: Avira Browser Safety - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\a802c9ez.default\Extensions\abs@avira.com [2015-02-04]
FF Extension: Garmin Communicator - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\a802c9ez.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2014-07-21]
FF Extension: JavaScript Debugger - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\a802c9ez.default\Extensions\{f13b157f-b174-47e7-a34d-4815ddfdfeb8}.xpi [2012-12-05]
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-04-27]
FF Extension: No Name - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\a802c9ez.default\extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900}.xpi [Not Found]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www%2Cgoogle.de/"
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-03-07]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-07]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-03-05]
CHR Extension: (Facebook) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm [2013-03-05]
CHR Extension: (Gmail offline) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2013-03-05]
CHR Extension: (Avira Browserschutz) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-08-23]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-18]
CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR HKU\S-1-5-21-1365210169-2043555165-912279061-1000\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2015-02-08] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2015-02-08] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [182520 2015-01-19] (Avira Operations GmbH & Co. KG)
R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2013-01-29] (Nero AG)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-08] ()
R2 irstrtsv; C:\windows\SysWOW64\irstrtsv.exe [193536 2012-02-06] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-08] (Intel Corporation)
R2 Lexware Installations Dienst; C:\Program Files (x86)\lexware\installer service\LxInstallerService.exe [24064 2012-10-07] (Haufe-Lexware GmbH & Co. KG) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2011-12-08] ()
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 SamsungDeviceConfigurationWinService; C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe [31624 2012-02-13] () [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [594704 2011-12-08] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31920 2013-06-02] (Wondershare)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2015-02-08] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2015-02-08] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-01] (Avira Operations GmbH & Co. KG)
R3 irstrtdv; C:\Windows\System32\DRIVERS\irstrtdv.sys [26504 2012-02-07] (Intel Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-09] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-09 22:34 - 2015-02-09 22:35 - 00020487 _____ () C:\Users\User\Desktop\FRST.txt
2015-02-09 22:31 - 2015-02-09 22:31 - 02132992 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2015-02-09 22:28 - 2015-02-09 22:28 - 00000922 _____ () C:\Users\User\Desktop\JRT.txt
2015-02-09 22:15 - 2015-02-09 22:16 - 01388274 _____ (Thisisu) C:\Users\User\Desktop\JRT.exe
2015-02-09 21:58 - 2015-02-09 21:58 - 02112512 _____ () C:\Users\User\Desktop\AdwCleaner_4.110.exe
2015-02-09 19:24 - 2015-02-09 22:34 - 00000000 ____D () C:\FRST
2015-02-08 20:44 - 2015-02-08 20:44 - 00001790 _____ () C:\sc-cleaner.txt
2015-02-08 20:00 - 2015-02-09 22:05 - 00000000 ____D () C:\AdwCleaner
2015-02-08 19:57 - 2015-02-08 19:57 - 00003098 _____ () C:\mbam.txt
2015-02-08 19:48 - 2015-02-09 22:06 - 00001402 _____ () C:\windows\PFRO.log
2015-02-08 19:05 - 2015-02-09 22:12 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-08 19:05 - 2015-02-08 19:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-02-08 19:05 - 2015-02-08 19:05 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-08 19:05 - 2015-02-08 19:05 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-02-08 19:05 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-02-08 19:05 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-02-08 19:05 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-02-08 14:45 - 2015-02-09 22:07 - 00000607 _____ () C:\windows\setupact.log
2015-02-08 14:45 - 2015-02-08 14:45 - 00000000 _____ () C:\windows\setuperr.log
2015-02-08 14:37 - 2012-03-14 11:49 - 02212176 _____ (ELAN Microelectronics Corp.) C:\windows\ETDUninst.dll
2015-02-08 09:46 - 2015-02-08 09:46 - 00003774 _____ () C:\windows\System32\Tasks\Lexware-Online-Aktualisierungsprogramm
2015-02-08 09:46 - 2015-02-08 09:46 - 00003704 _____ () C:\windows\System32\Tasks\Java Update Scheduler
2015-02-05 18:00 - 2015-02-05 18:00 - 00001405 _____ () C:\Users\User\FreeYTVDownloader.xml
2015-02-05 18:00 - 2015-02-05 18:00 - 00000008 _____ () C:\Users\User\FreeYTVDownloader.xml.lck
2015-02-05 18:00 - 2015-02-05 18:00 - 00000000 ____D () C:\Users\User\Desktop\ISTANBUL
2015-02-04 06:48 - 2015-02-08 13:40 - 00000238 _____ () C:\Users\User\updhelper.xml
2015-02-04 06:48 - 2015-02-04 06:48 - 00000008 _____ () C:\Users\User\updhelper.xml.lck
2015-02-04 06:48 - 2015-02-04 06:48 - 00000000 ____D () C:\Users\User\AppData\Roaming\TuneUp Software
2015-02-04 06:48 - 2015-02-04 06:48 - 00000000 ____D () C:\Users\User\AppData\Local\TuneUp Software
2015-02-04 06:46 - 2015-02-08 09:46 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2015-02-04 06:46 - 2015-02-04 06:49 - 00000000 ____D () C:\ProgramData\TuneUp Software
2015-02-04 06:45 - 2015-02-08 13:41 - 00000000 ____D () C:\Users\User\AppData\Roaming\DVDVideoSoft
2015-01-26 21:03 - 2015-02-08 13:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-13 21:07 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys
2015-01-13 21:07 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\windows\system32\nlasvc.dll
2015-01-13 21:07 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncsi.dll
2015-01-13 21:07 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\windows\SysWOW64\nlaapi.dll
2015-01-13 21:06 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll
2015-01-13 21:06 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-01-13 21:06 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-01-13 21:06 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-01-13 21:06 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-01-13 21:06 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-01-13 21:06 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-01-13 21:06 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-01-13 21:06 - 2014-12-11 18:47 - 00087040 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2015-01-10 10:44 - 2015-01-10 10:44 - 00000000 __SHD () C:\Users\User\AppData\Local\EmieBrowserModeList

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-09 22:18 - 2009-07-14 05:45 - 00028848 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-09 22:18 - 2009-07-14 05:45 - 00028848 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-09 22:15 - 2012-11-07 16:32 - 00001110 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-09 22:15 - 2012-11-07 16:32 - 00001106 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-09 22:15 - 2012-04-13 01:55 - 00699666 _____ () C:\windows\system32\perfh007.dat
2015-02-09 22:15 - 2012-04-13 01:55 - 00149774 _____ () C:\windows\system32\perfc007.dat
2015-02-09 22:15 - 2009-07-14 06:13 - 01620612 _____ () C:\windows\system32\PerfStringBackup.INI
2015-02-09 22:13 - 2014-08-17 12:32 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-09 22:13 - 2013-08-05 12:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-02-09 22:13 - 2013-08-05 12:26 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-02-09 22:12 - 2012-11-07 16:35 - 00000000 ___RD () C:\Users\User\Google Drive
2015-02-09 22:12 - 2012-09-26 11:15 - 00000000 ___RD () C:\Users\User\Dropbox
2015-02-09 22:12 - 2012-09-26 11:11 - 00000000 ____D () C:\Users\User\AppData\Roaming\Dropbox
2015-02-09 22:09 - 2013-04-19 18:42 - 00000000 ____D () C:\Users\User\AppData\Local\HTC MediaHub
2015-02-09 22:07 - 2012-04-12 09:46 - 00000828 _____ () C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2015-02-09 22:07 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-02-09 22:06 - 2012-04-13 01:41 - 01180815 _____ () C:\windows\WindowsUpdate.log
2015-02-09 21:44 - 2012-09-06 08:36 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-02-09 20:15 - 2014-12-19 08:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-02-09 19:18 - 2012-11-07 15:57 - 00003922 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{D99212E1-08C3-47C2-8035-3402CA755C95}
2015-02-09 19:17 - 2012-04-12 09:46 - 00000830 _____ () C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2015-02-08 20:25 - 2012-12-29 22:35 - 00000000 ____D () C:\Program Files (x86)\Lexware
2015-02-08 20:25 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\Help
2015-02-08 20:23 - 2014-01-26 14:58 - 00000000 ____D () C:\Program Files (x86)\SQL Anywhere 12
2015-02-08 20:23 - 2012-12-29 22:35 - 00000000 ____D () C:\ProgramData\Lexware
2015-02-08 20:16 - 2012-04-12 09:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2015-02-08 20:15 - 2012-09-22 13:53 - 00000000 ____D () C:\Program Files (x86)\Canon
2015-02-08 19:50 - 2012-10-14 21:13 - 00000000 ____D () C:\Users\User\AppData\Local\CrashDumps
2015-02-08 14:36 - 2012-04-12 09:54 - 00000000 ____D () C:\ProgramData\WildTangent
2015-02-08 14:36 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-02-08 14:34 - 2012-04-12 09:47 - 00000000 ____D () C:\Program Files (x86)\Realtek
2015-02-08 14:34 - 2012-04-12 09:45 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-02-08 14:32 - 2012-04-12 09:47 - 00000000 ___HD () C:\Program Files (x86)\Temp
2015-02-08 14:13 - 2012-08-16 11:19 - 00113936 _____ () C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-08 14:11 - 2009-07-14 05:45 - 00423336 _____ () C:\windows\system32\FNTCACHE.DAT
2015-02-08 13:57 - 2013-05-22 12:58 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2015-02-08 13:47 - 2013-06-26 20:14 - 00000000 ____D () C:\Program Files (x86)\Wondershare
2015-02-08 13:43 - 2012-12-29 22:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexware
2015-02-08 09:46 - 2013-04-19 18:40 - 00000000 ____D () C:\Users\User\AppData\Local\Downloaded Installations
2015-02-08 09:46 - 2012-09-26 11:12 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-08 09:46 - 2012-09-07 15:25 - 00000000 ____D () C:\Users\User\AppData\Roaming\HpUpdate
2015-02-08 09:46 - 2012-09-03 21:29 - 00000000 ____D () C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2015-02-08 09:46 - 2012-08-28 20:57 - 00000000 ____D () C:\Users\User\AppData\Local\Microsoft Help
2015-02-08 09:36 - 2011-02-11 20:57 - 00000000 ____D () C:\windows\Panther
2015-02-08 09:26 - 2013-08-05 12:27 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avnetflt.sys
2015-02-08 09:26 - 2013-08-05 12:26 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys
2015-02-08 09:26 - 2013-08-05 12:26 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys
2015-02-07 10:03 - 2013-03-05 12:05 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-06 06:48 - 2012-09-06 08:36 - 00701616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-02-06 06:48 - 2012-09-06 08:36 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-06 06:48 - 2012-09-06 08:36 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-02-03 22:10 - 2012-11-07 16:32 - 00004106 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-03 22:10 - 2012-11-07 16:32 - 00003854 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-01-29 19:24 - 2012-11-07 16:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-01-18 19:21 - 2013-07-24 08:18 - 00000000 ____D () C:\windows\system32\MRT
2015-01-18 19:05 - 2012-08-17 11:01 - 113365784 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-01-18 17:52 - 2013-02-08 13:23 - 03725312 _____ () C:\Users\User\AppData\Local\wnc.db
2015-01-18 17:52 - 2013-02-08 13:23 - 00037745 _____ () C:\Users\User\Documents\WriteNCite.trace.log
2015-01-17 09:25 - 2013-02-08 13:23 - 01298339 _____ () C:\Users\User\AppData\Local\wnc.log.0
2015-01-17 09:24 - 2013-02-08 13:23 - 00000000 _____ () C:\Users\User\AppData\Local\wnc.log.0.lck

==================== Files in the root of some directories =======

2012-08-16 11:18 - 2012-08-16 11:19 - 0000046 _____ () C:\Users\User\AppData\Roaming\AbsoluteReminder.xml
2013-02-08 13:23 - 2015-01-18 17:52 - 3725312 _____ () C:\Users\User\AppData\Local\wnc.db
2013-02-08 13:23 - 2015-01-17 09:25 - 1298339 _____ () C:\Users\User\AppData\Local\wnc.log.0
2013-02-16 13:44 - 2013-08-22 15:51 - 0006129 _____ () C:\Users\User\AppData\Local\wnc.log.0.1
2013-02-16 13:44 - 2013-08-22 15:49 - 0000000 _____ () C:\Users\User\AppData\Local\wnc.log.0.1.lck
2013-02-08 13:23 - 2015-01-17 09:24 - 0000000 _____ () C:\Users\User\AppData\Local\wnc.log.0.lck
2013-02-08 13:23 - 2013-02-08 13:23 - 0000440 _____ () C:\Users\User\AppData\Local\wnc.properties
2012-09-03 17:59 - 2012-09-03 17:59 - 0000048 ____H () C:\ProgramData\ezsidmv.dat
2012-09-07 15:16 - 2013-07-17 12:29 - 0006419 _____ () C:\ProgramData\hpzinstall.log

Some content of TEMP:
====================
C:\Users\User\AppData\Local\Temp\avgnt.exe
C:\Users\User\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpa8ludy.dll
C:\Users\User\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpl2pm5v.dll
C:\Users\User\AppData\Local\Temp\Quarantine.exe
C:\Users\User\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-08 18:46

==================== End Of Log ============================

--- --- ---

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-02-2015
Ran by User at 2015-02-09 22:35:26
Running from C:\Users\User\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

„Windows Live Essentials“ (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
„Windows Live Mail“ (x32 Version: 15.4.3502.0922 - „Microsoft Corporation“) Hidden
„Windows Live Messenger“ (x32 Version: 15.4.3538.0513 - „Microsoft Corporation“) Hidden
„Windows Live“ fotogalerija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
2007 Microsoft Office system (HKLM-x32\...\PROHYBRIDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Avira (HKLM-x32\...\{bd538030-07d4-4999-a525-7fafa2483f56}) (Version: 1.1.30.21727 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.30.21727 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
CCleaner (HKLM\...\CCleaner) (Version: 3.28 - Piriform)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.5016 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKU\S-1-5-21-1365210169-2043555165-912279061-1000\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
Druckerdeinstallation für EPSON SX420W Series (HKLM\...\EPSON SX420W Series) (Version:  - SEIKO EPSON Corporation)
Easy File Share (HKLM-x32\...\{12F81925-F3C1-40DB-91F7-777817974319}) (Version: 1.2.4 - Samsung Electronics CO., LTD.)
Easy Migration (HKLM-x32\...\{EDE7A262-DB20-4432-A630-2ACEE186C416}) (Version: 1.0 - Samsung Electronics CO., LTD.)
Easy Settings (HKLM-x32\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 1.1 - Samsung Electronics CO., LTD.)
Easy Software Manager (HKLM-x32\...\{DE256D8B-D971-456D-BC02-CB64DA24F115}) (Version: 1.2.17.12 - Samsung Electronics CO., LTD.)
Easy Support Center (HKLM\...\{0738F5F1-8E70-49A6-8692-F5722E1E5A4D}) (Version: 1.2.23 - Samsung Electronics CO., LTD.)
E-POP (HKLM-x32\...\{F06DD8D9-9DC8-430C-835C-C9BF21E05CC1}) (Version: 1.0.1 - Samsung Electronics CO., LTD.)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION)
EpsonNet Setup 3.3 (HKLM-x32\...\{C9D8A041-2963-4B31-8FFC-1500F3DB9293}) (Version: 3.3b - SEIKO EPSON CORPORATION)
Fast Flash Sleep Resume (x32 Version: 1.0.19 - Samsung) Hidden
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Garmin Communicator Plugin (HKLM-x32\...\{032A13FF-D26D-4844-9597-7EF698627985}) (Version: 4.1.0 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin x64 (HKLM\...\{AFA301E1-B410-4F1B-B1C0-2E92FDCD94AD}) (Version: 4.1.0 - Garmin Ltd or its subsidiaries)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)
Google Drive (HKLM-x32\...\{65EACBB4-B0B8-4A5B-AE46-22DBE15C70B5}) (Version: 1.19.8406.6504 - Google, Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.1.0.001 - HTC Corporation)
HTC Sync Manager (HKLM-x32\...\{5002C5B1-B688-474A-AB3A-9B65DBD38FF9}) (Version: 2.0.52.0 - HTC)
Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.35342 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.2.1410 - Intel Corporation)
Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2618 - Intel Corporation)
Intel(R) PROSet/Wireless for Bluetooth(R) 3.0 + High Speed (HKLM\...\{2C0E6BD4-65B1-4E82-B2AC-43EFFC8F100C}) (Version: 15.0.0.0059 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{520C4DD4-2BC7-409B-BA48-E1A4F832662D}) (Version: 2.1.0.0140 - Intel Corporation)
Intel(R) Rapid Start Technology (HKLM-x32\...\3D073343-CEEB-4ce7-85AC-A69A7631B5D6) (Version: 1.0.0.1021 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.1.209 - Intel Corporation)
Intel(R) WiDi (HKLM-x32\...\{93F34C5C-ACAA-48F3-9B26-70359A117F12}) (Version: 3.0.12.0 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{DF7756DD-656A-45C3-BA71-74673E8259A9}) (Version: 15.00.0000.0642 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.8 - HTC)
Java 7 Update 6 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417006FF}) (Version: 7.0.60 - Oracle)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lexware Installations Dienst (HKLM-x32\...\{2388A683-06AA-4A2E-96B1-65E557E53D1D}) (Version: 2.00.00.0036 - Haufe-Lexware GmbH & Co.KG)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mein CEWE FOTOBUCH (HKLM-x32\...\Mein CEWE FOTOBUCH) (Version: 5.0.4 - CEWE COLOR AG u Co. OHG)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft – Speichern als PDF – Add-In für 2007 Microsoft Office-Programme (HKLM-x32\...\{90120000-00B0-0407-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [DEU] (HKLM-x32\...\{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Native Client (HKLM\...\{79A2C6E8-C727-4D12-B4B3-19790C181DEA}) (Version: 10.52.4000.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Setup (English) (HKLM\...\{C3525BF7-3698-4CD3-A8C3-69BD6F57BA3B}) (Version: 10.52.4000.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server Browser (HKLM-x32\...\{BF9BF038-FE03-429D-9B26-2FA0FD756052}) (Version: 10.52.4000.0 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{288D79EE-A2D1-42AF-9597-B0ADCC23A8ED}) (Version: 10.52.4000.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Mozilla Thunderbird 31.3.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.3.0 (x86 de)) (Version: 31.3.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Multimedia POP (HKLM-x32\...\{89515152-B92C-4E1C-8274-AD897985DE9F}) (Version: 1.1 - Samsung Electronics CO., LTD.)
PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.0 - pdfforge)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Samsung Recovery Solution 5 (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 5.0.2.6 - Samsung Electronics CO., LTD.)
Service Pack 2 for SQL Server 2008 R2 (KB2630458) (64-bit) (HKLM\...\KB2630458) (Version: 10.52.4000.0 - Microsoft Corporation)
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
Software Launcher (HKLM-x32\...\{B750B5C2-CC17-4967-905B-29F4EB986131}) (Version: 1.0.2 - Samsung Electronics CO., LTD.)
Spotify (HKU\S-1-5-21-1365210169-2043555165-912279061-1000\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
TAXMAN 2013 (HKLM-x32\...\{F289D934-2224-473B-B57E-0040D2693F83}) (Version: 19.07.00.0004 - Haufe-Lexware GmbH & Co.KG)
TAXMAN 2014 (HKLM-x32\...\{4A1C559D-38F6-49CF-BDA5-CF354FFE04E4}) (Version: 20.04.00.0003 - Haufe-Lexware GmbH & Co.KG)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
User Guide (HKLM-x32\...\{5EE414DC-70E2-47F4-B60D-5C3316A1DA0A}) (Version: 1.2 - )
VLC media player 2.0.3 (HKLM-x32\...\VLC media player) (Version: 2.0.3 - VideoLAN)
Windows Live 程式集 (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1365210169-2043555165-912279061-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1365210169-2043555165-912279061-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1365210169-2043555165-912279061-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1365210169-2043555165-912279061-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1365210169-2043555165-912279061-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1365210169-2043555165-912279061-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1365210169-2043555165-912279061-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1365210169-2043555165-912279061-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1365210169-2043555165-912279061-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

03-02-2015 22:21:14 Windows Update
07-02-2015 10:12:19 Windows Update
08-02-2015 13:37:54 TuneUp Utilities 2014 wird entfernt
08-02-2015 13:39:24 TuneUp Utilities 2014 (de-DE) wird entfernt
08-02-2015 13:42:22 Removed TAXMAN 2012.
08-02-2015 13:47:40 Removed IBM SPSS Statistics 20.
08-02-2015 13:49:22 Removed IBM SPSS Statistics 20.
08-02-2015 13:54:23 Removed Cuttermaran 1.70
08-02-2015 13:55:03 Removed iTunes
08-02-2015 13:58:00 Removed QuickTime
08-02-2015 13:59:31 Removed Apple Application Support
08-02-2015 14:00:34 Removed Geosense for Windows
08-02-2015 14:02:29 Removed Write-N-Cite.
08-02-2015 14:04:41 Removed Absolute Reminder
08-02-2015 14:06:31 Removed ExpressCache.
08-02-2015 14:33:27 Removed Realtek Ethernet Controller Driver
08-02-2015 20:15:39 Removed User Guide
08-02-2015 20:17:36 Removed Lexware Datenbank plus 2013.
08-02-2015 20:20:50 Removed Lexware reisekosten plus 2013.
08-02-2015 20:23:59 Removed Lexware Info Service.
08-02-2015 20:25:01 Removed Lexware online banking.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {114B90F0-AF00-4E9D-886F-6E6576AEFDAE} - System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe [2012-04-03] (Samsung Electronics Co., Ltd.)
Task: {14F500A4-AB0F-4383-BCDE-626C640B8D30} - System32\Tasks\MovieColorEnhancer => C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe [2012-01-31] (Samsung Electronics Co., Ltd.)
Task: {177075BE-C15C-487D-A9D7-456F7456C931} - System32\Tasks\{55CFD477-4871-4EDF-9DB1-CBC2076BA24E} => pcalua.exe -a C:\Users\User\Downloads\epson374999eu.exe -d C:\Users\User\Downloads
Task: {36519359-8423-4BD2-803F-B65CD1A2A622} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {394CB7D7-0799-47DC-BB41-8602BCE8E2A7} - System32\Tasks\FFSRConfigurer => C:\Program Files (x86)\Samsung\Fast Flash Sleep Resume\FFSRConfigurer.exe [2012-03-29] (Samsung)
Task: {396B284D-BF7D-4D14-AFCF-1458610B1F47} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-06] (Adobe Systems Incorporated)
Task: {3A4472E3-7891-47B9-B6BC-D89493ABDF07} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
Task: {3E7C3E55-C7CB-465C-A8C3-BFA114EE0F2B} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {41ADF3CC-A9EE-4806-A9DB-AF8340F82B1F} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {45441369-69EA-47A1-B088-17AC1D4143B8} - System32\Tasks\EasySupportCenter => C:\Program Files\Samsung\Easy Support Center\SamoyedAgent.exe [2012-04-19] (Samsung Electronics CO., LTD.)
Task: {564DA579-EFE2-45ED-9376-B71944ABB078} - System32\Tasks\WLANStartup => C:\Program Files (x86)\Samsung\Easy Settings\WLANStartup.exe [2012-04-03] (Samsung Electronics)
Task: {6133C906-F3A7-4516-A3C2-4E1DC899CE84} - System32\Tasks\EasyBatteryManager => C:\Program Files (x86)\Samsung\Easy Settings\EBM\EasyBatteryMgr4.exe [2011-11-18] (SAMSUNG Electronics co., LTD.)
Task: {6D1338E0-FA4A-45FE-8440-7E8D5D139866} - System32\Tasks\SCCSpeedBoot => C:\Program Files (x86)\Samsung\Easy Settings\SCCSpeedBoot.exe [2012-03-27] (Samsung Electronics Co., Ltd.)
Task: {7888AEAF-5DF1-4CE6-96FB-3F73393102CA} - System32\Tasks\Intel® Rapid Start Technology Manager => C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe [2012-02-06] (Intel)
Task: {78E67463-45A0-4923-B9E0-F2498E20F626} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {7B5A0EB6-C526-4E20-95C4-6655C556F840} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-02-16] (CyberLink)
Task: {84104818-BFE6-4B07-AE43-B246AC1CE493} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-07] (Google Inc.)
Task: {8EDDEB03-1F82-4047-87AA-AD1BF4553B06} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {A56A400A-E53D-41E9-BD5D-3EBEC2C10DC7} - System32\Tasks\Easy Software Manager Agent => C:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exe [2012-04-06] (Samsung Electronics CO., LTD.)
Task: {AB5704FF-8788-4C87-948D-1FECF4F84A88} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-02-19] (Piriform Ltd)
Task: {ACD3B2E8-5AB1-42D6-9785-BD2C2B54E8B4} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-09-26] (Oracle Corporation)
Task: {AD37742E-776F-4715-B947-FBEDA4E43F2E} - System32\Tasks\EasySpeedUpManager => C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe [2012-01-31] (Samsung Electronics)
Task: {C41B4925-F8C4-4D2D-9F7E-DBA4490821BB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-07] (Google Inc.)
Task: {CA174AFB-6101-4330-8297-8B2464BC5473} - System32\Tasks\advSRS5 => C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe [2012-01-28] (SEC)
Task: {CC9B7305-AAA6-434F-93B6-721F22635CEC} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {D2C96A0F-34AB-4A4A-8C98-1E68F7CC9D43} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {DA025B60-3345-4668-B805-CC6C99EC2F2D} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {DA27D27A-D373-4D51-9417-5D419E1CEA12} - System32\Tasks\SmartSetting => C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe [2012-03-27] (Samsung Electronics Co., Ltd.)
Task: {E694B5B1-68BF-4AE0-A4B4-6E854DC440E8} - System32\Tasks\Lexware-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Lexware\Update Manager\LxUpdateManager.exe
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe

==================== Loaded Modules (whitelisted) ==============

2012-04-12 09:45 - 2012-02-08 03:03 - 00128280 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
2013-04-03 12:29 - 2013-04-03 12:29 - 00169312 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
2012-12-07 17:27 - 2012-12-07 17:27 - 00167424 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2012-04-12 10:03 - 2012-02-13 07:02 - 00031624 _____ () C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe
2011-08-15 12:12 - 2011-08-15 12:12 - 02603520 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtCore4.dll
2011-08-15 12:15 - 2011-08-15 12:15 - 00382464 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtXml4.dll
2011-08-17 08:41 - 2011-08-17 08:41 - 00400384 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\sqlite3.dll
2011-08-17 08:48 - 2011-08-17 08:48 - 00322048 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\log4cplus.dll
2011-11-25 05:29 - 2011-11-25 05:29 - 00015872 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\featureController.dll
2011-08-15 12:12 - 2011-08-15 12:12 - 01006592 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtNetwork4.dll
2011-08-17 08:48 - 2011-08-17 08:48 - 00195584 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\libgsoap.dll
2011-08-15 11:23 - 2011-08-15 11:23 - 00062464 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\zlib1.dll
2011-11-25 05:28 - 2011-11-25 05:28 - 00484352 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\DeviceProfile.dll
2011-11-25 05:42 - 2011-11-25 05:42 - 00499976 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\plugin\PServerPlugin.dll
2011-11-25 05:26 - 2011-11-25 05:26 - 00013824 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\eventsSender.dll
2013-04-03 12:26 - 2013-04-03 12:26 - 00030056 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DbAccess.dll
2013-04-03 12:27 - 2013-04-03 12:27 - 00607376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\sqlite3.dll
2013-04-03 12:28 - 2013-04-03 12:28 - 00044392 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NAdvLog.dll
2013-04-03 12:28 - 2013-04-03 12:28 - 00036216 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NFileCacheDBAccess.dll
2013-04-03 12:29 - 2013-04-03 12:29 - 00080248 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\ninstallerhelper.dll
2013-04-03 12:37 - 2013-04-03 12:37 - 00223592 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DevConnMon.dll
2012-04-12 10:03 - 2006-08-12 04:48 - 00049152 _____ () C:\Program Files (x86)\Samsung\Easy Settings\HookDllPS2.dll
2012-04-12 10:03 - 2011-02-16 17:03 - 00203776 _____ () C:\Program Files (x86)\Samsung\Easy Settings\WinCRT.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00750080 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-02-09 22:09 - 2015-02-09 22:09 - 00043008 _____ () c:\users\user\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpa8ludy.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00047616 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\libEGL.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00863744 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00200704 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2015-02-09 22:08 - 2015-02-09 22:08 - 00098816 _____ () C:\Users\User\AppData\Local\Temp\_MEI28042\win32api.pyd
2015-02-09 22:08 - 2015-02-09 22:08 - 00110080 _____ () C:\Users\User\AppData\Local\Temp\_MEI28042\pywintypes27.dll
2015-02-09 22:08 - 2015-02-09 22:08 - 00364544 _____ () C:\Users\User\AppData\Local\Temp\_MEI28042\pythoncom27.dll
2015-02-09 22:08 - 2015-02-09 22:08 - 00045568 _____ () C:\Users\User\AppData\Local\Temp\_MEI28042\_socket.pyd
2015-02-09 22:08 - 2015-02-09 22:08 - 01160704 _____ () C:\Users\User\AppData\Local\Temp\_MEI28042\_ssl.pyd
2015-02-09 22:08 - 2015-02-09 22:08 - 00320512 _____ () C:\Users\User\AppData\Local\Temp\_MEI28042\win32com.shell.shell.pyd
2015-02-09 22:08 - 2015-02-09 22:08 - 00713216 _____ () C:\Users\User\AppData\Local\Temp\_MEI28042\_hashlib.pyd
2015-02-09 22:08 - 2015-02-09 22:08 - 01175040 _____ () C:\Users\User\AppData\Local\Temp\_MEI28042\wx._core_.pyd
2015-02-09 22:08 - 2015-02-09 22:08 - 00805888 _____ () C:\Users\User\AppData\Local\Temp\_MEI28042\wx._gdi_.pyd
2015-02-09 22:08 - 2015-02-09 22:08 - 00811008 _____ () C:\Users\User\AppData\Local\Temp\_MEI28042\wx._windows_.pyd
2015-02-09 22:08 - 2015-02-09 22:08 - 01062400 _____ () C:\Users\User\AppData\Local\Temp\_MEI28042\wx._controls_.pyd
2015-02-09 22:08 - 2015-02-09 22:08 - 00735232 _____ () C:\Users\User\AppData\Local\Temp\_MEI28042\wx._misc_.pyd
2015-02-09 22:08 - 2015-02-09 22:08 - 00557056 _____ () C:\Users\User\AppData\Local\Temp\_MEI28042\pysqlite2._sqlite.pyd
2015-02-09 22:08 - 2015-02-09 22:08 - 00128512 _____ () C:\Users\User\AppData\Local\Temp\_MEI28042\_elementtree.pyd
2015-02-09 22:08 - 2015-02-09 22:08 - 00127488 _____ () C:\Users\User\AppData\Local\Temp\_MEI28042\pyexpat.pyd
2015-02-09 22:08 - 2015-02-09 22:08 - 00087552 _____ () C:\Users\User\AppData\Local\Temp\_MEI28042\_ctypes.pyd
2015-02-09 22:08 - 2015-02-09 22:08 - 00119808 _____ () C:\Users\User\AppData\Local\Temp\_MEI28042\win32file.pyd
2015-02-09 22:08 - 2015-02-09 22:08 - 00108544 _____ () C:\Users\User\AppData\Local\Temp\_MEI28042\win32security.pyd
2015-02-09 22:08 - 2015-02-09 22:08 - 00007168 _____ () C:\Users\User\AppData\Local\Temp\_MEI28042\hashobjs_ext.pyd
2015-02-09 22:08 - 2015-02-09 22:08 - 00167936 _____ () C:\Users\User\AppData\Local\Temp\_MEI28042\win32gui.pyd
2015-02-09 22:08 - 2015-02-09 22:08 - 00018432 _____ () C:\Users\User\AppData\Local\Temp\_MEI28042\win32event.pyd
2015-02-09 22:08 - 2015-02-09 22:08 - 00038912 _____ () C:\Users\User\AppData\Local\Temp\_MEI28042\win32inet.pyd
2015-02-09 22:08 - 2015-02-09 22:08 - 00011264 _____ () C:\Users\User\AppData\Local\Temp\_MEI28042\win32crypt.pyd
2015-02-09 22:08 - 2015-02-09 22:08 - 00070656 _____ () C:\Users\User\AppData\Local\Temp\_MEI28042\wx._html2.pyd
2015-02-09 22:08 - 2015-02-09 22:08 - 00027136 _____ () C:\Users\User\AppData\Local\Temp\_MEI28042\_multiprocessing.pyd
2015-02-09 22:08 - 2015-02-09 22:08 - 00035840 _____ () C:\Users\User\AppData\Local\Temp\_MEI28042\win32process.pyd
2015-02-09 22:08 - 2015-02-09 22:08 - 00686080 _____ () C:\Users\User\AppData\Local\Temp\_MEI28042\unicodedata.pyd
2015-02-09 22:08 - 2015-02-09 22:08 - 00122368 _____ () C:\Users\User\AppData\Local\Temp\_MEI28042\wx._wizard.pyd
2015-02-09 22:08 - 2015-02-09 22:08 - 00024064 _____ () C:\Users\User\AppData\Local\Temp\_MEI28042\win32pipe.pyd
2015-02-09 22:08 - 2015-02-09 22:08 - 00025600 _____ () C:\Users\User\AppData\Local\Temp\_MEI28042\win32pdh.pyd
2015-02-09 22:08 - 2015-02-09 22:08 - 00525640 _____ () C:\Users\User\AppData\Local\Temp\_MEI28042\windows._lib_cacheinvalidation.pyd
2015-02-09 22:08 - 2015-02-09 22:08 - 00010240 _____ () C:\Users\User\AppData\Local\Temp\_MEI28042\select.pyd
2015-02-09 22:08 - 2015-02-09 22:08 - 00017408 _____ () C:\Users\User\AppData\Local\Temp\_MEI28042\win32profile.pyd
2015-02-09 22:08 - 2015-02-09 22:08 - 00022528 _____ () C:\Users\User\AppData\Local\Temp\_MEI28042\win32ts.pyd
2015-02-09 22:08 - 2015-02-09 22:08 - 00078336 _____ () C:\Users\User\AppData\Local\Temp\_MEI28042\wx._animate.pyd
2012-04-12 09:53 - 2011-09-08 11:40 - 01645056 _____ () C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll
2012-04-12 09:45 - 2012-02-08 02:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2015-02-07 10:03 - 2015-02-04 10:02 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libglesv2.dll
2015-02-07 10:03 - 2015-02-04 10:02 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libegl.dll
2015-02-07 10:03 - 2015-02-04 10:02 - 09170760 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\pdf.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Registry Areas =====================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1365210169-2043555165-912279061-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: ApplePhotoStreams => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BLEServicesCtrl => C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
MSCONFIG\startupreg: BTMTrayAgent => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
MSCONFIG\startupreg: com.apple.dav.bookmarks.daemon => C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
MSCONFIG\startupreg: ETDCtrl => %ProgramFiles%\Elantech\ETDCtrl.exe
MSCONFIG\startupreg: HotKeysCmds => C:\windows\system32\hkcmd.exe
MSCONFIG\startupreg: iCloudServices => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
MSCONFIG\startupreg: IgfxTray => C:\windows\system32\igfxtray.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LexwareInfoService => C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart
MSCONFIG\startupreg: Norton Online Backup => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
MSCONFIG\startupreg: Persistence => C:\windows\system32\igfxpers.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: Spotify => "C:\Users\User\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: USB3MON => "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"

==================== Accounts: =============================

Administrator (S-1-5-21-1365210169-2043555165-912279061-500 - Administrator - Disabled)
Gast (S-1-5-21-1365210169-2043555165-912279061-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1365210169-2043555165-912279061-1004 - Limited - Enabled)
User (S-1-5-21-1365210169-2043555165-912279061-1000 - Administrator - Enabled) => C:\Users\User

==================== Faulty Device Manager Devices =============

Name: Ethernet-Controller
Description: Ethernet-Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================
Error: (08/16/2013 03:24:27 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 20895 seconds with 2940 seconds of active time.  This session ended with a crash.

Error: (08/16/2013 11:05:01 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 4890 seconds with 3000 seconds of active time.  This session ended with a crash.

Error: (08/13/2013 09:59:39 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 6407 seconds with 4320 seconds of active time.  This session ended with a crash.

Error: (08/05/2013 00:21:44 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 13010 seconds with 2460 seconds of active time.  This session ended with a crash.

Error: (04/27/2013 08:04:36 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 27137 seconds with 10500 seconds of active time.  This session ended with a crash.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-3317U CPU @ 1.70GHz
Percentage of memory in use: 34%
Total physical RAM: 5925.54 MB
Available physical RAM: 3908.78 MB
Total Pagefile: 11849.25 MB
Available Pagefile: 9050.43 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:442.4 GB) (Free:347.45 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 97B4250C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=442.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=23.3 GB) - (Type=27)

========================================================
Disk: 1 (Size: 22.4 GB) (Disk ID: 74F02DEA)
Partition 1: (Not Active) - (Size=17.9 GB) - (Type=73)
Partition 2: (Not Active) - (Size=4.5 GB) - (Type=84)

==================== End Of Log ============================

cosinus · 09.02.2015, 22:57

FRST-Fix

Virenscanner jetzt bitte komplett deaktivieren, damit sichergestellt ist, dass der Fix sauber durchläuft!

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
FF Extension: No Name - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\a802c9ez.default\extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900}.xpi [Not Found]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
CHR HKU\S-1-5-21-1365210169-2043555165-912279061-1000\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
EmptyTemp:
Hosts:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Katharina_14 · 09.02.2015, 23:07

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-02-2015
Ran by User at 2015-02-09 23:05:49 Run:1
Running from C:\Users\User\Desktop
Loaded Profiles: User (Available profiles: User)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =  SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =  SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =  FF Extension: No Name - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\a802c9ez.default\extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900}.xpi [Not Found] FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found] CHR HKU\S-1-5-21-1365210169-2043555165-912279061-1000\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} EmptyTemp: Hosts:
*****************

HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.

==== End of Fixlog 23:05:49 ====

cosinus · 09.02.2015, 23:09

Du hast die Fixlist falsch erstellt, nämlich alles in eine Zeile gequetscht.
Der Fix wird dann nicht wie gewollt funktionieren. Mach es bitte nochmal richtig.

Katharina_14 · 09.02.2015, 23:24

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-02-2015
Ran by User at 2015-02-09 23:12:38 Run:2
Running from C:\Users\User\Desktop
Loaded Profiles: User (Available profiles: User)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
FF Extension: No Name - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\a802c9ez.default\extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900}.xpi [Not Found]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
CHR HKU\S-1-5-21-1365210169-2043555165-912279061-1000\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
EmptyTemp:
Hosts:
         
*****************

HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\a802c9ez.default\extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900}.xpi not found.
C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} not found.
"HKU\S-1-5-21-1365210169-2043555165-912279061-1000\SOFTWARE\Google\Chrome\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk" => Key deleted successfully.
C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} => Moved successfully.
"C:\Windows\System32\Drivers\etc\hosts" => Could not move.
Could not reset Hosts.
EmptyTemp: => Removed 460.5 MB temporary data.


The system needed a reboot. 

==== End of Fixlog 23:12:59 ====

cosinus · 09.02.2015, 23:27

Jetzt hast du offensichtlich den Virenscanner vor dem Fix nicht deaktiviert...

Katharina_14 · 09.02.2015, 23:39

...

Meine Konzentration lässt wohl langsam nach. Sorry.

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-02-2015
Ran by User at 2015-02-09 23:31:51 Run:3
Running from C:\Users\User\Desktop
Loaded Profiles: User (Available profiles: User)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
FF Extension: No Name - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\a802c9ez.default\extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900}.xpi [Not Found]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
CHR HKU\S-1-5-21-1365210169-2043555165-912279061-1000\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
EmptyTemp:
Hosts:
         
*****************

HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\a802c9ez.default\extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900}.xpi not found.
C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} not found.
"HKU\S-1-5-21-1365210169-2043555165-912279061-1000\SOFTWARE\Google\Chrome\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh" => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk => Key not found. 
"C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}" => File/Directory not found.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 33.2 MB temporary data.


The system needed a reboot. 

==== End of Fixlog 23:32:05 ====

cosinus · 09.02.2015, 23:47

Ist doch kein Problem

Okay, dann Kontrollscans mit MBAM und ESET bitte:

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Katharina_14 · 10.02.2015, 23:32

MBAM:

Code:

ATTFilter

QMalwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 10.02.2015
Suchlauf-Zeit: 07:42:45
Logdatei: MBAM.txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2015.02.10.06
Rootkit Datenbank: v2015.02.03.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: User

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 344277
Verstrichene Zeit: 30 Min, 20 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 0
(Keine schädliche Elemente erkannt)

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 0
(Keine schädliche Elemente erkannt)

Dateien: 0
(Keine schädliche Elemente erkannt)

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)

ESET:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=24fc57d772ca974a85264c6a8b290b9c
# engine=22404
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-02-10 10:13:29
# local_time=2015-02-10 11:13:29 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 217743 168158587 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 85424 175236259 0 0
# scanned=199065
# found=0
# cleaned=0
# scan_time=12495

09.02.2015, 23:09	#10
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Buzzdock Virus, Windows 7: MBAM, AdwCleaner, JRT, ESET bereits laufen lassen Du hast die Fixlist falsch erstellt, nämlich alles in eine Zeile gequetscht. Der Fix wird dann nicht wie gewollt funktionieren. Mach es bitte nochmal richtig. __________________ Logfiles bitte immer in CODE-Tags posten

09.02.2015, 23:27	#12
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Buzzdock Virus, Windows 7: MBAM, AdwCleaner, JRT, ESET bereits laufen lassen Jetzt hast du offensichtlich den Virenscanner vor dem Fix nicht deaktiviert... __________________ Logfiles bitte immer in CODE-Tags posten

Buzzdock Virus, Windows 7: MBAM, AdwCleaner, JRT, ESET bereits laufen lassen

Log-Analyse und Auswertung: Buzzdock Virus, Windows 7: MBAM, AdwCleaner, JRT, ESET bereits laufen lassen