Plagegeister aller Art und deren Bekämpfung: Chrome/Chromium: Öffnen mehrerer Tabs / Search-Conduit Startseite / Ask-Toolbar

Alt 16.02.2015, 09:00   #1
Chrome/Chromium: Öffnen mehrerer Tabs / Search-Conduit Startseite / Ask-Toolbar - Standard

Chrome/Chromium: Öffnen mehrerer Tabs / Search-Conduit Startseite / Ask-Toolbar

Hallo Zusammen,

nach Jahren der Aufmerksamkeit ist es passiert: Ich habe mir auf dem Chromium-Browser (zuvor Chrome, dort war es genau gleich) etwas eingefangen, das ich ohne fremde Hilfe nicht mehr los werde.

Wenn ich Chromium starte, werden 8-9 verschiedene Tabs geöffnet, darunter scheinbar ältere, die mal geöffnet waren, als auch die eigentlich von mir als Startseite angegebene Seite, als auch (gleich im ersten Tab) die Seite search-conduit.com, die dann nach 1 oder 2 Sekunden auf trovigo.com umgeleitet wird. Auf dieser Seite steht dann auch oben rechts "Ergebnisse ermittelt mit Aks-Toolbar".

Jetzt weiß ich nicht, ob ich mir tatsächlich auch die Ask-Toolbar eingefangen habe oder ob das ein grafisches Element dieser trovigo-Site ist. Denn bei den Browser-Erweiterungen finde ich weder die Ask-Toolbar noch irgendetwas mit "search conduit" oder "trovigo" im Namen!

Ich habe bereits Malwarebytes drüber laufen lassen, hat aber nichts gefunden. Es scheint sich auf dem Chrome/Chromium zu beschränken, im Firefox sieht alles normal aus.

Kann mir jemand helfen und mir eine Anleitung für die nächsten Schritte geben, bitte?

Vielen herzlichen Dank!


Alt 16.02.2015, 09:03   #2
/// the machine
/// TB-Ausbilder

Chrome/Chromium: Öffnen mehrerer Tabs / Search-Conduit Startseite / Ask-Toolbar - Standard

Chrome/Chromium: Öffnen mehrerer Tabs / Search-Conduit Startseite / Ask-Toolbar


Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)



Alt 16.02.2015, 16:21   #3
Chrome/Chromium: Öffnen mehrerer Tabs / Search-Conduit Startseite / Ask-Toolbar - Standard

Scan FRST.txt

FRST Logfile:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-02-2015
Ran by Bianca (administrator) on ACERNOTEBOOK on 16-02-2015 09:11:21
Running from C:\Users\Bianca\Downloads
Loaded Profiles: Bianca (Available profiles: Bianca)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(AVM GmbH) C:\Program Files (x86)\FRITZ!Powerline\PowerlineService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(CyberGhost S.R.L) C:\Program Files\CyberGhost 5\Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
(Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet Pro 8620\Bin\ScanToPCActivationApp.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Flexera Software LLC.) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Flexera Software LLC.) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(The Chromium Authors) C:\Users\Bianca\AppData\Local\Chromium\Application\chrome.exe
(The Chromium Authors) C:\Users\Bianca\AppData\Local\Chromium\Application\chrome.exe
(The Chromium Authors) C:\Users\Bianca\AppData\Local\Chromium\Application\chrome.exe
(The Chromium Authors) C:\Users\Bianca\AppData\Local\Chromium\Application\chrome.exe
(The Chromium Authors) C:\Users\Bianca\AppData\Local\Chromium\Application\chrome.exe
(The Chromium Authors) C:\Users\Bianca\AppData\Local\Chromium\Application\chrome.exe
(The Chromium Authors) C:\Users\Bianca\AppData\Local\Chromium\Application\chrome.exe
(The Chromium Authors) C:\Users\Bianca\AppData\Local\Chromium\Application\chrome.exe
(The Chromium Authors) C:\Users\Bianca\AppData\Local\Chromium\Application\chrome.exe
(The Chromium Authors) C:\Users\Bianca\AppData\Local\Chromium\Application\chrome.exe
(The Chromium Authors) C:\Users\Bianca\AppData\Local\Chromium\Application\chrome.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet Pro 8620\Bin\HPNetworkCommunicatorCom.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13538376 2013-05-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1307720 2013-04-24] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585928 2015-01-16] (NVIDIA Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3016432 2013-03-07] (Synaptics Incorporated)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-09] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707984 2013-10-10] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\isuspm.exe [2068856 2011-10-12] (Flexera Software LLC.)
HKLM-x32\...\Run: [Nuance PDF Reader-reminder] => C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe [333712 2012-10-11] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [402432 2010-07-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126712 2014-12-31] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2109952 2014-10-07] (Dominik Reichl)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [134784 2014-01-24] ( (Atheros Communications))
HKU\S-1-5-21-2634663036-1839342411-3565475702-1002\...\Run: [CyberGhost] => C:\Program Files\CyberGhost 5\CyberGhost.exe [404080 2014-06-12] (CyberGhost S.R.L.)
HKU\S-1-5-21-2634663036-1839342411-3565475702-1002\...\Run: [HP Officejet Pro 8620 (NET)] => C:\Program Files\HP\HP Officejet Pro 8620\Bin\ScanToPCActivationApp.exe [3487240 2014-07-21] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-2634663036-1839342411-3565475702-1002\...\MountPoints2: {25b1ff5a-35b4-11e4-be88-a4db304279f9} - "D:\HiSuiteDownLoader.exe" 
HKU\S-1-5-21-2634663036-1839342411-3565475702-1002\...\MountPoints2: {ec3db3bf-b51a-11e4-bea0-a4db304279f9} - "E:\AutoRun.exe" 
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [177624 2015-01-10] (NVIDIA Corporation)
AppInit_DLLs: ,C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [177624 2015-01-10] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [164568 2015-01-10] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-2634663036-1839342411-3565475702-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer13.msn.com
HKU\S-1-5-21-2634663036-1839342411-3565475702-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2634663036-1839342411-3565475702-1002 -> {7DFA3630-0A26-423A-BB4C-0101F29E4D9B} URL = 
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: No Name -> {609D670F-B735-4da7-AC6D-F3BD358E325E} ->  No File
BHO-x32: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Tcpip\Parameters: [DhcpNameServer]

FF ProfilePath: C:\Users\Bianca\AppData\Roaming\Mozilla\Firefox\Profiles\9lrxnix3.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.20 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
FF Extension: ColorZilla - C:\Users\Bianca\AppData\Roaming\Mozilla\Firefox\Profiles\9lrxnix3.default\Extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326} [2014-10-24]
FF Extension: Add to Amazon Wish List Button - C:\Users\Bianca\AppData\Roaming\Mozilla\Firefox\Profiles\9lrxnix3.default\Extensions\amznUWL2@amazon.com.xpi [2014-08-03]
FF Extension: LEOs Dictionaries - C:\Users\Bianca\AppData\Roaming\Mozilla\Firefox\Profiles\9lrxnix3.default\Extensions\contextMenuExtension@leo.org.xpi [2014-10-30]
FF Extension: Integrated Google Calendar - C:\Users\Bianca\AppData\Roaming\Mozilla\Firefox\Profiles\9lrxnix3.default\Extensions\intgcal@egarracingteam.com.ar.xpi [2014-08-04]
FF Extension: Vlc Kontextmenü - C:\Users\Bianca\AppData\Roaming\Mozilla\Firefox\Profiles\9lrxnix3.default\Extensions\vlcplaylist@helgatauscher.de.xpi [2014-10-01]
FF Extension: Screengrab  (fix version) - C:\Users\Bianca\AppData\Roaming\Mozilla\Firefox\Profiles\9lrxnix3.default\Extensions\{02450914-cdd9-410f-b1da-db004e18c671}.xpi [2014-09-07]
FF Extension: Leo Search - C:\Users\Bianca\AppData\Roaming\Mozilla\Firefox\Profiles\9lrxnix3.default\Extensions\{c666c018-6409-4479-afa3-68e4129e7eff}.xpi [2014-10-30]
FF Extension: Adblock Plus - C:\Users\Bianca\AppData\Roaming\Mozilla\Firefox\Profiles\9lrxnix3.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-08-04]
FF Extension: DownThemAll! - C:\Users\Bianca\AppData\Roaming\Mozilla\Firefox\Profiles\9lrxnix3.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2014-08-04]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: No Name - C:\Program Files\McAfee\MSK [2013-08-02]

CHR HomePage: Profile 1 -> hxxp://fritz.box/
CHR StartupUrls: Profile 1 -> "hxxp://search.conduit.com/?ctid=CT3319402&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP49211F28-4E79-4E02-ABF6-EFAC322B14C9&SSPV=", "hxxp://www.computerbase.de/forum/showthread.php?t=672421", "hxxp://productforums.google.com/forum/#!topic/chrome-de/-IEipyir7s0", "https://productforums.google.com/forum/?fromgroups=#!topic/chrome-de/-IEipyir7s0", "hxxp://forum.chip.de/router-modem/internetabbrueche-1704573-page2.html", "hxxp://forum.chip.de/dsl-w-lan-lan/w-lan-ominoese-internetabbrueche-trotz-guter-verbindung-1511768.html", "hxxp://www.google.de/"
CHR DefaultSearchKeyword: Profile 1 -> startpage.com_
CHR DefaultSearchURL: Profile 1 -> https://startpage.com/do/search?query={searchTerms}&cat=web&pl=chrome&language=deutsch
CHR DefaultSuggestURL: Profile 1 -> https://startpage.com/cgi-bin/csuggest?output=json&pl=chrome&lang=deutsch&query={searchTerms}
CHR Profile: C:\Users\Bianca\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Bianca\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-08]
CHR Extension: (Google Drive) - C:\Users\Bianca\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-08]
CHR Extension: (YouTube) - C:\Users\Bianca\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-08]
CHR Extension: (Google-Suche) - C:\Users\Bianca\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-08]
CHR Extension: (Google Wallet) - C:\Users\Bianca\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-08]
CHR Extension: (Google Mail) - C:\Users\Bianca\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-08]
CHR Profile: C:\Users\Bianca\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Docs) - C:\Users\Bianca\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-22]
CHR Extension: (Google Drive) - C:\Users\Bianca\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-22]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Bianca\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-29]
CHR Extension: (Global Map) - C:\Users\Bianca\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\biabadelbimllanaekjkipoflfdpihba [2014-06-22]
CHR Extension: (YouTube) - C:\Users\Bianca\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-22]
CHR Extension: (Google Cast) - C:\Users\Bianca\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-06-22]
CHR Extension: (Webseiten-Screenshot - Webpage Screenshot) - C:\Users\Bianca\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ckibcdccnfeookdmbahgiakhnjcddpki [2014-06-22]
CHR Extension: (Google-Suche) - C:\Users\Bianca\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-22]
CHR Extension: (FullContact (beta)) - C:\Users\Bianca\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ddgjmcgnlpnolanedjohjkfelpmepiob [2014-06-22]
CHR Extension: (Awesome Color Picker) - C:\Users\Bianca\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\flkdgmgdgnpdecpaaoggnbjcdmbnagbj [2014-06-22]
CHR Extension: (HTTPS Everywhere) - C:\Users\Bianca\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2014-06-22]
CHR Extension: (AdBlock) - C:\Users\Bianca\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-06-22]
CHR Extension: (Drive Notepad) - C:\Users\Bianca\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gpgjomejfimnbmobcocilppikhncegaj [2014-06-22]
CHR Extension: (feedly) - C:\Users\Bianca\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hipbfijinpcgfogaopmgehiegacbhmob [2014-06-22]
CHR Extension: (Disconnect Search) - C:\Users\Bianca\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hmobfennjmjnkdbklhcnnfbhfibedgkk [2014-06-22]
CHR Extension: (Google Play Music) - C:\Users\Bianca\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg [2014-06-22]
CHR Extension: (Disconnect) - C:\Users\Bianca\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo [2014-06-22]
CHR Extension: (Evernote Web) - C:\Users\Bianca\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2014-06-22]
CHR Extension: (Google Wallet) - C:\Users\Bianca\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-22]
CHR Extension: (chromeIPass) - C:\Users\Bianca\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ompiailgknfdndiefoaoiligalphfdae [2014-06-22]
CHR Extension: (cronsync) - C:\Users\Bianca\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pbngjmgfclegmldmnjbfbgpphbaakjnk [2014-06-22]
CHR Extension: (Page Monitor) - C:\Users\Bianca\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pemhgklkefakciniebenbfclihhmmfcd [2014-06-22]
CHR Extension: (Google Mail) - C:\Users\Bianca\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-22]
CHR HKLM-x32\...\Chrome\Extension: [ohgndokldibnndfnjnagojmheejlengn] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-09] (Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [319104 2014-01-24] (Windows (R) Win 7 DDK provider)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [178424 2014-12-31] (Avira Operations GmbH & Co. KG)
R2 AVMPowerlineService; C:\Program Files (x86)\FRITZ!Powerline\PowerlineService.exe [139264 2014-05-21] (AVM GmbH) [File not signed]
R2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [64624 2014-06-12] (CyberGhost S.R.L)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [660040 2013-01-18] (Acer Incorporated)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-03-20] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-03-20] (Intel Corporation)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [431656 2013-04-26] (Acer Incorporate)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1335344 2014-01-23] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [856112 2014-01-23] (pdfforge GmbH)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3881984 2014-01-06] (Qualcomm Atheros Communications, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-07] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131608 2014-10-07] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG)
S3 BrSerId; C:\Windows\system32\DRIVERS\BrSerId.sys [290816 2012-03-27] (Brother Industries Ltd.) [File not signed]
S3 BrUsbSer; C:\Windows\system32\DRIVERS\BrUsbSer.sys [14720 2011-07-18] (Brother Industries Ltd.) [File not signed]
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-01-24] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-01-10] (Acer Incorporated)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-12-19] (Intel Corporation)
S3 QRDCIO; C:\Windows\System32\drivers\QRDCIO.sys [9728 2009-10-20] (QUANTA)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [15704 2013-01-10] (Acer Incorporated)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [455240 2013-03-05] (RTS Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31984 2013-03-07] (Synaptics Incorporated)
S3 vpnva; C:\Windows\system32\DRIVERS\vpnva64-6.sys [52080 2013-10-10] (Cisco Systems, Inc.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S3 WUDFWpdComp; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)
S4 nvvad_WaveExtensible; \SystemRoot\system32\drivers\nvvad64v.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-16 09:11 - 2015-02-16 09:11 - 00025654 _____ () C:\Users\Bianca\Downloads\FRST.txt
2015-02-16 09:11 - 2015-02-16 09:11 - 00000000 ____D () C:\FRST
2015-02-16 09:10 - 2015-02-16 09:10 - 02085888 _____ (Farbar) C:\Users\Bianca\Downloads\FRST64.exe
2015-02-16 08:29 - 2015-02-16 08:29 - 00276372 _____ () C:\Users\Bianca\Downloads\ASK_Remover.zip
2015-02-16 08:29 - 2015-02-16 08:29 - 00000000 ____D () C:\Users\Bianca\Downloads\ASK_Remover
2015-02-16 08:25 - 2015-02-16 08:25 - 00002790 _____ () C:\WINDOWS\PFRO.log
2015-02-16 08:25 - 2015-02-16 08:25 - 00000077 _____ () C:\WINDOWS\setupact.log
2015-02-16 08:25 - 2015-02-16 08:25 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-02-16 08:18 - 2015-02-16 08:24 - 00000000 ____D () C:\AdwCleaner
2015-02-16 08:18 - 2015-02-16 08:18 - 02112512 _____ () C:\Users\Bianca\Downloads\adwcleaner_4.110.exe
2015-02-16 07:49 - 2015-02-16 07:49 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-02-16 07:49 - 2015-02-16 07:49 - 00001122 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-02-16 07:49 - 2015-02-16 07:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-02-16 07:49 - 2015-02-16 07:49 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-16 07:49 - 2015-02-16 07:49 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-02-16 07:49 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-02-16 07:49 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-02-16 07:49 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-02-16 07:46 - 2015-02-16 07:47 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Bianca\Downloads\mbam-setup-
2015-02-16 07:45 - 2015-02-16 07:45 - 00001288 _____ () C:\Users\Bianca\Desktop\Revo Uninstaller.lnk
2015-02-16 07:45 - 2015-02-16 07:45 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-02-16 07:44 - 2015-02-16 07:44 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Bianca\Downloads\revosetup95.exe
2015-02-16 07:20 - 2015-02-16 08:17 - 00000000 ____D () C:\Users\Bianca\Documents\Anki
2015-02-16 07:20 - 2015-02-16 07:20 - 00000770 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anki.lnk
2015-02-16 07:20 - 2015-02-16 07:20 - 00000758 _____ () C:\Users\Bianca\Desktop\Anki.lnk
2015-02-16 07:20 - 2015-02-16 07:20 - 00000000 ____D () C:\Program Files (x86)\Anki
2015-02-16 07:19 - 2015-02-16 07:20 - 23232740 _____ () C:\Users\Bianca\Downloads\anki-2.0.31.exe
2015-02-16 06:53 - 2015-02-16 06:53 - 00002774 _____ () C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2015-02-16 06:53 - 2015-02-16 06:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-02-16 06:53 - 2015-02-16 06:53 - 00000000 ____D () C:\Program Files\CCleaner
2015-02-16 06:52 - 2015-02-16 06:52 - 05325208 _____ (Piriform Ltd) C:\Users\Bianca\Downloads\ccsetup502.exe
2015-02-16 06:47 - 2015-02-16 06:47 - 00002332 _____ () C:\Users\Bianca\Desktop\Chromium.lnk
2015-02-16 06:47 - 2015-02-16 06:47 - 00000000 ____D () C:\Users\Bianca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromium
2015-02-16 06:47 - 2015-02-16 06:47 - 00000000 ____D () C:\Users\Bianca\AppData\Local\Chromium
2015-02-16 06:46 - 2015-02-16 06:46 - 41162752 _____ (The Chromium Authors) C:\Users\Bianca\Downloads\chromium_setup.exe
2015-02-15 17:37 - 2015-02-15 17:37 - 00001187 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zotero Standalone.lnk
2015-02-15 17:37 - 2015-02-15 17:37 - 00001175 _____ () C:\Users\Public\Desktop\Zotero Standalone.lnk
2015-02-15 17:37 - 2015-02-15 17:37 - 00000000 ____D () C:\Users\Bianca\AppData\Roaming\Zotero
2015-02-15 17:37 - 2015-02-15 17:37 - 00000000 ____D () C:\Users\Bianca\AppData\Local\Zotero
2015-02-15 17:37 - 2015-02-15 17:37 - 00000000 ____D () C:\Program Files (x86)\Zotero Standalone
2015-02-15 17:24 - 2015-02-15 17:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.3
2015-02-15 17:23 - 2015-02-15 17:24 - 00000000 ____D () C:\Program Files (x86)\LibreOffice 4
2015-02-15 17:19 - 2015-02-15 17:32 - 34662667 _____ () C:\Users\Bianca\Downloads\torbrowser-install-4.0.3_de.exe
2015-02-15 17:18 - 2015-02-15 17:20 - 225890304 _____ () C:\Users\Bianca\Downloads\LibreOffice_4.3.5_Win_x86.msi
2015-02-15 16:41 - 2015-02-15 16:41 - 00001137 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePass 2.lnk
2015-02-15 16:41 - 2015-02-15 16:41 - 00001125 _____ () C:\Users\Bianca\Desktop\KeePass 2.lnk
2015-02-15 16:41 - 2015-02-15 16:41 - 00000000 ____D () C:\Program Files (x86)\KeePass Password Safe 2
2015-02-15 16:13 - 2014-04-14 04:29 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2015-02-15 16:09 - 2014-04-16 00:35 - 00028352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll
2015-02-15 16:09 - 2014-04-16 00:34 - 00029888 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
2015-02-15 14:47 - 2015-02-15 16:44 - 00017278 _____ () C:\Users\Bianca\Documents\KeePassDatenbank_20141031.kdbx
2015-02-15 14:33 - 2015-02-15 14:39 - 00000000 ____D () C:\BIANCABENDER
2015-02-15 14:06 - 2015-01-15 23:43 - 00563504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-02-15 14:06 - 2015-01-15 23:43 - 00177984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-02-15 14:06 - 2015-01-14 05:22 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-02-15 14:06 - 2015-01-14 04:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-02-15 14:06 - 2014-11-17 21:17 - 00672984 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2015-02-15 14:06 - 2014-11-14 07:46 - 02171904 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll
2015-02-15 14:06 - 2014-11-14 07:46 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2015-02-15 14:06 - 2014-11-14 07:39 - 02819584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2015-02-15 14:06 - 2014-11-14 05:53 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2015-02-15 14:06 - 2014-10-29 03:51 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll
2015-02-15 14:06 - 2014-10-29 03:50 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2015-02-15 14:06 - 2014-10-29 03:06 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2015-02-15 14:06 - 2014-10-29 03:06 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll
2015-02-15 14:06 - 2014-10-29 02:31 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-02-15 14:06 - 2014-04-08 23:46 - 00086688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mrt_map.dll
2015-02-15 14:06 - 2014-04-08 23:46 - 00028320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mrt100.dll
2015-02-15 14:06 - 2014-04-08 19:54 - 00080032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mrt_map.dll
2015-02-15 14:06 - 2014-04-08 19:54 - 00026784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mrt100.dll
2015-02-15 14:05 - 2015-01-13 23:11 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-02-15 14:05 - 2015-01-13 23:04 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-02-15 14:05 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-02-15 14:05 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-02-15 14:05 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-02-15 14:05 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-02-15 14:05 - 2015-01-12 03:34 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-02-15 14:05 - 2015-01-12 03:32 - 06041088 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-02-15 14:05 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-02-15 14:05 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-02-15 14:05 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-02-15 14:05 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-02-15 14:05 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-02-15 14:05 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-02-15 14:05 - 2015-01-12 02:58 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-02-15 14:05 - 2015-01-12 02:55 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-02-15 14:05 - 2015-01-12 02:51 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-02-15 14:05 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-02-15 14:05 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-02-15 14:05 - 2015-01-12 02:48 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-02-15 14:05 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-02-15 14:05 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2015-02-15 14:05 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-02-15 14:05 - 2015-01-12 02:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-02-15 14:05 - 2015-01-12 02:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-02-15 14:05 - 2015-01-12 02:29 - 04300800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-02-15 14:05 - 2015-01-12 02:27 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-02-15 14:05 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-02-15 14:05 - 2015-01-12 02:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-02-15 14:05 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-02-15 14:05 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-02-15 14:05 - 2015-01-12 02:23 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-02-15 14:05 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-02-15 14:05 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-02-15 14:05 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-02-15 14:05 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-02-15 14:05 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-02-15 14:05 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-02-15 14:05 - 2015-01-10 10:10 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-02-15 14:05 - 2015-01-10 10:10 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-02-15 14:05 - 2015-01-10 09:28 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-02-15 14:05 - 2015-01-10 09:22 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-02-15 14:05 - 2015-01-10 08:00 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-02-15 14:05 - 2015-01-10 07:38 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-02-15 14:05 - 2014-12-09 04:45 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll
2015-02-15 14:05 - 2014-12-09 02:56 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2015-02-15 14:05 - 2014-11-17 21:17 - 00273240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2015-02-15 14:05 - 2014-11-15 20:05 - 00801584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2015-02-15 14:05 - 2014-11-15 07:29 - 00962216 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2015-02-15 14:05 - 2014-11-14 15:36 - 00055776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-02-15 14:05 - 2014-11-14 08:10 - 03558400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-02-15 14:05 - 2014-11-14 07:58 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsDatabase.dll
2015-02-15 14:05 - 2014-11-14 07:58 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-02-15 14:05 - 2014-11-14 07:57 - 01027584 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-02-15 14:05 - 2014-11-14 07:57 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-02-15 14:05 - 2014-11-14 07:54 - 00463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2015-02-15 14:05 - 2014-11-14 07:54 - 00407552 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-02-15 14:05 - 2014-11-14 07:54 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-02-15 14:05 - 2014-11-14 07:53 - 00894976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-02-15 14:05 - 2014-11-14 07:52 - 01714176 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-02-15 14:05 - 2014-11-14 06:04 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-02-15 14:05 - 2014-11-14 06:03 - 00885760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-02-15 14:05 - 2014-11-14 06:03 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-02-15 14:05 - 2014-11-14 06:01 - 00723968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-02-15 14:05 - 2014-11-14 06:01 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-02-15 14:05 - 2014-11-11 01:39 - 22290560 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-02-15 14:05 - 2014-11-11 01:17 - 19731824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-02-15 14:05 - 2014-11-10 19:06 - 02485056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2015-02-15 14:05 - 2014-11-10 19:06 - 00473408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2015-02-15 14:05 - 2014-11-10 19:06 - 00428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2015-02-15 14:05 - 2014-11-10 19:06 - 00136512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2015-02-15 14:05 - 2014-11-10 03:57 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\agilevpn.sys
2015-02-15 14:05 - 2014-11-10 02:37 - 00845312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2015-02-15 14:05 - 2014-11-10 02:34 - 01084416 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2015-02-15 14:05 - 2014-11-10 02:26 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2015-02-15 14:05 - 2014-11-10 02:20 - 00420864 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2015-02-15 14:05 - 2014-11-10 02:09 - 00272384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2015-02-15 14:05 - 2014-11-10 02:08 - 00702464 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2015-02-15 14:05 - 2014-11-10 02:06 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2015-02-15 14:05 - 2014-11-10 01:57 - 00624640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2015-02-15 14:05 - 2014-11-10 01:57 - 00561664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2015-02-15 14:05 - 2014-11-08 11:42 - 01390928 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2015-02-15 14:05 - 2014-11-08 11:23 - 01127976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2015-02-15 14:05 - 2014-11-08 05:00 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndproxy.sys
2015-02-15 14:05 - 2014-11-08 05:00 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndistapi.sys
2015-02-15 14:05 - 2014-11-08 04:58 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasl2tp.sys
2015-02-15 14:05 - 2014-11-08 04:58 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
2015-02-15 14:05 - 2014-11-08 04:56 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\kmddsp.tsp
2015-02-15 14:05 - 2014-11-08 04:56 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmxs.dll
2015-02-15 14:05 - 2014-11-08 04:56 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasser.dll
2015-02-15 14:05 - 2014-11-08 04:24 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdiag.dll
2015-02-15 14:05 - 2014-11-08 04:13 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kmddsp.tsp
2015-02-15 14:05 - 2014-11-08 04:13 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasmxs.dll
2015-02-15 14:05 - 2014-11-08 04:13 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasser.dll
2015-02-15 14:05 - 2014-11-08 03:48 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdiag.dll
2015-02-15 14:05 - 2014-11-08 03:38 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2015-02-15 14:05 - 2014-11-08 03:17 - 00143360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2015-02-15 14:05 - 2014-11-08 03:09 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascfg.dll
2015-02-15 14:05 - 2014-11-08 03:03 - 00733696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2015-02-15 14:05 - 2014-11-08 02:59 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rascfg.dll
2015-02-15 14:05 - 2014-11-08 02:58 - 04837376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2015-02-15 14:05 - 2014-11-08 02:49 - 01154048 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2015-02-15 14:05 - 2014-11-07 04:58 - 00952896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2015-02-15 14:05 - 2014-11-07 04:20 - 00786120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2015-02-15 14:05 - 2014-11-05 03:12 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\QSHVHOST.DLL
2015-02-15 14:05 - 2014-11-05 03:12 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\QSVRMGMT.DLL
2015-02-15 14:05 - 2014-11-05 03:06 - 00514048 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2015-02-15 14:05 - 2014-11-05 02:44 - 00657920 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2015-02-15 14:05 - 2014-11-05 02:43 - 00252416 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2015-02-15 14:05 - 2014-11-05 02:41 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
2015-02-15 14:05 - 2014-11-05 02:39 - 00155648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\QSHVHOST.DLL
2015-02-15 14:05 - 2014-11-05 02:39 - 00094208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\QSVRMGMT.DLL
2015-02-15 14:05 - 2014-11-05 02:33 - 00465408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2015-02-15 14:05 - 2014-11-05 02:21 - 00658432 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDApi.dll
2015-02-15 14:05 - 2014-11-05 02:20 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2015-02-15 14:05 - 2014-11-05 02:18 - 00507392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll
2015-02-15 14:05 - 2014-11-05 02:14 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDMon.dll
2015-02-15 14:05 - 2014-11-05 02:06 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSDApi.dll
2015-02-15 14:05 - 2014-11-04 20:33 - 00058176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2015-02-15 14:05 - 2014-11-04 20:25 - 00059712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdclass.sys
2015-02-15 14:05 - 2014-11-04 20:25 - 00051008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouclass.sys
2015-02-15 14:05 - 2014-11-04 07:55 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sermouse.sys
2015-02-15 14:05 - 2014-11-04 07:54 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\i8042prt.sys
2015-02-15 14:05 - 2014-11-04 07:54 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdhid.sys
2015-02-15 14:05 - 2014-11-04 07:54 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouhid.sys
2015-02-15 14:05 - 2014-11-04 07:27 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\splwow64.exe
2015-02-15 14:05 - 2014-11-04 06:01 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2015-02-15 14:05 - 2014-10-31 01:51 - 18823168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-02-15 14:05 - 2014-10-31 01:10 - 15158784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-02-15 14:05 - 2014-10-31 00:39 - 01970432 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2015-02-15 14:05 - 2014-10-31 00:38 - 01612992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2015-02-15 14:05 - 2014-10-29 04:05 - 00551232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2015-02-15 14:05 - 2014-10-29 03:02 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-02-15 14:05 - 2014-10-29 03:02 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-02-15 14:05 - 2014-10-29 02:57 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
2015-02-15 14:05 - 2014-10-29 02:55 - 00242176 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2015-02-15 14:05 - 2014-10-29 02:15 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2015-02-15 14:05 - 2014-10-29 02:15 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll
2015-02-15 14:05 - 2014-10-29 02:14 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe
2015-02-15 14:05 - 2014-10-29 02:13 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
2015-02-15 14:05 - 2014-10-29 02:13 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe
2015-02-15 14:05 - 2014-10-29 02:13 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe
2015-02-15 14:05 - 2014-10-26 23:10 - 00390841 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-02-15 14:05 - 2014-10-21 02:59 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\eventcls.dll
2015-02-15 14:05 - 2014-10-21 02:19 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eventcls.dll
2015-02-15 14:05 - 2014-10-21 01:50 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\vsstrace.dll
2015-02-15 14:05 - 2014-10-21 01:31 - 01574400 _____ (Microsoft Corporation) C:\WINDOWS\system32\vssapi.dll
2015-02-15 14:05 - 2014-10-21 01:31 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vsstrace.dll
2015-02-15 14:05 - 2014-10-21 01:30 - 01454080 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe
2015-02-15 14:05 - 2014-10-21 01:20 - 01142272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vssapi.dll
2015-02-15 14:05 - 2014-10-18 09:09 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2015-02-15 14:05 - 2014-10-18 09:09 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-02-15 14:05 - 2014-10-18 08:25 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2015-02-15 14:05 - 2014-10-18 07:50 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaext.dll
2015-02-15 14:05 - 2014-10-17 05:56 - 00238912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2015-02-15 14:05 - 2014-10-17 05:56 - 00153920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2015-02-15 14:05 - 2014-10-17 05:56 - 00039744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2015-02-15 14:05 - 2014-10-17 04:35 - 00086336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2015-01-30 11:19 - 2015-02-15 13:55 - 00000000 ____D () C:\WINDOWS\SysWOW64\NV
2015-01-30 11:19 - 2015-02-15 13:55 - 00000000 ____D () C:\WINDOWS\system32\NV
2015-01-30 11:17 - 2015-01-10 00:30 - 06860432 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2015-01-30 11:17 - 2015-01-10 00:30 - 03517256 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2015-01-30 11:17 - 2015-01-10 00:29 - 02558608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2015-01-30 11:17 - 2015-01-10 00:29 - 01097872 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2015-01-30 11:17 - 2015-01-10 00:29 - 00935056 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2015-01-30 11:17 - 2015-01-10 00:29 - 00385352 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2015-01-30 11:17 - 2015-01-10 00:29 - 00075080 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2015-01-30 11:17 - 2015-01-10 00:29 - 00062608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2015-01-30 11:17 - 2015-01-09 20:47 - 04173527 _____ () C:\WINDOWS\system32\nvcoproc.bin
2015-01-26 14:38 - 2015-01-10 09:07 - 32102544 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2015-01-26 14:38 - 2015-01-10 09:07 - 25459856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2015-01-26 14:38 - 2015-01-10 09:07 - 24765584 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2015-01-26 14:38 - 2015-01-10 09:07 - 20465296 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2015-01-26 14:38 - 2015-01-10 09:07 - 18566296 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2015-01-26 14:38 - 2015-01-10 09:07 - 17250776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2015-01-26 14:38 - 2015-01-10 09:07 - 16009120 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2015-01-26 14:38 - 2015-01-10 09:07 - 14115944 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll
2015-01-26 14:38 - 2015-01-10 09:07 - 13295552 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2015-01-26 14:38 - 2015-01-10 09:07 - 13210248 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2015-01-26 14:38 - 2015-01-10 09:07 - 10774544 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2015-01-26 14:38 - 2015-01-10 09:07 - 10714488 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2015-01-26 14:38 - 2015-01-10 09:07 - 10274448 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2015-01-26 14:38 - 2015-01-10 09:07 - 03607184 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2015-01-26 14:38 - 2015-01-10 09:07 - 03298816 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2015-01-26 14:38 - 2015-01-10 09:07 - 03245712 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2015-01-26 14:38 - 2015-01-10 09:07 - 02902456 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2015-01-26 14:38 - 2015-01-10 09:07 - 01895240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6434725.dll
2015-01-26 14:38 - 2015-01-10 09:07 - 01556808 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6434725.dll
2015-01-26 14:38 - 2015-01-10 09:07 - 00994712 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvumdshimx.dll
2015-01-26 14:38 - 2015-01-10 09:07 - 00969360 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2015-01-26 14:38 - 2015-01-10 09:07 - 00942736 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2015-01-26 14:38 - 2015-01-10 09:07 - 00929424 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2015-01-26 14:38 - 2015-01-10 09:07 - 00906384 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2015-01-26 14:38 - 2015-01-10 09:07 - 00877488 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvumdshim.dll
2015-01-26 14:38 - 2015-01-10 09:07 - 00496456 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2015-01-26 14:38 - 2015-01-10 09:07 - 00399688 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2015-01-26 14:38 - 2015-01-10 09:07 - 00390472 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2015-01-26 14:38 - 2015-01-10 09:07 - 00353040 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll
2015-01-26 14:38 - 2015-01-10 09:07 - 00345744 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2015-01-26 14:38 - 2015-01-10 09:07 - 00305320 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll
2015-01-26 14:38 - 2015-01-10 09:07 - 00177624 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll
2015-01-26 14:38 - 2015-01-10 09:07 - 00164568 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll
2015-01-26 14:38 - 2015-01-10 09:07 - 00031376 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvpciflt.sys
2015-01-26 14:38 - 2015-01-10 09:07 - 00027441 _____ () C:\WINDOWS\system32\nvinfo.pb
2015-01-18 10:20 - 2015-01-18 10:24 - 00000650 _____ () C:\WINDOWS\wiso.ini
2015-01-18 10:15 - 2015-01-18 10:15 - 00000000 ____D () C:\Users\Bianca\AppData\Roaming\Buhl Data Service
2015-01-18 10:15 - 2015-01-18 10:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\tax 2015
2015-01-18 10:07 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-01-18 10:07 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-01-18 10:07 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-01-18 10:07 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-01-18 10:07 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-01-18 10:07 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-01-18 10:07 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-01-18 10:07 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-01-18 10:07 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-01-18 10:07 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-01-18 10:07 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-01-18 10:07 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-01-18 10:07 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-01-18 10:07 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-01-18 10:07 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-01-18 10:07 - 2014-10-29 05:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2015-01-18 10:07 - 2014-10-29 05:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2015-01-18 10:07 - 2014-10-29 04:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-01-18 10:07 - 2014-10-29 04:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-01-18 10:07 - 2014-10-29 04:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2015-01-18 10:07 - 2014-10-29 04:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2015-01-18 10:07 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2015-01-18 10:07 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2015-01-18 10:07 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-01-18 10:07 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-01-18 10:07 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2015-01-18 10:07 - 2014-10-29 03:44 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-01-18 10:07 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2015-01-18 10:07 - 2014-10-29 02:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2015-01-18 10:07 - 2014-10-29 02:02 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-01-18 10:07 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-16 09:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-02-16 08:52 - 2014-08-21 09:51 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-02-16 08:47 - 2014-05-05 16:56 - 02012308 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-16 08:47 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-02-16 08:25 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-16 08:22 - 2014-05-03 06:48 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2634663036-1839342411-3565475702-1002
2015-02-16 07:46 - 2013-09-30 16:45 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-02-16 07:40 - 2014-06-01 17:25 - 00000000 ____D () C:\Users\Bianca\AppData\Roaming\ClassicShell
2015-02-16 07:07 - 2014-06-02 14:48 - 00003328 _____ () C:\WINDOWS\System32\Tasks\PDF Architect 2
2015-02-16 07:01 - 2013-10-25 07:37 - 00000000 ____D () C:\Users\Bianca\AppData\Roaming\TeamViewer
2015-02-16 06:59 - 2014-05-12 14:50 - 00000000 ____D () C:\Users\Bianca\AppData\Local\CrashDumps
2015-02-16 06:59 - 2014-05-05 17:53 - 00000000 ___DC () C:\WINDOWS\Panther
2015-02-16 06:42 - 2014-05-05 16:55 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2015-02-16 06:42 - 2014-05-05 16:55 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-02-16 06:42 - 2014-05-05 16:55 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2015-02-16 06:42 - 2014-05-05 14:53 - 00000000 ____D () C:\Users\Bianca\AppData\Local\NVIDIA Corporation
2015-02-16 06:42 - 2014-05-05 14:52 - 00000000 ____D () C:\Users\Bianca\AppData\Local\NVIDIA
2015-02-16 06:38 - 2014-05-03 09:17 - 00000000 ____D () C:\Users\Bianca\AppData\Local\Google
2015-02-15 17:42 - 2013-08-22 15:44 - 04956176 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-02-15 17:42 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-02-15 17:14 - 2013-10-08 12:44 - 00000000 ____D () C:\Users\Bianca\Documents\Citavi 4
2015-02-15 16:48 - 2013-04-11 17:26 - 00000000 ____D () C:\Users\Bianca\AppData\Roaming\KeePass
2015-02-15 16:19 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2015-02-15 16:19 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2015-02-15 16:19 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\setup
2015-02-15 16:19 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\setup
2015-02-15 16:19 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-02-15 16:18 - 2014-05-05 07:54 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-02-15 16:14 - 2014-05-05 15:35 - 116773704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-02-15 16:13 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-02-15 16:07 - 2014-03-18 11:03 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-02-15 16:07 - 2014-03-18 10:25 - 00765582 _____ () C:\WINDOWS\system32\perfh007.dat
2015-02-15 16:07 - 2014-03-18 10:25 - 00159366 _____ () C:\WINDOWS\system32\perfc007.dat
2015-02-15 16:06 - 2014-10-18 07:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-02-15 16:06 - 2014-10-18 07:58 - 00000000 ____D () C:\Program Files (x86)\Java
2015-02-15 16:06 - 2014-09-25 10:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-02-15 16:06 - 2014-05-05 14:40 - 00000000 ____D () C:\ProgramData\Oracle
2015-02-15 16:05 - 2014-10-18 07:58 - 00272296 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2015-02-15 16:05 - 2014-10-18 07:58 - 00176552 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2015-02-15 16:05 - 2014-10-18 07:58 - 00176552 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2015-02-15 16:05 - 2014-10-18 07:58 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-02-15 15:52 - 2014-08-21 09:51 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-02-15 15:40 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-02-03 20:31 - 2013-08-22 16:38 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-02-03 20:31 - 2013-08-22 16:38 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-30 15:19 - 2013-05-12 11:00 - 00000132 _____ () C:\Users\Bianca\AppData\Roaming\Adobe PNG Format CS5 Prefs
2015-01-30 14:07 - 2013-08-08 15:12 - 00001456 _____ () C:\Users\Bianca\AppData\Local\Adobe Für Web speichern 12.0 Prefs
2015-01-30 13:26 - 2014-05-03 09:33 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-30 13:25 - 2014-05-03 09:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-01-30 13:25 - 2014-05-03 09:33 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-01-30 11:18 - 2014-05-05 16:56 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-30 11:17 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\Help
2015-01-18 10:27 - 2014-01-14 08:05 - 00000000 ____D () C:\Users\Bianca\Documents\tax
2015-01-18 10:20 - 2014-05-04 14:41 - 00000000 ____D () C:\Users\Bianca\AppData\Local\Buhl
2015-01-18 10:15 - 2014-05-04 14:22 - 00000000 ____D () C:\Program Files (x86)\Buhl finance

==================== Files in the root of some directories =======

2013-06-10 18:06 - 2013-06-10 18:06 - 0000132 _____ () C:\Users\Bianca\AppData\Roaming\Adobe AIFF Format CS5 Prefs
2013-05-12 11:00 - 2015-01-30 15:19 - 0000132 _____ () C:\Users\Bianca\AppData\Roaming\Adobe PNG Format CS5 Prefs
2014-07-21 17:00 - 2014-07-21 17:02 - 0000096 _____ () C:\Users\Bianca\AppData\Roaming\Camdata.ini
2014-07-21 17:00 - 2014-07-21 17:02 - 0000408 _____ () C:\Users\Bianca\AppData\Roaming\CamLayout.ini
2014-07-21 17:00 - 2014-07-21 17:02 - 0000408 _____ () C:\Users\Bianca\AppData\Roaming\CamShapes.ini
2014-07-21 17:00 - 2014-07-21 17:02 - 0004509 _____ () C:\Users\Bianca\AppData\Roaming\CamStudio.cfg
2014-04-15 17:59 - 2014-04-15 17:59 - 0000268 ___RH () C:\Users\Bianca\AppData\Roaming\Services
2013-12-15 12:46 - 2014-01-17 09:34 - 0000000 _____ () C:\Users\Bianca\AppData\Roaming\Specifications
2014-01-18 20:50 - 2014-02-12 13:21 - 0117381 ____H () C:\Users\Bianca\AppData\Roaming\sync.ffs_db
2013-08-08 15:12 - 2015-01-30 14:07 - 0001456 _____ () C:\Users\Bianca\AppData\Local\Adobe Für Web speichern 12.0 Prefs
2014-11-06 11:31 - 2014-11-06 11:31 - 0000218 _____ () C:\Users\Bianca\AppData\Local\recently-used.xbel
2013-12-25 20:26 - 2013-12-25 20:26 - 0007629 _____ () C:\Users\Bianca\AppData\Local\Resmon.ResmonCfg
2014-01-18 21:30 - 2014-01-18 21:30 - 0296772 ____H () C:\Users\Bianca\AppData\Local\sync.ffs_db
2014-06-02 18:59 - 2014-06-02 18:59 - 0000057 _____ () C:\ProgramData\Ament.ini
2013-09-30 16:59 - 2013-09-30 16:59 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-05-03 08:44 - 2012-10-24 20:44 - 0656048 _____ (WildTangent, Inc.) C:\ProgramData\uninstall2688720.exe

Files to move or delete:

Some content of TEMP:

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-02-16 08:23

==================== End Of Log ============================
FRST Logfile:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-02-2015
Ran by Bianca at 2015-02-16 09:12:27
Running from C:\Users\Bianca\Downloads
Boot Mode: Normal

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 clear.fi SDK - Video 2 (x32 Version: 2.1.2606 - CyberLink Corp.) Hidden
 clear.fi SDK- Movie 2 (x32 Version: 2.1.2606 - CyberLink Corp.) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: - Igor Pavlov)
Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.3004 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3012 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3016 - Acer Incorporated)
Acer USB Charge Manager (HKLM\...\{07E867C5-0C48-40FF-A013-DDAF4565AD47}) (Version: 2.00.3004 - Acer Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: - Adobe Systems Inc.)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: - Adobe Systems Incorporated)
Adobe Digital Editions 4.0 (HKLM-x32\...\Adobe Digital Editions 4.0) (Version: 4.0 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Photoshop CS5 (HKLM-x32\...\{15FEDA5F-141C-4127-8D7E-B962D1742728}) (Version: 12.0 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5.5 64-bit (HKLM\...\{19BBD0F3-7A31-480D-8A23-19AE28035E9C}) (Version: 5.5.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Anki (HKLM-x32\...\Anki) (Version:  - )
Avira (HKLM-x32\...\{2c18809c-4097-4b51-a4d0-3deade730ef3}) (Version: - Avira Operations & Co. KG)
Avira (x32 Version: - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: - Avira)
BeCyPDFMetaEdit (HKLM-x32\...\BeCyPDFMetaEdit) (Version: 2.37.0 - Benjamin Bentmann)
calibre 64bit (HKLM\...\{7A073C16-B3B5-4913-8457-262B6E17947A}) (Version: 2.5.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform)
Chromium (HKU\S-1-5-21-2634663036-1839342411-3565475702-1002\...\Chromium) (Version: 42.0.2306.0 - Chromium)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.04072 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.04072 - Cisco Systems, Inc.) Hidden
Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)
CyberGhost 5 (HKLM\...\CyberGhost 5_is1) (Version:  - CyberGhost S.R.L.)
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
EPUB Metadata Editor 1.3.13 (HKLM-x32\...\{C093DB2B-F7B8-4E5A-8E98-626F5486A44B}_is1) (Version:  - Ben Chenoweth)
FileZilla Client (HKLM-x32\...\FileZilla Client) (Version: - Tim Kosse)
FRITZ!Powerline (HKLM-x32\...\{F9C9378B-78D5-4CC0-8683-B7915DFEA9C5}) (Version: 01.00.65 - AVM Berlin)
GrampsAIO64 (HKLM-x32\...\GrampsAIO64) (Version: 3.4.8-1 - The GRAMPS project)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: - Hewlett-Packard)
HP Officejet Pro 8620 - Grundlegende Software für das Gerät (HKLM\...\{F6CE08BC-6929-412E-BB42-A9A7CD9721D7}) (Version: - Hewlett-Packard Co.)
HP Officejet Pro 8620 Hilfe (HKLM-x32\...\{F8E43C63-DFF2-4134-A46C-2A6F00517A35}) (Version: 32.0.0 - Hewlett Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: - HP)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: - Intel Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
KeePass Password Safe 2.28 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.28 - Dominik Reichl)
LibreOffice (HKLM-x32\...\{1D4E90DA-C33C-40ED-BA00-75F6E6DF9CB0}) (Version: - The Document Foundation)
Malwarebytes Anti-Malware Version (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: - Malwarebytes Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Nuance PDF Reader (HKLM-x32\...\{0017FFDB-F7F3-4058-BCDF-D9204CFBDCB2}) (Version: 8.10.1302 - Nuance Communications, Inc.)
NVIDIA Grafiktreiber 347.25 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.25 - NVIDIA Corporation)
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.02.2008 - Acer)
PDF Architect (HKLM-x32\...\{86D8A96B-1911-4C3F-AA16-0B47E053E492}) (Version: - pdfforge GmbH)
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.25 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.14.327.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C9661090-C134-46E8-90B2-76D72355C2A6}) (Version: 6.2.9200.21222 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: - Synaptics Incorporated)
System Requirements Lab for Intel (HKLM-x32\...\{1EBDF6D2-CEA0-484C-A23E-2DDAD7FD0DD0}) (Version: - Husdawg, LLC)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
tax 2015 (HKLM-x32\...\{4CF96070-DEE5-43B5-B6A7-23AC07BC0C77}) (Version: 22.00.8811 - Buhl Data Service GmbH)
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Zotero Standalone 4.0.26 (x86 en-US) (HKLM-x32\...\Zotero Standalone 4.0.26 (x86 en-US)) (Version: 4.0.26 - Zotero)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2634663036-1839342411-3565475702-1002_Classes\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}\localserver32 -> C:\Users\Bianca\AppData\Local\Chromium\Application\42.0.2306.0\delegate_execute.exe (The Chromium Authors) <==== ATTENTION

==================== Restore Points  =========================

06-11-2014 11:33:58 Removed Live Updater
10-12-2014 11:33:57 Geplanter Prüfpunkt
16-12-2014 08:12:49 Removed Duplicati (x64)
18-01-2015 10:05:32 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
30-01-2015 11:37:08 Windows Update
15-02-2015 15:36:09 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2014-05-12 10:31 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0AAB60BF-8680-44ED-867E-E32A8CD50DDB} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-15] (Adobe Systems Incorporated)
Task: {1B00C651-4115-43EF-A261-E008980E1879} - System32\Tasks\Dolby Selector => C:\Dolby PCEE4\pcee4.exe [2012-08-31] (Dolby Laboratories Inc.)
Task: {203873C3-FED9-4778-97A6-BF40712DEAF3} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2013-01-18] (Acer Incorporated)
Task: {29913F00-F2B1-40BA-80CC-C71C05F28768} - System32\Tasks\HP AR Program Upload - c8db0aff26e344ba81f3361d29cba7e54e6eb4298a8a4e5c8c669fb03d1db3b0 => C:\Program Files\HP\HP Officejet Pro 8620\bin\HPRewards.exe [2014-07-21] (TODO: <Company name>)
Task: {406E0C8E-9E66-462D-A109-984989044B8E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-01-20] (Piriform Ltd)
Task: {55978534-B431-40B9-B617-1A2B70C31C3B} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-02-15] (Microsoft Corporation)
Task: {79AD7EC0-56B1-43EF-86ED-CCBE81F94506} - System32\Tasks\AdobeAAMUpdater-1.0-AcerNotebook-Bianca => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {7A930001-29FE-4E21-8DDA-E3BA49C176AB} - System32\Tasks\PDF Architect 2 => C:\Program Files (x86)\PDF Architect 2\PDF Architect 2.exe
Task: {D727F8AA-67AA-401F-B38A-7B6A6D4AAAE8} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe [2013-04-26] (Acer Incorporate)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Loaded Modules (whitelisted) ==============

2015-01-30 11:17 - 2015-01-10 00:29 - 00117392 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-09-30 17:17 - 2013-02-20 21:58 - 00111176 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext_x64.dll
2014-05-01 20:29 - 2014-05-01 20:29 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2014-01-24 02:24 - 2014-01-24 02:24 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2014-01-24 02:21 - 2014-01-24 02:21 - 00086016 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll
2014-01-24 02:27 - 2014-01-24 02:27 - 00012928 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
2015-02-16 06:47 - 2015-02-16 03:49 - 01909248 _____ () C:\Users\Bianca\AppData\Local\Chromium\Application\42.0.2306.0\libglesv2.dll
2015-02-16 06:47 - 2015-02-16 03:49 - 00087040 _____ () C:\Users\Bianca\AppData\Local\Chromium\Application\42.0.2306.0\libegl.dll
2013-10-10 22:48 - 2013-10-10 22:48 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2013-09-30 16:34 - 2013-03-20 08:47 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-09-25 10:12 - 2015-02-15 16:06 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Bianca\OneDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2634663036-1839342411-3565475702-1002\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers:

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "Cisco AnyConnect Secure Mobility Agent for Windows"
HKLM\...\StartupApproved\Run32: => "KeePass 2 PreLoad"
HKLM\...\StartupApproved\Run32: => "AdobeCS5ServiceManager"
HKLM\...\StartupApproved\Run32: => "Nuance PDF Reader-reminder"
HKLM\...\StartupApproved\Run32: => "SwitchBoard"
HKU\S-1-5-21-2634663036-1839342411-3565475702-1002\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-2634663036-1839342411-3565475702-1002\...\StartupApproved\Run: => "CyberGhost"

==================== Accounts: =============================

Administrator (S-1-5-21-2634663036-1839342411-3565475702-500 - Administrator - Disabled)
Bianca (S-1-5-21-2634663036-1839342411-3565475702-1002 - Administrator - Enabled) => C:\Users\Bianca
Gast (S-1-5-21-2634663036-1839342411-3565475702-501 - Limited - Disabled)

==================== Faulty Device Manager Devices =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
Error: (02/16/2015 06:42:08 AM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [0]

Error: (02/15/2015 05:59:15 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm WWAHost.exe, Version 6.3.9600.17031 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1750

Startzeit: 01d04940a481bdb0

Endzeit: 4294967295

Anwendungspfad: C:\Windows\System32\WWAHost.exe

Berichts-ID: f754da73-b533-11e4-bea3-a4db304279f9

Vollständiger Name des fehlerhaften Pakets: winstore_1.0.0.0_neutral_neutral_cw5n1h2txyewy

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Windows.Store

Error: (02/15/2015 05:59:13 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: AcerNotebook)
Description: Das Paket „winstore_1.0.0.0_neutral_neutral_cw5n1h2txyewy+Windows.Store“ wurde beendet, da das Anhalten zu lange dauerte.

Error: (02/15/2015 05:16:42 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4

Error: (02/15/2015 05:16:42 PM) (Source: PerfNet) (EventID: 2004) (User: )

Error: (02/15/2015 05:16:42 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: MSDTCC:\WINDOWS\system32\msdtcuiu.DLL4

Error: (02/15/2015 05:16:41 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: LsaC:\Windows\System32\Secur32.dll4

Error: (02/15/2015 05:16:41 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: ESENTC:\WINDOWS\system32\esentprf.dll4

Error: (02/15/2015 05:16:41 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll4

Error: (02/15/2015 04:34:53 PM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Fehler beim Verarbeiten von Sitzungsänderung. System.ComponentModel.Win32Exception (0x80004005): Key (Users\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall) could not be opened Error: 87, Hive: Users, Key: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
   bei Avira.OE.WinCore.Utility.RegistryValueWatcher.CheckResultAndThrowWin32Exception(Int32 result, String message)
   bei Avira.OE.WinCore.Utility.RegistryValueWatcher.OpenRegKey()
   bei Avira.OE.WinCore.Utility.RegistryValueWatcher.Start()
   bei Avira.OE.ServiceHost.AppInfoRepositoryFactory.CreateRegistryAppInfoRepository(RegistryHive registryHive, String registryPath, RegistryView registryView)
   bei Avira.OE.ServiceHost.DesktopApplications.UpdateUserAppInfoRepository(String userSid)
   bei Avira.OE.ServiceHost.DesktopApplications.UpdateOnNewUserSid(String userSid)
   bei Avira.OE.ServiceHost.DesktopApplications.OnSessionChange(Int32 sessionId, SessionChangeReason reason)
   bei Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription)
   bei S...

System errors:
Error: (02/16/2015 08:24:51 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet: 

Error: (02/16/2015 08:24:51 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "WSearch" konnte sich nicht als "NT AUTHORITY\SYSTEM" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (02/16/2015 08:24:21 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Modules Installer" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (02/16/2015 08:24:21 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Dynamic Application Loader Host Interface Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (02/16/2015 08:24:21 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) ME Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (02/16/2015 08:24:21 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "ePower Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (02/16/2015 08:24:21 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (02/16/2015 08:24:21 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "CyberGhost 5 Client Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (02/16/2015 08:24:21 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "PDF Architect Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (02/16/2015 08:24:21 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "PDF Architect Helper Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Microsoft Office Sessions:
Error: (02/16/2015 06:42:08 AM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [0]

Error: (02/15/2015 05:59:15 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: WWAHost.exe6.3.9600.17031175001d04940a481bdb04294967295C:\Windows\System32\WWAHost.exef754da73-b533-11e4-bea3-a4db304279f9winstore_1.0.0.0_neutral_neutral_cw5n1h2txyewyWindows.Store

Error: (02/15/2015 05:59:13 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: AcerNotebook)
Description: winstore_1.0.0.0_neutral_neutral_cw5n1h2txyewy+Windows.Store

Error: (02/15/2015 05:16:42 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4

Error: (02/15/2015 05:16:42 PM) (Source: PerfNet) (EventID: 2004) (User: )

Error: (02/15/2015 05:16:42 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: MSDTCC:\WINDOWS\system32\msdtcuiu.DLL4

Error: (02/15/2015 05:16:41 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: LsaC:\Windows\System32\Secur32.dll4

Error: (02/15/2015 05:16:41 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: ESENTC:\WINDOWS\system32\esentprf.dll4

Error: (02/15/2015 05:16:41 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll4

Error: (02/15/2015 04:34:53 PM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Fehler beim Verarbeiten von Sitzungsänderung. System.ComponentModel.Win32Exception (0x80004005): Key (Users\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall) could not be opened Error: 87, Hive: Users, Key: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
   bei Avira.OE.WinCore.Utility.RegistryValueWatcher.CheckResultAndThrowWin32Exception(Int32 result, String message)
   bei Avira.OE.WinCore.Utility.RegistryValueWatcher.OpenRegKey()
   bei Avira.OE.WinCore.Utility.RegistryValueWatcher.Start()
   bei Avira.OE.ServiceHost.AppInfoRepositoryFactory.CreateRegistryAppInfoRepository(RegistryHive registryHive, String registryPath, RegistryView registryView)
   bei Avira.OE.ServiceHost.DesktopApplications.UpdateUserAppInfoRepository(String userSid)
   bei Avira.OE.ServiceHost.DesktopApplications.UpdateOnNewUserSid(String userSid)
   bei Avira.OE.ServiceHost.DesktopApplications.OnSessionChange(Int32 sessionId, SessionChangeReason reason)
   bei Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription)
   bei S...

==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-4200U CPU @ 1.60GHz
Percentage of memory in use: 28%
Total physical RAM: 8072.27 MB
Available physical RAM: 5797.72 MB
Total Pagefile: 9352.27 MB
Available Pagefile: 6422.36 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:449.51 GB) (Free:254.91 GB) NTFS

==================== MBR & Partition Table ==================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: ABFCC07E)

Partition: GPT Partition Type.

==================== End Of Log ============================

fehlt noch was oder bin ich ein "schwerer Fall"?

Gib Bescheid, wenn ich noch was scannen / loggen soll.



Alt 17.02.2015, 07:10   #4
/// the machine
/// TB-Ausbilder

Chrome/Chromium: Öffnen mehrerer Tabs / Search-Conduit Startseite / Ask-Toolbar - Standard

Chrome/Chromium: Öffnen mehrerer Tabs / Search-Conduit Startseite / Ask-Toolbar

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

Proud Member of UNITE and ASAP since 2009

Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 17.02.2015, 13:55   #5
Chrome/Chromium: Öffnen mehrerer Tabs / Search-Conduit Startseite / Ask-Toolbar - Standard

Gewünschte Logs

 Malwarebytes Anti-Malware 

Suchlauf Datum: 17.02.2015
Suchlauf-Zeit: 08:06:44
Logdatei: mbam.txt
Administrator: Ja

Malware Datenbank: v2015.02.17.04
Rootkit Datenbank: v2015.02.03.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: Bianca

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 369478
Verstrichene Zeit: 27 Min, 38 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 0
(Keine schädliche Elemente erkannt)

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 0
(Keine schädliche Elemente erkannt)

Dateien: 0
(Keine schädliche Elemente erkannt)

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)

# AdwCleaner v4.110 - Bericht erstellt 17/02/2015 um 08:43:33
# Aktualisiert 05/02/2015 von Xplode
# Datenbank : 2015-02-14.2 [Server]
# Betriebssystem : Windows 8.1  (x64)
# Benutzername : Bianca - ACERNOTEBOOK
# Gestarted von : C:\Users\Bianca\Downloads\adwcleaner_4.110.exe
# Option : Löschen

***** [ Dienste ] *****

***** [ Dateien / Ordner ] *****

***** [ Geplante Tasks ] *****

***** [ Verknüpfungen ] *****

***** [ Registrierungsdatenbank ] *****

***** [ Internetbrowser ] *****

-\\ Internet Explorer v0.0.0.0

-\\ Mozilla Firefox v35.0.1 (x86 de)

-\\ Google Chrome v

-\\ Chromium v42.0.2306.0

-\\ Chrome Canary v


AdwCleaner[R0].txt - [3339 Bytes] - [16/02/2015 08:18:51]
AdwCleaner[R1].txt - [964 Bytes] - [17/02/2015 08:38:55]
AdwCleaner[R2].txt - [1022 Bytes] - [17/02/2015 08:42:27]
AdwCleaner[S0].txt - [4720 Bytes] - [16/02/2015 08:24:19]
AdwCleaner[S1].txt - [946 Bytes] - [17/02/2015 08:43:33]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1004  Bytes] ##########
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 8.1 x64
Ran by Bianca on 17.02.2015 at  8:50:09,54

~~~ Services

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL

~~~ Registry Keys

~~~ Files

Successfully deleted: [File] C:\WINDOWS\prefetch\ASK REMOVER.EXE-CD3F8E11.pf

~~~ Folders

~~~ FireFox

Successfully deleted the following from C:\Users\Bianca\AppData\Roaming\mozilla\firefox\profiles\9lrxnix3.default\prefs.js

user_pref("services.sync.client.syncID", "2v9_q15pXeJU");
Emptied folder: C:\Users\Bianca\AppData\Roaming\mozilla\firefox\profiles\9lrxnix3.default\minidumps [6 files]

~~~ Event Viewer Logs were cleared

Scan was completed on 17.02.2015 at  8:51:56,53
End of JRT log

FRST Logfile:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-02-2015
Ran by Bianca (administrator) on ACERNOTEBOOK on 17-02-2015 08:59:37
Running from C:\Users\Bianca\Downloads
Loaded Profiles: Bianca (Available profiles: Bianca)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(AVM GmbH) C:\Program Files (x86)\FRITZ!Powerline\PowerlineService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
(Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet Pro 8620\Bin\ScanToPCActivationApp.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Flexera Software LLC.) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Flexera Software LLC.) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13538376 2013-05-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1307720 2013-04-24] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585928 2015-01-16] (NVIDIA Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3016432 2013-03-07] (Synaptics Incorporated)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-09] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707984 2013-10-10] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\isuspm.exe [2068856 2011-10-12] (Flexera Software LLC.)
HKLM-x32\...\Run: [Nuance PDF Reader-reminder] => C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe [333712 2012-10-11] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [402432 2010-07-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126712 2014-12-31] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2109952 2014-10-07] (Dominik Reichl)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [134784 2014-01-24] ( (Atheros Communications))
HKU\S-1-5-21-2634663036-1839342411-3565475702-1002\...\Run: [CyberGhost] => C:\Program Files\CyberGhost 5\CyberGhost.exe [404080 2014-06-12] (CyberGhost S.R.L.)
HKU\S-1-5-21-2634663036-1839342411-3565475702-1002\...\Run: [HP Officejet Pro 8620 (NET)] => C:\Program Files\HP\HP Officejet Pro 8620\Bin\ScanToPCActivationApp.exe [3487240 2014-07-21] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-2634663036-1839342411-3565475702-1002\...\MountPoints2: {25b1ff5a-35b4-11e4-be88-a4db304279f9} - "D:\HiSuiteDownLoader.exe" 
HKU\S-1-5-21-2634663036-1839342411-3565475702-1002\...\MountPoints2: {ec3db3bf-b51a-11e4-bea0-a4db304279f9} - "E:\AutoRun.exe" 
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [177624 2015-01-10] (NVIDIA Corporation)
AppInit_DLLs: ,C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [177624 2015-01-10] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [164568 2015-01-10] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-2634663036-1839342411-3565475702-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer13.msn.com
HKU\S-1-5-21-2634663036-1839342411-3565475702-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2634663036-1839342411-3565475702-1002 -> {7DFA3630-0A26-423A-BB4C-0101F29E4D9B} URL = 
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: No Name -> {609D670F-B735-4da7-AC6D-F3BD358E325E} ->  No File
BHO-x32: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Tcpip\Parameters: [DhcpNameServer]

FF ProfilePath: C:\Users\Bianca\AppData\Roaming\Mozilla\Firefox\Profiles\9lrxnix3.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.20 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
FF Extension: ColorZilla - C:\Users\Bianca\AppData\Roaming\Mozilla\Firefox\Profiles\9lrxnix3.default\Extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326} [2014-10-24]
FF Extension: Add to Amazon Wish List Button - C:\Users\Bianca\AppData\Roaming\Mozilla\Firefox\Profiles\9lrxnix3.default\Extensions\amznUWL2@amazon.com.xpi [2014-08-03]
FF Extension: LEOs Dictionaries - C:\Users\Bianca\AppData\Roaming\Mozilla\Firefox\Profiles\9lrxnix3.default\Extensions\contextMenuExtension@leo.org.xpi [2014-10-30]
FF Extension: Integrated Google Calendar - C:\Users\Bianca\AppData\Roaming\Mozilla\Firefox\Profiles\9lrxnix3.default\Extensions\intgcal@egarracingteam.com.ar.xpi [2014-08-04]
FF Extension: Vlc Kontextmenü - C:\Users\Bianca\AppData\Roaming\Mozilla\Firefox\Profiles\9lrxnix3.default\Extensions\vlcplaylist@helgatauscher.de.xpi [2014-10-01]
FF Extension: Screengrab  (fix version) - C:\Users\Bianca\AppData\Roaming\Mozilla\Firefox\Profiles\9lrxnix3.default\Extensions\{02450914-cdd9-410f-b1da-db004e18c671}.xpi [2014-09-07]
FF Extension: Leo Search - C:\Users\Bianca\AppData\Roaming\Mozilla\Firefox\Profiles\9lrxnix3.default\Extensions\{c666c018-6409-4479-afa3-68e4129e7eff}.xpi [2014-10-30]
FF Extension: Adblock Plus - C:\Users\Bianca\AppData\Roaming\Mozilla\Firefox\Profiles\9lrxnix3.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-08-04]
FF Extension: DownThemAll! - C:\Users\Bianca\AppData\Roaming\Mozilla\Firefox\Profiles\9lrxnix3.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2014-08-04]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: No Name - C:\Program Files\McAfee\MSK [2013-08-02]

CHR HomePage: Profile 1 -> hxxp://fritz.box/
CHR StartupUrls: Profile 1 -> "hxxp://search.conduit.com/?ctid=CT3319402&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP49211F28-4E79-4E02-ABF6-EFAC322B14C9&SSPV=", "hxxp://www.computerbase.de/forum/showthread.php?t=672421", "hxxp://productforums.google.com/forum/#!topic/chrome-de/-IEipyir7s0", "https://productforums.google.com/forum/?fromgroups=#!topic/chrome-de/-IEipyir7s0", "hxxp://forum.chip.de/router-modem/internetabbrueche-1704573-page2.html", "hxxp://forum.chip.de/dsl-w-lan-lan/w-lan-ominoese-internetabbrueche-trotz-guter-verbindung-1511768.html", "hxxp://www.google.de/"
CHR DefaultSearchKeyword: Profile 1 -> startpage.com_
CHR DefaultSearchURL: Profile 1 -> https://startpage.com/do/search?query={searchTerms}&cat=web&pl=chrome&language=deutsch
CHR DefaultSuggestURL: Profile 1 -> https://startpage.com/cgi-bin/csuggest?output=json&pl=chrome&lang=deutsch&query={searchTerms}
CHR Profile: C:\Users\Bianca\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Bianca\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-08]
CHR Extension: (Google Drive) - C:\Users\Bianca\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-08]
CHR Extension: (YouTube) - C:\Users\Bianca\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-08]
CHR Extension: (Google-Suche) - C:\Users\Bianca\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-08]
CHR Extension: (Google Wallet) - C:\Users\Bianca\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-08]
CHR Extension: (Google Mail) - C:\Users\Bianca\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-08]
CHR Profile: C:\Users\Bianca\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Docs) - C:\Users\Bianca\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-22]
CHR Extension: (Google Drive) - C:\Users\Bianca\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-22]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Bianca\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-29]
CHR Extension: (Global Map) - C:\Users\Bianca\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\biabadelbimllanaekjkipoflfdpihba [2014-06-22]
CHR Extension: (YouTube) - C:\Users\Bianca\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-22]
CHR Extension: (Google Cast) - C:\Users\Bianca\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-06-22]
CHR Extension: (Webseiten-Screenshot - Webpage Screenshot) - C:\Users\Bianca\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ckibcdccnfeookdmbahgiakhnjcddpki [2014-06-22]
CHR Extension: (Google-Suche) - C:\Users\Bianca\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-22]
CHR Extension: (FullContact (beta)) - C:\Users\Bianca\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ddgjmcgnlpnolanedjohjkfelpmepiob [2014-06-22]
CHR Extension: (Awesome Color Picker) - C:\Users\Bianca\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\flkdgmgdgnpdecpaaoggnbjcdmbnagbj [2014-06-22]
CHR Extension: (HTTPS Everywhere) - C:\Users\Bianca\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2014-06-22]
CHR Extension: (AdBlock) - C:\Users\Bianca\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-06-22]
CHR Extension: (Drive Notepad) - C:\Users\Bianca\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gpgjomejfimnbmobcocilppikhncegaj [2014-06-22]
CHR Extension: (feedly) - C:\Users\Bianca\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hipbfijinpcgfogaopmgehiegacbhmob [2014-06-22]
CHR Extension: (Disconnect Search) - C:\Users\Bianca\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hmobfennjmjnkdbklhcnnfbhfibedgkk [2014-06-22]
CHR Extension: (Google Play Music) - C:\Users\Bianca\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg [2014-06-22]
CHR Extension: (Disconnect) - C:\Users\Bianca\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo [2014-06-22]
CHR Extension: (Evernote Web) - C:\Users\Bianca\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2014-06-22]
CHR Extension: (Google Wallet) - C:\Users\Bianca\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-22]
CHR Extension: (chromeIPass) - C:\Users\Bianca\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ompiailgknfdndiefoaoiligalphfdae [2014-06-22]
CHR Extension: (cronsync) - C:\Users\Bianca\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pbngjmgfclegmldmnjbfbgpphbaakjnk [2014-06-22]
CHR Extension: (Page Monitor) - C:\Users\Bianca\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pemhgklkefakciniebenbfclihhmmfcd [2014-06-22]
CHR Extension: (Google Mail) - C:\Users\Bianca\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-22]
CHR HKLM-x32\...\Chrome\Extension: [ohgndokldibnndfnjnagojmheejlengn] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-09] (Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [319104 2014-01-24] (Windows (R) Win 7 DDK provider)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [178424 2014-12-31] (Avira Operations GmbH & Co. KG)
R2 AVMPowerlineService; C:\Program Files (x86)\FRITZ!Powerline\PowerlineService.exe [139264 2014-05-21] (AVM GmbH) [File not signed]
S2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [64624 2014-06-12] (CyberGhost S.R.L)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [660040 2013-01-18] (Acer Incorporated)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-03-20] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-03-20] (Intel Corporation)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [431656 2013-04-26] (Acer Incorporate)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1335344 2014-01-23] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [856112 2014-01-23] (pdfforge GmbH)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3881984 2014-01-06] (Qualcomm Atheros Communications, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-07] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131608 2014-10-07] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG)
S3 BrSerId; C:\Windows\system32\DRIVERS\BrSerId.sys [290816 2012-03-27] (Brother Industries Ltd.) [File not signed]
S3 BrUsbSer; C:\Windows\system32\DRIVERS\BrUsbSer.sys [14720 2011-07-18] (Brother Industries Ltd.) [File not signed]
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-01-24] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-01-10] (Acer Incorporated)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-12-19] (Intel Corporation)
S3 QRDCIO; C:\Windows\System32\drivers\QRDCIO.sys [9728 2009-10-20] (QUANTA)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [15704 2013-01-10] (Acer Incorporated)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [455240 2013-03-05] (RTS Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31984 2013-03-07] (Synaptics Incorporated)
S3 vpnva; C:\Windows\system32\DRIVERS\vpnva64-6.sys [52080 2013-10-10] (Cisco Systems, Inc.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S3 WUDFWpdComp; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)
S4 nvvad_WaveExtensible; \SystemRoot\system32\drivers\nvvad64v.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-17 08:52 - 2015-02-17 08:52 - 00001146 _____ () C:\Users\Bianca\Desktop\JRT1.txt
2015-02-17 08:51 - 2015-02-17 08:51 - 00001146 _____ () C:\Users\Bianca\Desktop\JRT.txt
2015-02-17 08:49 - 2015-02-17 08:49 - 01388274 _____ (Thisisu) C:\Users\Bianca\Downloads\JRT.exe
2015-02-17 08:37 - 2015-02-17 08:37 - 00001191 _____ () C:\Users\Bianca\Desktop\mbam.txt
2015-02-16 15:38 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-02-16 15:38 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-02-16 09:12 - 2015-02-16 09:12 - 00026235 _____ () C:\Users\Bianca\Downloads\Addition.txt
2015-02-16 09:11 - 2015-02-17 08:59 - 00024492 _____ () C:\Users\Bianca\Downloads\FRST.txt
2015-02-16 09:11 - 2015-02-17 08:59 - 00000000 ____D () C:\FRST
2015-02-16 09:10 - 2015-02-16 09:10 - 02085888 _____ (Farbar) C:\Users\Bianca\Downloads\FRST64.exe
2015-02-16 08:29 - 2015-02-16 08:29 - 00276372 _____ () C:\Users\Bianca\Downloads\ASK_Remover.zip
2015-02-16 08:29 - 2015-02-16 08:29 - 00000000 ____D () C:\Users\Bianca\Downloads\ASK_Remover
2015-02-16 08:25 - 2015-02-17 08:44 - 00003875 _____ () C:\WINDOWS\setupact.log
2015-02-16 08:25 - 2015-02-16 08:25 - 00002790 _____ () C:\WINDOWS\PFRO.log
2015-02-16 08:25 - 2015-02-16 08:25 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-02-16 08:18 - 2015-02-17 08:43 - 00000000 ____D () C:\AdwCleaner
2015-02-16 08:18 - 2015-02-16 08:18 - 02112512 _____ () C:\Users\Bianca\Downloads\adwcleaner_4.110.exe
2015-02-16 07:49 - 2015-02-17 08:06 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-02-16 07:49 - 2015-02-16 07:49 - 00001122 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-02-16 07:49 - 2015-02-16 07:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-02-16 07:49 - 2015-02-16 07:49 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-16 07:49 - 2015-02-16 07:49 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-02-16 07:49 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-02-16 07:49 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-02-16 07:49 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-02-16 07:46 - 2015-02-16 07:47 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Bianca\Downloads\mbam-setup-
2015-02-16 07:45 - 2015-02-16 07:45 - 00001288 _____ () C:\Users\Bianca\Desktop\Revo Uninstaller.lnk
2015-02-16 07:45 - 2015-02-16 07:45 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-02-16 07:44 - 2015-02-16 07:44 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Bianca\Downloads\revosetup95.exe
2015-02-16 07:20 - 2015-02-17 08:38 - 00000000 ____D () C:\Users\Bianca\Documents\Anki
2015-02-16 07:20 - 2015-02-16 07:20 - 00000770 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anki.lnk
2015-02-16 07:20 - 2015-02-16 07:20 - 00000758 _____ () C:\Users\Bianca\Desktop\Anki.lnk
2015-02-16 07:20 - 2015-02-16 07:20 - 00000000 ____D () C:\Program Files (x86)\Anki
2015-02-16 07:19 - 2015-02-16 07:20 - 23232740 _____ () C:\Users\Bianca\Downloads\anki-2.0.31.exe
2015-02-16 06:53 - 2015-02-16 06:53 - 00002774 _____ () C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2015-02-16 06:53 - 2015-02-16 06:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-02-16 06:53 - 2015-02-16 06:53 - 00000000 ____D () C:\Program Files\CCleaner
2015-02-16 06:52 - 2015-02-16 06:52 - 05325208 _____ (Piriform Ltd) C:\Users\Bianca\Downloads\ccsetup502.exe
2015-02-16 06:47 - 2015-02-16 06:47 - 00002332 _____ () C:\Users\Bianca\Desktop\Chromium.lnk
2015-02-16 06:47 - 2015-02-16 06:47 - 00000000 ____D () C:\Users\Bianca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromium
2015-02-16 06:47 - 2015-02-16 06:47 - 00000000 ____D () C:\Users\Bianca\AppData\Local\Chromium
2015-02-16 06:46 - 2015-02-16 06:46 - 41162752 _____ (The Chromium Authors) C:\Users\Bianca\Downloads\chromium_setup.exe
2015-02-15 17:37 - 2015-02-15 17:37 - 00001187 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zotero Standalone.lnk
2015-02-15 17:37 - 2015-02-15 17:37 - 00001175 _____ () C:\Users\Public\Desktop\Zotero Standalone.lnk
2015-02-15 17:37 - 2015-02-15 17:37 - 00000000 ____D () C:\Users\Bianca\AppData\Roaming\Zotero
2015-02-15 17:37 - 2015-02-15 17:37 - 00000000 ____D () C:\Users\Bianca\AppData\Local\Zotero
2015-02-15 17:37 - 2015-02-15 17:37 - 00000000 ____D () C:\Program Files (x86)\Zotero Standalone
2015-02-15 17:24 - 2015-02-15 17:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.3
2015-02-15 17:23 - 2015-02-15 17:24 - 00000000 ____D () C:\Program Files (x86)\LibreOffice 4
2015-02-15 17:19 - 2015-02-15 17:32 - 34662667 _____ () C:\Users\Bianca\Downloads\torbrowser-install-4.0.3_de.exe
2015-02-15 17:18 - 2015-02-15 17:20 - 225890304 _____ () C:\Users\Bianca\Downloads\LibreOffice_4.3.5_Win_x86.msi
2015-02-15 16:41 - 2015-02-15 16:41 - 00001137 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePass 2.lnk
2015-02-15 16:41 - 2015-02-15 16:41 - 00001125 _____ () C:\Users\Bianca\Desktop\KeePass 2.lnk
2015-02-15 16:41 - 2015-02-15 16:41 - 00000000 ____D () C:\Program Files (x86)\KeePass Password Safe 2
2015-02-15 16:13 - 2014-04-14 04:29 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2015-02-15 16:09 - 2014-04-16 00:35 - 00028352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll
2015-02-15 16:09 - 2014-04-16 00:34 - 00029888 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
2015-02-15 14:47 - 2015-02-15 16:44 - 00017278 _____ () C:\Users\Bianca\Documents\KeePassDatenbank_20141031.kdbx
2015-02-15 14:33 - 2015-02-15 14:39 - 00000000 ____D () C:\BIANCABENDER
2015-02-15 14:06 - 2015-01-15 23:43 - 00563504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-02-15 14:06 - 2015-01-15 23:43 - 00177984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-02-15 14:06 - 2015-01-14 05:22 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-02-15 14:06 - 2015-01-14 04:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-02-15 14:06 - 2014-11-17 21:17 - 00672984 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2015-02-15 14:06 - 2014-11-14 07:46 - 02171904 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll
2015-02-15 14:06 - 2014-11-14 07:46 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2015-02-15 14:06 - 2014-11-14 07:39 - 02819584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2015-02-15 14:06 - 2014-11-14 05:53 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2015-02-15 14:06 - 2014-10-29 03:51 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll
2015-02-15 14:06 - 2014-10-29 03:50 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2015-02-15 14:06 - 2014-10-29 03:06 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2015-02-15 14:06 - 2014-10-29 03:06 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll
2015-02-15 14:06 - 2014-10-29 02:31 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-02-15 14:06 - 2014-04-08 23:46 - 00086688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mrt_map.dll
2015-02-15 14:06 - 2014-04-08 23:46 - 00028320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mrt100.dll
2015-02-15 14:06 - 2014-04-08 19:54 - 00080032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mrt_map.dll
2015-02-15 14:06 - 2014-04-08 19:54 - 00026784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mrt100.dll
2015-02-15 14:05 - 2015-01-13 23:11 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-02-15 14:05 - 2015-01-13 23:04 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-02-15 14:05 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-02-15 14:05 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-02-15 14:05 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-02-15 14:05 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-02-15 14:05 - 2015-01-12 03:34 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-02-15 14:05 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-02-15 14:05 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-02-15 14:05 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-02-15 14:05 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-02-15 14:05 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-02-15 14:05 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-02-15 14:05 - 2015-01-12 02:58 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-02-15 14:05 - 2015-01-12 02:55 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-02-15 14:05 - 2015-01-12 02:51 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-02-15 14:05 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-02-15 14:05 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-02-15 14:05 - 2015-01-12 02:48 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-02-15 14:05 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-02-15 14:05 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2015-02-15 14:05 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-02-15 14:05 - 2015-01-12 02:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-02-15 14:05 - 2015-01-12 02:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-02-15 14:05 - 2015-01-12 02:27 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-02-15 14:05 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-02-15 14:05 - 2015-01-12 02:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-02-15 14:05 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-02-15 14:05 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-02-15 14:05 - 2015-01-12 02:23 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-02-15 14:05 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-02-15 14:05 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-02-15 14:05 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-02-15 14:05 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-02-15 14:05 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-02-15 14:05 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-02-15 14:05 - 2015-01-10 10:10 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-02-15 14:05 - 2015-01-10 10:10 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-02-15 14:05 - 2015-01-10 09:28 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-02-15 14:05 - 2015-01-10 09:22 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-02-15 14:05 - 2015-01-10 08:00 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-02-15 14:05 - 2015-01-10 07:38 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-02-15 14:05 - 2014-12-09 04:45 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll
2015-02-15 14:05 - 2014-12-09 02:56 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2015-02-15 14:05 - 2014-11-17 21:17 - 00273240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2015-02-15 14:05 - 2014-11-15 20:05 - 00801584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2015-02-15 14:05 - 2014-11-15 07:29 - 00962216 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2015-02-15 14:05 - 2014-11-14 15:36 - 00055776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-01-30 11:19 - 2015-02-15 13:55 - 00000000 ____D () C:\WINDOWS\SysWOW64\NV
2015-01-30 11:19 - 2015-02-15 13:55 - 00000000 ____D () C:\WINDOWS\system32\NV
2015-01-30 11:17 - 2015-01-10 00:30 - 06860432 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2015-01-30 11:17 - 2015-01-10 00:30 - 03517256 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2015-01-30 11:17 - 2015-01-10 00:29 - 02558608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2015-01-30 11:17 - 2015-01-10 00:29 - 01097872 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2015-01-30 11:17 - 2015-01-10 00:29 - 00935056 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2015-01-30 11:17 - 2015-01-10 00:29 - 00385352 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2015-01-30 11:17 - 2015-01-10 00:29 - 00075080 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2015-01-30 11:17 - 2015-01-10 00:29 - 00062608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2015-01-30 11:17 - 2015-01-09 20:47 - 04173527 _____ () C:\WINDOWS\system32\nvcoproc.bin
2015-01-26 14:38 - 2015-01-10 09:07 - 32102544 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2015-01-26 14:38 - 2015-01-10 09:07 - 25459856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2015-01-26 14:38 - 2015-01-10 09:07 - 24765584 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2015-01-26 14:38 - 2015-01-10 09:07 - 20465296 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2015-01-26 14:38 - 2015-01-10 09:07 - 18566296 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2015-01-26 14:38 - 2015-01-10 09:07 - 17250776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2015-01-26 14:38 - 2015-01-10 09:07 - 16009120 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2015-01-26 14:38 - 2015-01-10 09:07 - 14115944 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll
2015-01-26 14:38 - 2015-01-10 09:07 - 13295552 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2015-01-26 14:38 - 2015-01-10 09:07 - 13210248 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2015-01-26 14:38 - 2015-01-10 09:07 - 10774544 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2015-01-26 14:38 - 2015-01-10 09:07 - 10714488 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2015-01-26 14:38 - 2015-01-10 09:07 - 10274448 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2015-01-26 14:38 - 2015-01-10 09:07 - 03607184 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2015-01-26 14:38 - 2015-01-10 09:07 - 03298816 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2015-01-26 14:38 - 2015-01-10 09:07 - 03245712 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2015-01-26 14:38 - 2015-01-10 09:07 - 02902456 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2015-01-26 14:38 - 2015-01-10 09:07 - 01895240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6434725.dll
2015-01-26 14:38 - 2015-01-10 09:07 - 01556808 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6434725.dll
2015-01-26 14:38 - 2015-01-10 09:07 - 00994712 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvumdshimx.dll
2015-01-26 14:38 - 2015-01-10 09:07 - 00969360 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2015-01-26 14:38 - 2015-01-10 09:07 - 00942736 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2015-01-26 14:38 - 2015-01-10 09:07 - 00929424 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2015-01-26 14:38 - 2015-01-10 09:07 - 00906384 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2015-01-26 14:38 - 2015-01-10 09:07 - 00877488 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvumdshim.dll
2015-01-26 14:38 - 2015-01-10 09:07 - 00496456 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2015-01-26 14:38 - 2015-01-10 09:07 - 00399688 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2015-01-26 14:38 - 2015-01-10 09:07 - 00390472 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2015-01-26 14:38 - 2015-01-10 09:07 - 00353040 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll
2015-01-26 14:38 - 2015-01-10 09:07 - 00345744 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2015-01-26 14:38 - 2015-01-10 09:07 - 00305320 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll
2015-01-26 14:38 - 2015-01-10 09:07 - 00177624 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll
2015-01-26 14:38 - 2015-01-10 09:07 - 00164568 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll
2015-01-26 14:38 - 2015-01-10 09:07 - 00031376 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvpciflt.sys
2015-01-26 14:38 - 2015-01-10 09:07 - 00027441 _____ () C:\WINDOWS\system32\nvinfo.pb
2015-01-18 10:20 - 2015-01-18 10:24 - 00000650 _____ () C:\WINDOWS\wiso.ini
2015-01-18 10:15 - 2015-01-18 10:15 - 00000000 ____D () C:\Users\Bianca\AppData\Roaming\Buhl Data Service
2015-01-18 10:15 - 2015-01-18 10:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\tax 2015
2015-01-18 10:07 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-01-18 10:07 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-01-18 10:07 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-01-18 10:07 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-01-18 10:07 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-01-18 10:07 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-01-18 10:07 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-01-18 10:07 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-01-18 10:07 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-01-18 10:07 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-01-18 10:07 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-01-18 10:07 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-01-18 10:07 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-01-18 10:07 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-01-18 10:07 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-01-18 10:07 - 2014-10-29 05:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2015-01-18 10:07 - 2014-10-29 05:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2015-01-18 10:07 - 2014-10-29 04:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-01-18 10:07 - 2014-10-29 04:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-01-18 10:07 - 2014-10-29 04:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2015-01-18 10:07 - 2014-10-29 04:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2015-01-18 10:07 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2015-01-18 10:07 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2015-01-18 10:07 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-01-18 10:07 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-01-18 10:07 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2015-01-18 10:07 - 2014-10-29 03:44 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-01-18 10:07 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2015-01-18 10:07 - 2014-10-29 02:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2015-01-18 10:07 - 2014-10-29 02:02 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-01-18 10:07 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll

2015-02-17 09:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-02-17 08:52 - 2014-08-21 09:51 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-02-17 08:44 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-17 08:43 - 2014-05-05 16:56 - 01082246 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-17 08:38 - 2014-06-01 17:25 - 00000000 ____D () C:\Users\Bianca\AppData\Roaming\ClassicShell
2015-02-17 08:18 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-02-17 08:17 - 2014-05-03 06:48 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2634663036-1839342411-3565475702-1002
2015-02-16 17:28 - 2014-03-18 11:03 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-02-16 17:28 - 2014-03-18 10:25 - 00765582 _____ () C:\WINDOWS\system32\perfh007.dat
2015-02-16 17:28 - 2014-03-18 10:25 - 00159366 _____ () C:\WINDOWS\system32\perfc007.dat
2015-02-16 17:16 - 2014-05-12 14:50 - 00000000 ____D () C:\Users\Bianca\AppData\Local\CrashDumps
2015-02-16 08:47 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-02-16 07:46 - 2013-09-30 16:45 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-02-16 07:07 - 2014-06-02 14:48 - 00003328 _____ () C:\WINDOWS\System32\Tasks\PDF Architect 2
2015-02-16 07:01 - 2013-10-25 07:37 - 00000000 ____D () C:\Users\Bianca\AppData\Roaming\TeamViewer
2015-02-16 06:59 - 2014-05-05 17:53 - 00000000 ___DC () C:\WINDOWS\Panther
2015-02-16 06:42 - 2014-05-05 16:55 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2015-02-16 06:42 - 2014-05-05 16:55 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-02-16 06:42 - 2014-05-05 16:55 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2015-02-16 06:42 - 2014-05-05 14:53 - 00000000 ____D () C:\Users\Bianca\AppData\Local\NVIDIA Corporation
2015-02-16 06:42 - 2014-05-05 14:52 - 00000000 ____D () C:\Users\Bianca\AppData\Local\NVIDIA
2015-02-16 06:38 - 2014-05-03 09:17 - 00000000 ____D () C:\Users\Bianca\AppData\Local\Google
2015-02-15 17:42 - 2013-08-22 15:44 - 04956176 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-02-15 17:42 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-02-15 17:14 - 2013-10-08 12:44 - 00000000 ____D () C:\Users\Bianca\Documents\Citavi 4
2015-02-15 16:48 - 2013-04-11 17:26 - 00000000 ____D () C:\Users\Bianca\AppData\Roaming\KeePass
2015-02-15 16:19 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2015-02-15 16:19 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2015-02-15 16:19 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\setup
2015-02-15 16:19 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\setup
2015-02-15 16:19 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-02-15 16:18 - 2014-05-05 07:54 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-02-15 16:14 - 2014-05-05 15:35 - 116773704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-02-15 16:06 - 2014-10-18 07:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-02-15 16:06 - 2014-10-18 07:58 - 00000000 ____D () C:\Program Files (x86)\Java
2015-02-15 16:06 - 2014-09-25 10:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-02-15 16:06 - 2014-05-05 14:40 - 00000000 ____D () C:\ProgramData\Oracle
2015-02-15 16:05 - 2014-10-18 07:58 - 00272296 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2015-02-15 16:05 - 2014-10-18 07:58 - 00176552 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2015-02-15 16:05 - 2014-10-18 07:58 - 00176552 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2015-02-15 16:05 - 2014-10-18 07:58 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-02-15 15:52 - 2014-08-21 09:51 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-02-15 15:40 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-02-03 20:31 - 2013-08-22 16:38 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-02-03 20:31 - 2013-08-22 16:38 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-30 15:19 - 2013-05-12 11:00 - 00000132 _____ () C:\Users\Bianca\AppData\Roaming\Adobe PNG Format CS5 Prefs
2015-01-30 14:07 - 2013-08-08 15:12 - 00001456 _____ () C:\Users\Bianca\AppData\Local\Adobe Für Web speichern 12.0 Prefs
2015-01-30 13:26 - 2014-05-03 09:33 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-30 13:25 - 2014-05-03 09:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-01-30 13:25 - 2014-05-03 09:33 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-01-30 11:18 - 2014-05-05 16:56 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-30 11:17 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\Help
2015-01-18 10:27 - 2014-01-14 08:05 - 00000000 ____D () C:\Users\Bianca\Documents\tax
2015-01-18 10:20 - 2014-05-04 14:41 - 00000000 ____D () C:\Users\Bianca\AppData\Local\Buhl
2015-01-18 10:15 - 2014-05-04 14:22 - 00000000 ____D () C:\Program Files (x86)\Buhl finance

==================== Files in the root of some directories =======

2013-06-10 18:06 - 2013-06-10 18:06 - 0000132 _____ () C:\Users\Bianca\AppData\Roaming\Adobe AIFF Format CS5 Prefs
2013-05-12 11:00 - 2015-01-30 15:19 - 0000132 _____ () C:\Users\Bianca\AppData\Roaming\Adobe PNG Format CS5 Prefs
2014-07-21 17:00 - 2014-07-21 17:02 - 0000096 _____ () C:\Users\Bianca\AppData\Roaming\Camdata.ini
2014-07-21 17:00 - 2014-07-21 17:02 - 0000408 _____ () C:\Users\Bianca\AppData\Roaming\CamLayout.ini
2014-07-21 17:00 - 2014-07-21 17:02 - 0000408 _____ () C:\Users\Bianca\AppData\Roaming\CamShapes.ini
2014-07-21 17:00 - 2014-07-21 17:02 - 0004509 _____ () C:\Users\Bianca\AppData\Roaming\CamStudio.cfg
2014-04-15 17:59 - 2014-04-15 17:59 - 0000268 ___RH () C:\Users\Bianca\AppData\Roaming\Services
2013-12-15 12:46 - 2014-01-17 09:34 - 0000000 _____ () C:\Users\Bianca\AppData\Roaming\Specifications
2014-01-18 20:50 - 2014-02-12 13:21 - 0117381 ____H () C:\Users\Bianca\AppData\Roaming\sync.ffs_db
2013-08-08 15:12 - 2015-01-30 14:07 - 0001456 _____ () C:\Users\Bianca\AppData\Local\Adobe Für Web speichern 12.0 Prefs
2014-11-06 11:31 - 2014-11-06 11:31 - 0000218 _____ () C:\Users\Bianca\AppData\Local\recently-used.xbel
2013-12-25 20:26 - 2013-12-25 20:26 - 0007629 _____ () C:\Users\Bianca\AppData\Local\Resmon.ResmonCfg
2014-01-18 21:30 - 2014-01-18 21:30 - 0296772 ____H () C:\Users\Bianca\AppData\Local\sync.ffs_db
2014-06-02 18:59 - 2014-06-02 18:59 - 0000057 _____ () C:\ProgramData\Ament.ini
2013-09-30 16:59 - 2013-09-30 16:59 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-05-03 08:44 - 2012-10-24 20:44 - 0656048 _____ (WildTangent, Inc.) C:\ProgramData\uninstall2688720.exe

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-02-2015 01
Ran by Bianca (administrator) on ACERNOTEBOOK on 20-02-2015 07:20:02
Running from C:\Users\Bianca\Downloads
Loaded Profiles: Bianca (Available profiles: Bianca)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(AVM GmbH) C:\Program Files (x86)\FRITZ!Powerline\PowerlineService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(CyberGhost S.R.L) C:\Program Files\CyberGhost 5\Service.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet Pro 8620\Bin\ScanToPCActivationApp.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Flexera Software LLC.) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Flexera Software LLC.) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17477_none_fa2b7d3b9b36c7b4\TiWorker.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet Pro 8620\Bin\HPNetworkCommunicatorCom.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13538376 2013-05-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1307720 2013-04-24] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585928 2015-01-16] (NVIDIA Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3016432 2013-03-07] (Synaptics Incorporated)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-09] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707984 2013-10-10] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\isuspm.exe [2068856 2011-10-12] (Flexera Software LLC.)
HKLM-x32\...\Run: [Nuance PDF Reader-reminder] => C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe [333712 2012-10-11] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [402432 2010-07-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126712 2014-12-31] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2109952 2014-10-07] (Dominik Reichl)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [134784 2014-01-24] ( (Atheros Communications))
HKU\S-1-5-21-2634663036-1839342411-3565475702-1002\...\Run: [CyberGhost] => C:\Program Files\CyberGhost 5\CyberGhost.exe [404080 2014-06-12] (CyberGhost S.R.L.)
HKU\S-1-5-21-2634663036-1839342411-3565475702-1002\...\Run: [HP Officejet Pro 8620 (NET)] => C:\Program Files\HP\HP Officejet Pro 8620\Bin\ScanToPCActivationApp.exe [3487240 2014-07-21] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-2634663036-1839342411-3565475702-1002\...\MountPoints2: {25b1ff5a-35b4-11e4-be88-a4db304279f9} - "D:\HiSuiteDownLoader.exe" 
HKU\S-1-5-21-2634663036-1839342411-3565475702-1002\...\MountPoints2: {ec3db3bf-b51a-11e4-bea0-a4db304279f9} - "E:\AutoRun.exe" 
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [177624 2015-01-10] (NVIDIA Corporation)
AppInit_DLLs: ,C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [177624 2015-01-10] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [164568 2015-01-10] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-2634663036-1839342411-3565475702-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer13.msn.com
HKU\S-1-5-21-2634663036-1839342411-3565475702-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2634663036-1839342411-3565475702-1002 -> {7DFA3630-0A26-423A-BB4C-0101F29E4D9B} URL = 
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: No Name -> {609D670F-B735-4da7-AC6D-F3BD358E325E} ->  No File
BHO-x32: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Tcpip\Parameters: [DhcpNameServer]

FF ProfilePath: C:\Users\Bianca\AppData\Roaming\Mozilla\Firefox\Profiles\9lrxnix3.default
FF Homepage: https://startpage.com/deu/?
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.20 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
FF Extension: ColorZilla - C:\Users\Bianca\AppData\Roaming\Mozilla\Firefox\Profiles\9lrxnix3.default\Extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326} [2014-10-24]
FF Extension: Add to Amazon Wish List Button - C:\Users\Bianca\AppData\Roaming\Mozilla\Firefox\Profiles\9lrxnix3.default\Extensions\amznUWL2@amazon.com.xpi [2014-08-03]
FF Extension: LEOs Dictionaries - C:\Users\Bianca\AppData\Roaming\Mozilla\Firefox\Profiles\9lrxnix3.default\Extensions\contextMenuExtension@leo.org.xpi [2014-10-30]
FF Extension: Integrated Google Calendar - C:\Users\Bianca\AppData\Roaming\Mozilla\Firefox\Profiles\9lrxnix3.default\Extensions\intgcal@egarracingteam.com.ar.xpi [2014-08-04]
FF Extension: Vlc Kontextmenü - C:\Users\Bianca\AppData\Roaming\Mozilla\Firefox\Profiles\9lrxnix3.default\Extensions\vlcplaylist@helgatauscher.de.xpi [2014-10-01]
FF Extension: Screengrab  (fix version) - C:\Users\Bianca\AppData\Roaming\Mozilla\Firefox\Profiles\9lrxnix3.default\Extensions\{02450914-cdd9-410f-b1da-db004e18c671}.xpi [2014-09-07]
FF Extension: Leo Search - C:\Users\Bianca\AppData\Roaming\Mozilla\Firefox\Profiles\9lrxnix3.default\Extensions\{c666c018-6409-4479-afa3-68e4129e7eff}.xpi [2014-10-30]
FF Extension: Adblock Plus - C:\Users\Bianca\AppData\Roaming\Mozilla\Firefox\Profiles\9lrxnix3.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-08-04]
FF Extension: DownThemAll! - C:\Users\Bianca\AppData\Roaming\Mozilla\Firefox\Profiles\9lrxnix3.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2014-08-04]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: No Name - C:\Program Files\McAfee\MSK [2013-08-02]

CHR HomePage: Profile 1 -> hxxp://fritz.box/
CHR StartupUrls: Profile 1 -> "hxxp://search.conduit.com/?ctid=CT3319402&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP49211F28-4E79-4E02-ABF6-EFAC322B14C9&SSPV=", "hxxp://www.computerbase.de/forum/showthread.php?t=672421", "hxxp://productforums.google.com/forum/#!topic/chrome-de/-IEipyir7s0", "https://productforums.google.com/forum/?fromgroups=#!topic/chrome-de/-IEipyir7s0", "hxxp://forum.chip.de/router-modem/internetabbrueche-1704573-page2.html", "hxxp://forum.chip.de/dsl-w-lan-lan/w-lan-ominoese-internetabbrueche-trotz-guter-verbindung-1511768.html", "hxxp://www.google.de/"
CHR DefaultSearchKeyword: Profile 1 -> startpage.com_
CHR DefaultSearchURL: Profile 1 -> https://startpage.com/do/search?query={searchTerms}&cat=web&pl=chrome&language=deutsch
CHR DefaultSuggestURL: Profile 1 -> https://startpage.com/cgi-bin/csuggest?output=json&pl=chrome&lang=deutsch&query={searchTerms}
CHR Profile: C:\Users\Bianca\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Bianca\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-08]
CHR Extension: (Google Drive) - C:\Users\Bianca\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-08]
CHR Extension: (YouTube) - C:\Users\Bianca\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-08]
CHR Extension: (Google Search) - C:\Users\Bianca\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-08]
CHR Extension: (Google Wallet) - C:\Users\Bianca\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-08]
CHR Extension: (Gmail) - C:\Users\Bianca\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-08]
CHR Profile: C:\Users\Bianca\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Docs) - C:\Users\Bianca\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-22]
CHR Extension: (Google Drive) - C:\Users\Bianca\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-22]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Bianca\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-29]
CHR Extension: (Global Map) - C:\Users\Bianca\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\biabadelbimllanaekjkipoflfdpihba [2014-06-22]
CHR Extension: (YouTube) - C:\Users\Bianca\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-22]
CHR Extension: (Google Cast) - C:\Users\Bianca\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-06-22]
CHR Extension: (Webpage Screenshot) - C:\Users\Bianca\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ckibcdccnfeookdmbahgiakhnjcddpki [2014-06-22]
CHR Extension: (Google Search) - C:\Users\Bianca\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-22]
CHR Extension: (FullContact (beta)) - C:\Users\Bianca\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ddgjmcgnlpnolanedjohjkfelpmepiob [2014-06-22]
CHR Extension: (Awesome Color Picker) - C:\Users\Bianca\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\flkdgmgdgnpdecpaaoggnbjcdmbnagbj [2014-06-22]
CHR Extension: (HTTPS Everywhere) - C:\Users\Bianca\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2014-06-22]
CHR Extension: (AdBlock) - C:\Users\Bianca\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-06-22]
CHR Extension: (Drive Notepad) - C:\Users\Bianca\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gpgjomejfimnbmobcocilppikhncegaj [2014-06-22]
CHR Extension: (feedly) - C:\Users\Bianca\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hipbfijinpcgfogaopmgehiegacbhmob [2014-06-22]
CHR Extension: (Disconnect Search) - C:\Users\Bianca\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hmobfennjmjnkdbklhcnnfbhfibedgkk [2014-06-22]
CHR Extension: (Google Play Music) - C:\Users\Bianca\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg [2014-06-22]
CHR Extension: (Disconnect) - C:\Users\Bianca\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo [2014-06-22]
CHR Extension: (Evernote Web) - C:\Users\Bianca\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2014-06-22]
CHR Extension: (Google Wallet) - C:\Users\Bianca\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-22]
CHR Extension: (chromeIPass) - C:\Users\Bianca\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ompiailgknfdndiefoaoiligalphfdae [2014-06-22]
CHR Extension: (cronsync) - C:\Users\Bianca\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pbngjmgfclegmldmnjbfbgpphbaakjnk [2014-06-22]
CHR Extension: (Page Monitor) - C:\Users\Bianca\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pemhgklkefakciniebenbfclihhmmfcd [2014-06-22]
CHR Extension: (Gmail) - C:\Users\Bianca\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-22]
CHR HKLM-x32\...\Chrome\Extension: [ohgndokldibnndfnjnagojmheejlengn] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-09] (Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [319104 2014-01-24] (Windows (R) Win 7 DDK provider)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [178424 2014-12-31] (Avira Operations GmbH & Co. KG)
R2 AVMPowerlineService; C:\Program Files (x86)\FRITZ!Powerline\PowerlineService.exe [139264 2014-05-21] (AVM GmbH) [File not signed]
R2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [64624 2014-06-12] (CyberGhost S.R.L)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [660040 2013-01-18] (Acer Incorporated)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-03-20] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-03-20] (Intel Corporation)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [431656 2013-04-26] (Acer Incorporate)
S3 MailbirdUpdater.exe; C:\Program Files (x86)\Mailbird\MailbirdUpdater.exe [327544 2014-12-22] (Mailbird) [File not signed]
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1335344 2014-01-23] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [856112 2014-01-23] (pdfforge GmbH)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3881984 2014-01-06] (Qualcomm Atheros Communications, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-07] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131608 2014-10-07] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG)
S3 BrSerId; C:\Windows\system32\DRIVERS\BrSerId.sys [290816 2012-03-27] (Brother Industries Ltd.) [File not signed]
S3 BrUsbSer; C:\Windows\system32\DRIVERS\BrUsbSer.sys [14720 2011-07-18] (Brother Industries Ltd.) [File not signed]
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-01-24] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-01-10] (Acer Incorporated)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-12-19] (Intel Corporation)
S3 QRDCIO; C:\Windows\System32\drivers\QRDCIO.sys [9728 2009-10-20] (QUANTA)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [15704 2013-01-10] (Acer Incorporated)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [455240 2013-03-05] (RTS Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31984 2013-03-07] (Synaptics Incorporated)
S3 vpnva; C:\Windows\system32\DRIVERS\vpnva64-6.sys [52080 2013-10-10] (Cisco Systems, Inc.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S3 WUDFWpdComp; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)
S4 nvvad_WaveExtensible; \SystemRoot\system32\drivers\nvvad64v.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-20 07:19 - 2015-02-20 07:19 - 00000000 ____D () C:\Users\Bianca\Downloads\FRST-OlderVersion
2015-02-18 12:59 - 2015-02-18 12:59 - 00852594 _____ () C:\Users\Bianca\Downloads\SecurityCheck.exe
2015-02-18 12:45 - 2015-02-18 12:45 - 00000229 _____ () C:\Users\Bianca\Desktop\eset1.txt
2015-02-18 07:42 - 2015-02-18 07:42 - 02347384 _____ (ESET) C:\Users\Bianca\Downloads\esetsmartinstaller_deu.exe
2015-02-17 14:03 - 2015-02-17 14:03 - 00017679 _____ () C:\Users\Bianca\Downloads\contacts.vcf
2015-02-17 13:35 - 2015-02-18 15:34 - 00000000 ____D () C:\Users\Bianca\AppData\Local\Mailbird
2015-02-17 13:35 - 2015-02-17 13:35 - 00001012 _____ () C:\Users\Public\Desktop\Mailbird.lnk
2015-02-17 13:35 - 2015-02-17 13:35 - 00000000 ____D () C:\ProgramData\Mailbird
2015-02-17 13:34 - 2015-02-17 13:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mailbird
2015-02-17 13:34 - 2015-02-17 13:34 - 00000000 ____D () C:\Program Files (x86)\Mailbird
2015-02-17 13:32 - 2015-02-17 13:32 - 01523712 _____ (Mailbird) C:\Users\Bianca\Downloads\MailbirdInstaller.exe
2015-02-17 13:06 - 2015-02-17 13:10 - 00000000 ____D () C:\Users\Bianca\AppData\Roaming\eM Client
2015-02-17 13:00 - 2015-02-17 13:00 - 15237120 _____ () C:\Users\Bianca\Downloads\setup.msi
2015-02-17 08:49 - 2015-02-17 08:49 - 01388274 _____ (Thisisu) C:\Users\Bianca\Downloads\JRT.exe
2015-02-16 15:38 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-02-16 15:38 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-02-16 09:12 - 2015-02-16 09:12 - 00026235 _____ () C:\Users\Bianca\Downloads\Addition.txt
2015-02-16 09:11 - 2015-02-20 07:20 - 00025067 _____ () C:\Users\Bianca\Downloads\FRST.txt
2015-02-16 09:11 - 2015-02-20 07:20 - 00000000 ____D () C:\FRST
2015-02-16 09:10 - 2015-02-20 07:19 - 02086912 _____ (Farbar) C:\Users\Bianca\Downloads\FRST64.exe
2015-02-16 08:29 - 2015-02-16 08:29 - 00276372 _____ () C:\Users\Bianca\Downloads\ASK_Remover.zip
2015-02-16 08:29 - 2015-02-16 08:29 - 00000000 ____D () C:\Users\Bianca\Downloads\ASK_Remover
2015-02-16 08:25 - 2015-02-20 07:19 - 00007134 _____ () C:\WINDOWS\setupact.log
2015-02-16 08:25 - 2015-02-18 13:04 - 00005764 _____ () C:\WINDOWS\PFRO.log
2015-02-16 08:25 - 2015-02-16 08:25 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-02-16 08:18 - 2015-02-17 08:43 - 00000000 ____D () C:\AdwCleaner
2015-02-16 08:18 - 2015-02-16 08:18 - 02112512 _____ () C:\Users\Bianca\Downloads\adwcleaner_4.110.exe
2015-02-16 07:49 - 2015-02-17 08:06 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-02-16 07:49 - 2015-02-16 07:49 - 00001122 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-02-16 07:49 - 2015-02-16 07:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-02-16 07:49 - 2015-02-16 07:49 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-16 07:49 - 2015-02-16 07:49 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-02-16 07:49 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-02-16 07:49 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-02-16 07:49 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-02-16 07:46 - 2015-02-16 07:47 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Bianca\Downloads\mbam-setup-
2015-02-16 07:45 - 2015-02-16 07:45 - 00001288 _____ () C:\Users\Bianca\Desktop\Revo Uninstaller.lnk
2015-02-16 07:45 - 2015-02-16 07:45 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-02-16 07:44 - 2015-02-16 07:44 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Bianca\Downloads\revosetup95.exe
2015-02-16 07:20 - 2015-02-19 08:03 - 00000000 ____D () C:\Users\Bianca\Documents\Anki
2015-02-16 07:20 - 2015-02-16 07:20 - 00000770 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anki.lnk
2015-02-16 07:20 - 2015-02-16 07:20 - 00000758 _____ () C:\Users\Bianca\Desktop\Anki.lnk
2015-02-16 07:20 - 2015-02-16 07:20 - 00000000 ____D () C:\Program Files (x86)\Anki
2015-02-16 07:19 - 2015-02-16 07:20 - 23232740 _____ () C:\Users\Bianca\Downloads\anki-2.0.31.exe
2015-02-16 06:53 - 2015-02-16 06:53 - 00002774 _____ () C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2015-02-16 06:53 - 2015-02-16 06:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-02-16 06:53 - 2015-02-16 06:53 - 00000000 ____D () C:\Program Files\CCleaner
2015-02-16 06:52 - 2015-02-16 06:52 - 05325208 _____ (Piriform Ltd) C:\Users\Bianca\Downloads\ccsetup502.exe
2015-02-16 06:47 - 2015-02-16 06:47 - 00000000 ____D () C:\Users\Bianca\AppData\Local\Chromium
2015-02-16 06:46 - 2015-02-16 06:46 - 41162752 _____ (The Chromium Authors) C:\Users\Bianca\Downloads\chromium_setup.exe
2015-02-15 17:37 - 2015-02-15 17:37 - 00001187 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zotero Standalone.lnk
2015-02-15 17:37 - 2015-02-15 17:37 - 00001175 _____ () C:\Users\Public\Desktop\Zotero Standalone.lnk
2015-02-15 17:37 - 2015-02-15 17:37 - 00000000 ____D () C:\Users\Bianca\AppData\Roaming\Zotero
2015-02-15 17:37 - 2015-02-15 17:37 - 00000000 ____D () C:\Users\Bianca\AppData\Local\Zotero
2015-02-15 17:37 - 2015-02-15 17:37 - 00000000 ____D () C:\Program Files (x86)\Zotero Standalone
2015-02-15 17:24 - 2015-02-15 17:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.3
2015-02-15 17:23 - 2015-02-15 17:24 - 00000000 ____D () C:\Program Files (x86)\LibreOffice 4
2015-02-15 17:19 - 2015-02-15 17:32 - 34662667 _____ () C:\Users\Bianca\Downloads\torbrowser-install-4.0.3_de.exe
2015-02-15 17:18 - 2015-02-15 17:20 - 225890304 _____ () C:\Users\Bianca\Downloads\LibreOffice_4.3.5_Win_x86.msi
2015-02-15 16:41 - 2015-02-15 16:41 - 00001137 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePass 2.lnk
2015-02-15 16:41 - 2015-02-15 16:41 - 00001125 _____ () C:\Users\Bianca\Desktop\KeePass 2.lnk
2015-02-15 16:41 - 2015-02-15 16:41 - 00000000 ____D () C:\Program Files (x86)\KeePass Password Safe 2
2015-02-15 16:13 - 2014-04-14 04:29 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2015-02-15 16:09 - 2014-04-16 00:35 - 00028352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll
2015-02-15 16:09 - 2014-04-16 00:34 - 00029888 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
2015-02-15 14:47 - 2015-02-15 16:44 - 00017278 _____ () C:\Users\Bianca\Documents\KeePassDatenbank_20141031.kdbx
2015-02-15 14:33 - 2015-02-15 14:39 - 00000000 ____D () C:\BIANCABENDER
2015-02-15 14:06 - 2015-01-15 23:43 - 00563504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-02-15 14:06 - 2015-01-15 23:43 - 00177984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-02-15 14:06 - 2015-01-14 05:22 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-02-15 14:06 - 2015-01-14 04:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-02-15 14:06 - 2014-11-17 21:17 - 00672984 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2015-02-15 14:06 - 2014-11-14 07:46 - 02171904 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll
2015-02-15 14:06 - 2014-11-14 07:46 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2015-02-15 14:06 - 2014-11-14 07:39 - 02819584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2015-02-15 14:06 - 2014-11-14 05:53 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2015-02-15 14:06 - 2014-10-29 03:51 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll
2015-02-15 14:06 - 2014-10-29 03:50 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2015-02-15 14:06 - 2014-10-29 03:06 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2015-02-15 14:06 - 2014-10-29 03:06 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll
2015-02-15 14:06 - 2014-10-29 02:31 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-02-15 14:06 - 2014-04-08 23:46 - 00086688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mrt_map.dll
2015-02-15 14:06 - 2014-04-08 23:46 - 00028320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mrt100.dll
2015-02-15 14:06 - 2014-04-08 19:54 - 00080032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mrt_map.dll
2015-02-15 14:06 - 2014-04-08 19:54 - 00026784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mrt100.dll
2015-02-15 14:05 - 2015-01-13 23:11 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-02-15 14:05 - 2015-01-13 23:04 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-02-15 14:05 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-02-15 14:05 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-02-15 14:05 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-02-15 14:05 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-02-15 14:05 - 2015-01-12 03:34 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-02-15 14:05 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-02-15 14:05 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-02-15 14:05 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-02-15 14:05 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-02-15 14:05 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-02-15 14:05 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-02-15 14:05 - 2015-01-12 02:58 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-02-15 14:05 - 2015-01-12 02:55 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-02-15 14:05 - 2015-01-12 02:51 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-02-15 14:05 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-02-15 14:05 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-02-15 14:05 - 2015-01-12 02:48 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-02-15 14:05 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-02-15 14:05 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2015-02-15 14:05 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-02-15 14:05 - 2015-01-12 02:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-02-15 14:05 - 2015-01-12 02:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-02-15 14:05 - 2015-01-12 02:27 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-02-15 14:05 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-02-15 14:05 - 2015-01-12 02:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-02-15 14:05 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-02-15 14:05 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-02-15 14:05 - 2015-01-12 02:23 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-02-15 14:05 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-02-15 14:05 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-02-15 14:05 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-02-15 14:05 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-02-15 14:05 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-02-15 14:05 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-02-15 14:05 - 2015-01-10 10:10 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-02-15 14:05 - 2015-01-10 10:10 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-02-15 14:05 - 2015-01-10 09:28 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-02-15 14:05 - 2015-01-10 09:22 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-02-15 14:05 - 2015-01-10 08:00 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-02-15 14:05 - 2015-01-10 07:38 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-02-15 14:05 - 2014-12-09 04:45 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll
2015-02-15 14:05 - 2014-12-09 02:56 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2015-02-15 14:05 - 2014-11-17 21:17 - 00273240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2015-02-15 14:05 - 2014-11-15 20:05 - 00801584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2015-02-15 14:05 - 2014-11-15 07:29 - 00962216 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2015-02-15 14:05 - 2014-11-14 15:36 - 00055776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-02-15 14:05 - 2014-11-14 08:10 - 03558400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-02-15 14:05 - 2014-11-14 07:58 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsDatabase.dll
2015-02-15 14:05 - 2014-11-14 07:58 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-02-15 14:05 - 2014-11-14 07:57 - 01027584 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-02-15 14:05 - 2014-11-14 07:57 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-02-15 14:05 - 2014-11-14 07:54 - 00463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2015-02-15 14:05 - 2014-11-14 07:54 - 00407552 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-02-15 14:05 - 2014-11-14 07:54 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-02-15 14:05 - 2014-11-14 07:53 - 00894976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-02-15 14:05 - 2014-11-14 07:52 - 01714176 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-02-15 14:05 - 2014-11-14 06:04 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-02-15 14:05 - 2014-11-14 06:03 - 00885760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-02-15 14:05 - 2014-11-14 06:03 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-02-15 14:05 - 2014-11-14 06:01 - 00723968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-02-15 14:05 - 2014-11-14 06:01 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-02-15 14:05 - 2014-11-11 01:39 - 22290560 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-02-15 14:05 - 2014-11-11 01:17 - 19731824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-02-15 14:05 - 2014-11-10 19:06 - 02485056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2015-02-15 14:05 - 2014-11-10 19:06 - 00473408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2015-02-15 14:05 - 2014-11-10 19:06 - 00428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2015-02-15 14:05 - 2014-11-10 19:06 - 00136512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2015-02-15 14:05 - 2014-11-10 03:57 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\agilevpn.sys
2015-02-15 14:05 - 2014-11-10 02:37 - 00845312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2015-02-15 14:05 - 2014-11-10 02:34 - 01084416 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2015-02-15 14:05 - 2014-11-10 02:26 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2015-02-15 14:05 - 2014-11-10 02:20 - 00420864 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2015-02-15 14:05 - 2014-11-10 02:09 - 00272384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2015-02-15 14:05 - 2014-11-10 02:08 - 00702464 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2015-02-15 14:05 - 2014-11-10 02:06 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2015-02-15 14:05 - 2014-11-10 01:57 - 00624640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2015-02-15 14:05 - 2014-11-10 01:57 - 00561664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2015-02-15 14:05 - 2014-11-08 11:42 - 01390928 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2015-02-15 14:05 - 2014-11-08 11:23 - 01127976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2015-02-15 14:05 - 2014-11-08 05:00 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndproxy.sys
2015-02-15 14:05 - 2014-11-08 05:00 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndistapi.sys
2015-02-15 14:05 - 2014-11-08 04:58 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasl2tp.sys
2015-02-15 14:05 - 2014-11-08 04:58 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
2015-02-15 14:05 - 2014-11-08 04:56 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\kmddsp.tsp
2015-02-15 14:05 - 2014-11-08 04:56 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmxs.dll
2015-02-15 14:05 - 2014-11-08 04:56 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasser.dll
2015-02-15 14:05 - 2014-11-08 04:24 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdiag.dll
2015-02-15 14:05 - 2014-11-08 04:13 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kmddsp.tsp
2015-02-15 14:05 - 2014-11-08 04:13 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasmxs.dll
2015-02-15 14:05 - 2014-11-08 04:13 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasser.dll
2015-02-15 14:05 - 2014-11-08 03:48 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdiag.dll
2015-02-15 14:05 - 2014-11-08 03:38 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2015-02-15 14:05 - 2014-11-08 03:17 - 00143360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2015-02-15 14:05 - 2014-11-08 03:09 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascfg.dll
2015-02-15 14:05 - 2014-11-08 03:03 - 00733696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2015-02-15 14:05 - 2014-11-08 02:59 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rascfg.dll
2015-02-15 14:05 - 2014-11-08 02:58 - 04837376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2015-02-15 14:05 - 2014-11-08 02:49 - 01154048 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2015-02-15 14:05 - 2014-11-07 04:58 - 00952896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2015-02-15 14:05 - 2014-11-07 04:20 - 00786120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2015-02-15 14:05 - 2014-11-05 03:12 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\QSHVHOST.DLL
2015-02-15 14:05 - 2014-11-05 03:12 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\QSVRMGMT.DLL
2015-02-15 14:05 - 2014-11-05 03:06 - 00514048 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2015-02-15 14:05 - 2014-11-05 02:44 - 00657920 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2015-02-15 14:05 - 2014-11-05 02:43 - 00252416 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2015-02-15 14:05 - 2014-11-05 02:41 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
2015-02-15 14:05 - 2014-11-05 02:39 - 00155648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\QSHVHOST.DLL
2015-02-15 14:05 - 2014-11-05 02:39 - 00094208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\QSVRMGMT.DLL
2015-02-15 14:05 - 2014-11-05 02:33 - 00465408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2015-02-15 14:05 - 2014-11-05 02:21 - 00658432 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDApi.dll
2015-02-15 14:05 - 2014-11-05 02:20 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2015-02-15 14:05 - 2014-11-05 02:18 - 00507392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll
2015-02-15 14:05 - 2014-11-05 02:14 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDMon.dll
2015-02-15 14:05 - 2014-11-05 02:06 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSDApi.dll
2015-02-15 14:05 - 2014-11-04 20:33 - 00058176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2015-02-15 14:05 - 2014-11-04 20:25 - 00059712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdclass.sys
2015-02-15 14:05 - 2014-11-04 20:25 - 00051008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouclass.sys
2015-02-15 14:05 - 2014-11-04 07:55 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sermouse.sys
2015-02-15 14:05 - 2014-11-04 07:54 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\i8042prt.sys
2015-02-15 14:05 - 2014-11-04 07:54 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdhid.sys
2015-02-15 14:05 - 2014-11-04 07:54 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouhid.sys
2015-02-15 14:05 - 2014-11-04 07:27 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\splwow64.exe
2015-02-15 14:05 - 2014-11-04 06:01 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2015-02-15 14:05 - 2014-10-31 01:51 - 18823168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-02-15 14:05 - 2014-10-31 01:10 - 15158784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-02-15 14:05 - 2014-10-31 00:39 - 01970432 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2015-02-15 14:05 - 2014-10-31 00:38 - 01612992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2015-02-15 14:05 - 2014-10-29 04:05 - 00551232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2015-02-15 14:05 - 2014-10-29 03:02 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-02-15 14:05 - 2014-10-29 03:02 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-02-15 14:05 - 2014-10-29 02:57 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
2015-02-15 14:05 - 2014-10-29 02:55 - 00242176 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2015-02-15 14:05 - 2014-10-29 02:15 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2015-02-15 14:05 - 2014-10-29 02:15 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll
2015-02-15 14:05 - 2014-10-29 02:14 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe
2015-02-15 14:05 - 2014-10-29 02:13 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
2015-02-15 14:05 - 2014-10-29 02:13 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe
2015-02-15 14:05 - 2014-10-29 02:13 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe
2015-02-15 14:05 - 2014-10-26 23:10 - 00390841 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-02-15 14:05 - 2014-10-21 02:59 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\eventcls.dll
2015-02-15 14:05 - 2014-10-21 02:19 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eventcls.dll
2015-02-15 14:05 - 2014-10-21 01:50 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\vsstrace.dll
2015-02-15 14:05 - 2014-10-21 01:31 - 01574400 _____ (Microsoft Corporation) C:\WINDOWS\system32\vssapi.dll
2015-02-15 14:05 - 2014-10-21 01:31 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vsstrace.dll
2015-02-15 14:05 - 2014-10-21 01:30 - 01454080 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe
2015-02-15 14:05 - 2014-10-21 01:20 - 01142272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vssapi.dll
2015-02-15 14:05 - 2014-10-18 09:09 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2015-02-15 14:05 - 2014-10-18 09:09 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-02-15 14:05 - 2014-10-18 08:25 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2015-02-15 14:05 - 2014-10-18 07:50 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaext.dll
2015-02-15 14:05 - 2014-10-17 05:56 - 00238912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2015-02-15 14:05 - 2014-10-17 05:56 - 00153920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2015-02-15 14:05 - 2014-10-17 05:56 - 00039744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2015-02-15 14:05 - 2014-10-17 04:35 - 00086336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2015-01-30 11:19 - 2015-02-15 13:55 - 00000000 ____D () C:\WINDOWS\SysWOW64\NV
2015-01-30 11:19 - 2015-02-15 13:55 - 00000000 ____D () C:\WINDOWS\system32\NV
2015-01-30 11:17 - 2015-01-10 00:30 - 06860432 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2015-01-30 11:17 - 2015-01-10 00:30 - 03517256 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2015-01-30 11:17 - 2015-01-10 00:29 - 02558608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2015-01-30 11:17 - 2015-01-10 00:29 - 01097872 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2015-01-30 11:17 - 2015-01-10 00:29 - 00935056 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2015-01-30 11:17 - 2015-01-10 00:29 - 00385352 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2015-01-30 11:17 - 2015-01-10 00:29 - 00075080 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2015-01-30 11:17 - 2015-01-10 00:29 - 00062608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2015-01-30 11:17 - 2015-01-09 20:47 - 04173527 _____ () C:\WINDOWS\system32\nvcoproc.bin
2015-01-26 14:38 - 2015-01-10 09:07 - 32102544 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2015-01-26 14:38 - 2015-01-10 09:07 - 25459856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2015-01-26 14:38 - 2015-01-10 09:07 - 24765584 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2015-01-26 14:38 - 2015-01-10 09:07 - 20465296 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2015-01-26 14:38 - 2015-01-10 09:07 - 18566296 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2015-01-26 14:38 - 2015-01-10 09:07 - 17250776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2015-01-26 14:38 - 2015-01-10 09:07 - 16009120 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2015-01-26 14:38 - 2015-01-10 09:07 - 14115944 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll
2015-01-26 14:38 - 2015-01-10 09:07 - 13295552 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2015-01-26 14:38 - 2015-01-10 09:07 - 13210248 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2015-01-26 14:38 - 2015-01-10 09:07 - 10774544 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2015-01-26 14:38 - 2015-01-10 09:07 - 10714488 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2015-01-26 14:38 - 2015-01-10 09:07 - 10274448 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2015-01-26 14:38 - 2015-01-10 09:07 - 03607184 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2015-01-26 14:38 - 2015-01-10 09:07 - 03298816 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2015-01-26 14:38 - 2015-01-10 09:07 - 03245712 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2015-01-26 14:38 - 2015-01-10 09:07 - 02902456 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2015-01-26 14:38 - 2015-01-10 09:07 - 01895240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6434725.dll
2015-01-26 14:38 - 2015-01-10 09:07 - 01556808 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6434725.dll
2015-01-26 14:38 - 2015-01-10 09:07 - 00994712 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvumdshimx.dll
2015-01-26 14:38 - 2015-01-10 09:07 - 00969360 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2015-01-26 14:38 - 2015-01-10 09:07 - 00942736 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2015-01-26 14:38 - 2015-01-10 09:07 - 00929424 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2015-01-26 14:38 - 2015-01-10 09:07 - 00906384 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2015-01-26 14:38 - 2015-01-10 09:07 - 00877488 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvumdshim.dll
2015-01-26 14:38 - 2015-01-10 09:07 - 00496456 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2015-01-26 14:38 - 2015-01-10 09:07 - 00399688 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2015-01-26 14:38 - 2015-01-10 09:07 - 00390472 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2015-01-26 14:38 - 2015-01-10 09:07 - 00353040 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll
2015-01-26 14:38 - 2015-01-10 09:07 - 00345744 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2015-01-26 14:38 - 2015-01-10 09:07 - 00305320 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll
2015-01-26 14:38 - 2015-01-10 09:07 - 00177624 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll
2015-01-26 14:38 - 2015-01-10 09:07 - 00164568 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll
2015-01-26 14:38 - 2015-01-10 09:07 - 00031376 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvpciflt.sys
2015-01-26 14:38 - 2015-01-10 09:07 - 00027441 _____ () C:\WINDOWS\system32\nvinfo.pb

2015-02-20 07:19 - 2014-06-01 17:25 - 00000000 ____D () C:\Users\Bianca\AppData\Roaming\ClassicShell
2015-02-20 07:17 - 2014-05-05 16:56 - 01283642 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-20 07:16 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-02-19 07:52 - 2014-08-21 09:51 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-02-18 13:05 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-18 08:52 - 2014-05-03 06:48 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2634663036-1839342411-3565475702-1002
2015-02-18 08:08 - 2014-03-18 11:03 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-02-18 08:08 - 2014-03-18 10:25 - 00765582 _____ () C:\WINDOWS\system32\perfh007.dat
2015-02-18 08:08 - 2014-03-18 10:25 - 00159366 _____ () C:\WINDOWS\system32\perfc007.dat
2015-02-17 08:22 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-02-16 17:16 - 2014-05-12 14:50 - 00000000 ____D () C:\Users\Bianca\AppData\Local\CrashDumps
2015-02-16 08:47 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-02-16 07:46 - 2013-09-30 16:45 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-02-16 07:07 - 2014-06-02 14:48 - 00003328 _____ () C:\WINDOWS\System32\Tasks\PDF Architect 2
2015-02-16 07:01 - 2013-10-25 07:37 - 00000000 ____D () C:\Users\Bianca\AppData\Roaming\TeamViewer
2015-02-16 06:59 - 2014-05-05 17:53 - 00000000 ___DC () C:\WINDOWS\Panther
2015-02-16 06:42 - 2014-05-05 16:55 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2015-02-16 06:42 - 2014-05-05 16:55 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-02-16 06:42 - 2014-05-05 16:55 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2015-02-16 06:42 - 2014-05-05 14:53 - 00000000 ____D () C:\Users\Bianca\AppData\Local\NVIDIA Corporation
2015-02-16 06:42 - 2014-05-05 14:52 - 00000000 ____D () C:\Users\Bianca\AppData\Local\NVIDIA
2015-02-16 06:38 - 2014-05-03 09:17 - 00000000 ____D () C:\Users\Bianca\AppData\Local\Google
2015-02-15 17:42 - 2013-08-22 15:44 - 04956176 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-02-15 17:42 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-02-15 17:14 - 2013-10-08 12:44 - 00000000 ____D () C:\Users\Bianca\Documents\Citavi 4
2015-02-15 16:48 - 2013-04-11 17:26 - 00000000 ____D () C:\Users\Bianca\AppData\Roaming\KeePass
2015-02-15 16:19 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2015-02-15 16:19 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2015-02-15 16:19 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\setup
2015-02-15 16:19 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\setup
2015-02-15 16:19 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-02-15 16:18 - 2014-05-05 07:54 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-02-15 16:14 - 2014-05-05 15:35 - 116773704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-02-15 16:06 - 2014-10-18 07:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-02-15 16:06 - 2014-10-18 07:58 - 00000000 ____D () C:\Program Files (x86)\Java
2015-02-15 16:06 - 2014-09-25 10:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-02-15 16:06 - 2014-05-05 14:40 - 00000000 ____D () C:\ProgramData\Oracle
2015-02-15 16:05 - 2014-10-18 07:58 - 00272296 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2015-02-15 16:05 - 2014-10-18 07:58 - 00176552 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2015-02-15 16:05 - 2014-10-18 07:58 - 00176552 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2015-02-15 16:05 - 2014-10-18 07:58 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-02-15 15:52 - 2014-08-21 09:51 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-02-15 15:40 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-02-03 20:31 - 2013-08-22 16:38 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-02-03 20:31 - 2013-08-22 16:38 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-30 15:19 - 2013-05-12 11:00 - 00000132 _____ () C:\Users\Bianca\AppData\Roaming\Adobe PNG Format CS5 Prefs
2015-01-30 14:07 - 2013-08-08 15:12 - 00001456 _____ () C:\Users\Bianca\AppData\Local\Adobe Für Web speichern 12.0 Prefs
2015-01-30 13:26 - 2014-05-03 09:33 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-30 13:25 - 2014-05-03 09:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-01-30 13:25 - 2014-05-03 09:33 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-01-30 11:18 - 2014-05-05 16:56 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-30 11:17 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\Help

==================== Files in the root of some directories =======

2013-06-10 18:06 - 2013-06-10 18:06 - 0000132 _____ () C:\Users\Bianca\AppData\Roaming\Adobe AIFF Format CS5 Prefs
2013-05-12 11:00 - 2015-01-30 15:19 - 0000132 _____ () C:\Users\Bianca\AppData\Roaming\Adobe PNG Format CS5 Prefs
2014-07-21 17:00 - 2014-07-21 17:02 - 0000096 _____ () C:\Users\Bianca\AppData\Roaming\Camdata.ini
2014-07-21 17:00 - 2014-07-21 17:02 - 0000408 _____ () C:\Users\Bianca\AppData\Roaming\CamLayout.ini
2014-07-21 17:00 - 2014-07-21 17:02 - 0000408 _____ () C:\Users\Bianca\AppData\Roaming\CamShapes.ini
2014-07-21 17:00 - 2014-07-21 17:02 - 0004509 _____ () C:\Users\Bianca\AppData\Roaming\CamStudio.cfg
2014-04-15 17:59 - 2014-04-15 17:59 - 0000268 ___RH () C:\Users\Bianca\AppData\Roaming\Services
2013-12-15 12:46 - 2014-01-17 09:34 - 0000000 _____ () C:\Users\Bianca\AppData\Roaming\Specifications
2014-01-18 20:50 - 2014-02-12 13:21 - 0117381 ____H () C:\Users\Bianca\AppData\Roaming\sync.ffs_db
2013-08-08 15:12 - 2015-01-30 14:07 - 0001456 _____ () C:\Users\Bianca\AppData\Local\Adobe Für Web speichern 12.0 Prefs
2014-11-06 11:31 - 2014-11-06 11:31 - 0000218 _____ () C:\Users\Bianca\AppData\Local\recently-used.xbel
2013-12-25 20:26 - 2013-12-25 20:26 - 0007629 _____ () C:\Users\Bianca\AppData\Local\Resmon.ResmonCfg
2014-01-18 21:30 - 2014-01-18 21:30 - 0296772 ____H () C:\Users\Bianca\AppData\Local\sync.ffs_db
2014-06-02 18:59 - 2014-06-02 18:59 - 0000057 _____ () C:\ProgramData\Ament.ini
2013-09-30 16:59 - 2013-09-30 16:59 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-05-03 08:44 - 2012-10-24 20:44 - 0656048 _____ (WildTangent, Inc.) C:\ProgramData\uninstall2688720.exe

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-02-16 08:23

==================== End Of Log ============================
--- --- ---

--- --- ---

Hier auch nochmal die Addition.txt, falls Du die auch benötigst:FRST Additions Logfile:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-02-2015 01
Ran by Bianca at 2015-02-20 07:22:59
Running from C:\Users\Bianca\Downloads
Boot Mode: Normal

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 clear.fi SDK - Video 2 (x32 Version: 2.1.2606 - CyberLink Corp.) Hidden
 clear.fi SDK- Movie 2 (x32 Version: 2.1.2606 - CyberLink Corp.) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: - Igor Pavlov)
Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.3004 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3012 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3016 - Acer Incorporated)
Acer USB Charge Manager (HKLM\...\{07E867C5-0C48-40FF-A013-DDAF4565AD47}) (Version: 2.00.3004 - Acer Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: - Adobe Systems Inc.)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: - Adobe Systems Incorporated)
Adobe Digital Editions 4.0 (HKLM-x32\...\Adobe Digital Editions 4.0) (Version: 4.0 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Photoshop CS5 (HKLM-x32\...\{15FEDA5F-141C-4127-8D7E-B962D1742728}) (Version: 12.0 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5.5 64-bit (HKLM\...\{19BBD0F3-7A31-480D-8A23-19AE28035E9C}) (Version: 5.5.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Anki (HKLM-x32\...\Anki) (Version:  - )
Avira (HKLM-x32\...\{2c18809c-4097-4b51-a4d0-3deade730ef3}) (Version: - Avira Operations & Co. KG)
Avira (x32 Version: - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: - Avira)
BeCyPDFMetaEdit (HKLM-x32\...\BeCyPDFMetaEdit) (Version: 2.37.0 - Benjamin Bentmann)
calibre 64bit (HKLM\...\{7A073C16-B3B5-4913-8457-262B6E17947A}) (Version: 2.5.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.04072 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.04072 - Cisco Systems, Inc.) Hidden
Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)
CyberGhost 5 (HKLM\...\CyberGhost 5_is1) (Version:  - CyberGhost S.R.L.)
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
EPUB Metadata Editor 1.3.13 (HKLM-x32\...\{C093DB2B-F7B8-4E5A-8E98-626F5486A44B}_is1) (Version:  - Ben Chenoweth)
FileZilla Client (HKLM-x32\...\FileZilla Client) (Version: - Tim Kosse)
FRITZ!Powerline (HKLM-x32\...\{F9C9378B-78D5-4CC0-8683-B7915DFEA9C5}) (Version: 01.00.65 - AVM Berlin)
GrampsAIO64 (HKLM-x32\...\GrampsAIO64) (Version: 3.4.8-1 - The GRAMPS project)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: - Hewlett-Packard)
HP Officejet Pro 8620 - Grundlegende Software für das Gerät (HKLM\...\{F6CE08BC-6929-412E-BB42-A9A7CD9721D7}) (Version: - Hewlett-Packard Co.)
HP Officejet Pro 8620 Hilfe (HKLM-x32\...\{F8E43C63-DFF2-4134-A46C-2A6F00517A35}) (Version: 32.0.0 - Hewlett Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: - HP)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: - Intel Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
KeePass Password Safe 2.28 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.28 - Dominik Reichl)
LibreOffice (HKLM-x32\...\{1D4E90DA-C33C-40ED-BA00-75F6E6DF9CB0}) (Version: - The Document Foundation)
Mailbird (HKLM-x32\...\{1B1A925A-7C06-4158-9BEF-E5568FB38276}) (Version: 1.8.12 - Mailbird)
Malwarebytes Anti-Malware Version (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: - Malwarebytes Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Nuance PDF Reader (HKLM-x32\...\{0017FFDB-F7F3-4058-BCDF-D9204CFBDCB2}) (Version: 8.10.1302 - Nuance Communications, Inc.)
NVIDIA Grafiktreiber 347.25 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.25 - NVIDIA Corporation)
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.02.2008 - Acer)
PDF Architect (HKLM-x32\...\{86D8A96B-1911-4C3F-AA16-0B47E053E492}) (Version: - pdfforge GmbH)
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.25 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.14.327.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C9661090-C134-46E8-90B2-76D72355C2A6}) (Version: 6.2.9200.21222 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: - Synaptics Incorporated)
System Requirements Lab for Intel (HKLM-x32\...\{1EBDF6D2-CEA0-484C-A23E-2DDAD7FD0DD0}) (Version: - Husdawg, LLC)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
tax 2015 (HKLM-x32\...\{4CF96070-DEE5-43B5-B6A7-23AC07BC0C77}) (Version: 22.00.8811 - Buhl Data Service GmbH)
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Zotero Standalone 4.0.26 (x86 en-US) (HKLM-x32\...\Zotero Standalone 4.0.26 (x86 en-US)) (Version: 4.0.26 - Zotero)

==================== Restore Points  =========================

30-01-2015 11:37:08 Windows Update
15-02-2015 15:36:09 Windows Update
17-02-2015 13:04:43 Installed eM Client

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2014-05-12 10:31 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0AAB60BF-8680-44ED-867E-E32A8CD50DDB} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-15] (Adobe Systems Incorporated)
Task: {1B00C651-4115-43EF-A261-E008980E1879} - System32\Tasks\Dolby Selector => C:\Dolby PCEE4\pcee4.exe [2012-08-31] (Dolby Laboratories Inc.)
Task: {203873C3-FED9-4778-97A6-BF40712DEAF3} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2013-01-18] (Acer Incorporated)
Task: {29913F00-F2B1-40BA-80CC-C71C05F28768} - System32\Tasks\HP AR Program Upload - c8db0aff26e344ba81f3361d29cba7e54e6eb4298a8a4e5c8c669fb03d1db3b0 => C:\Program Files\HP\HP Officejet Pro 8620\bin\HPRewards.exe [2014-07-21] (TODO: <Company name>)
Task: {30E8D849-4E3B-4ABC-A4AB-C9EA0A872636} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-02-15] (Microsoft Corporation)
Task: {406E0C8E-9E66-462D-A109-984989044B8E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-01-20] (Piriform Ltd)
Task: {79AD7EC0-56B1-43EF-86ED-CCBE81F94506} - System32\Tasks\AdobeAAMUpdater-1.0-AcerNotebook-Bianca => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {7A930001-29FE-4E21-8DDA-E3BA49C176AB} - System32\Tasks\PDF Architect 2 => C:\Program Files (x86)\PDF Architect 2\PDF Architect 2.exe
Task: {D727F8AA-67AA-401F-B38A-7B6A6D4AAAE8} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe [2013-04-26] (Acer Incorporate)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

2013-09-30 17:17 - 2013-02-20 21:58 - 00111176 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext_x64.dll
2014-05-01 20:29 - 2014-05-01 20:29 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2014-01-24 02:24 - 2014-01-24 02:24 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2014-01-24 02:21 - 2014-01-24 02:21 - 00086016 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll
2014-01-24 02:27 - 2014-01-24 02:27 - 00012928 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
2013-10-10 22:48 - 2013-10-10 22:48 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2013-09-30 16:34 - 2013-03-20 08:47 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-09-25 10:12 - 2015-02-15 16:06 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

AlternateDataStreams: C:\Users\Bianca\OneDrive:ms-properties

HKU\S-1-5-21-2634663036-1839342411-3565475702-1002\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers:

HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "Cisco AnyConnect Secure Mobility Agent for Windows"
HKLM\...\StartupApproved\Run32: => "KeePass 2 PreLoad"
HKLM\...\StartupApproved\Run32: => "AdobeCS5ServiceManager"
HKLM\...\StartupApproved\Run32: => "Nuance PDF Reader-reminder"
HKLM\...\StartupApproved\Run32: => "SwitchBoard"
HKU\S-1-5-21-2634663036-1839342411-3565475702-1002\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-2634663036-1839342411-3565475702-1002\...\StartupApproved\Run: => "CyberGhost"

Bianca (S-1-5-21-2634663036-1839342411-3565475702-1002 - Administrator - Enabled) => C:\Users\Bianca
Gast (S-1-5-21-2634663036-1839342411-3565475702-501 - Limited - Disabled)

Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Error: (02/18/2015 00:45:31 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (02/18/2015 08:56:14 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (02/18/2015 08:56:13 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (02/18/2015 08:56:12 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"1".
Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (02/18/2015 08:56:12 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"1".
Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (02/18/2015 08:56:12 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"1".
Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (02/18/2015 08:56:12 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"1".
Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (02/18/2015 08:54:56 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (02/18/2015 08:54:40 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (02/18/2015 08:54:13 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"1".
Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (02/20/2015 07:17:20 AM) (Source: DCOM) (EventID: 10010) (User: AcerNotebook)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (02/20/2015 07:17:02 AM) (Source: BTHUSB) (EventID: 17) (User: )
Description: Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen und wird nicht verwendet. Der Treiber wurde entladen.

Error: (02/19/2015 06:46:37 AM) (Source: BTHUSB) (EventID: 17) (User: )
Description: Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen und wird nicht verwendet. Der Treiber wurde entladen.

Error: (02/18/2015 01:57:39 PM) (Source: BTHUSB) (EventID: 17) (User: )
Description: Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen und wird nicht verwendet. Der Treiber wurde entladen.

Error: (02/18/2015 10:07:36 AM) (Source: DCOM) (EventID: 10010) (User: AcerNotebook)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (02/18/2015 09:37:42 AM) (Source: DCOM) (EventID: 10010) (User: AcerNotebook)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (02/18/2015 08:19:46 AM) (Source: disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR3 gefunden.

Error: (02/18/2015 07:00:26 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Avira Service Host erreicht.

Error: (02/17/2015 04:30:09 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (02/18/2015 08:56:14 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\program files (x86)\common files\adobe air\Versions\1.0\Adobe AIR.dllc:\program files (x86)\common files\adobe air\Versions\1.0\Adobe AIR.dll3

Error: (02/18/2015 08:56:13 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (02/18/2015 08:56:12 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\DWA\resources\libraries\ARKEngine.dll

Error: (02/18/2015 08:56:12 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\DWA\resources\libraries\ARKCmdFS.dll

Error: (02/18/2015 08:56:12 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\DWA\resources\libraries\ARKCmdDefrag.dll

Error: (02/18/2015 08:56:12 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\DWA\resources\libraries\ARKCmdCaps.dll

Error: (02/18/2015 08:54:56 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\program files (x86)\common files\adobe air\Versions\1.0\Adobe AIR.dllc:\program files (x86)\common files\adobe air\Versions\1.0\Adobe AIR.dll3

Error: (02/18/2015 08:54:40 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (02/18/2015 08:54:13 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\DWA\resources\libraries\ARKEngine.dll

Percentage of memory in use: 23%
Total physical RAM: 8072.27 MB
Available physical RAM: 6199.93 MB
Total Pagefile: 9352.27 MB
Available Pagefile: 7165.43 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB

Ran by Bianca at 2015-02-21 15:28:11 Run:1
Running from C:\Users\Bianca\Downloads
Loaded Profiles: Bianca (Available profiles: Bianca)
Boot Mode: Normal

C:\Users\Bianca\AppData\Local\Microsoft\Windows\INetCache\IE\9ZSXZ9VT\VOPackage[1].exe => Moved successfully.
EmptyTemp: => Removed 795.4 MB temporary data.

The system needed a reboot. 

==== End of Fixlog 15:28:45 ====
