ich habe bereits den empfohlenen Scan durchgeführt, siehe unten:

Code: Alles auswählenAufklappen

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 08-03-2015 01
Ran by Norbert (administrator) on NORBERT-PC on 08-03-2015 12:59:09
Running from C:\Users\Norbert\Downloads
Loaded Profiles: Norbert (Available profiles: Norbert)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(C-Dilla Ltd) C:\Windows\System32\drivers\CDAC11BA.EXE
(CrypKey (Canada) Ltd.) C:\Windows\System32\Crypserv.exe
(Reimage®) C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe
(Reimage®) C:\Program Files\Reimage\Reimage Protector\ReiSystem.exe
(UNIQA) C:\Program Files\UNIQA\VIPService\VIPService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5513424 2015-03-06] (Avast Software s.r.o.)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-04] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [SDTray] => rem "c:\program files\spybot - search & destroy 2\sdtray.exe"
HKLM\...\Run: [Avira Systray] => c:\program files\avira\my avira\avira.oe.systray.exe [127792 2015-02-12] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-21-2427394065-3725693352-322908783-1001\...\Run: [ISUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2004-06-14] (InstallShield Software Corporation)
HKU\S-1-5-21-2427394065-3725693352-322908783-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-2427394065-3725693352-322908783-1001\...\MountPoints2: {3f185b13-3f15-11e2-b54a-00238bf67a69} - F:\DPFMate.exe
HKU\S-1-5-21-2427394065-3725693352-322908783-1001\...\MountPoints2: {3f185b2d-3f15-11e2-b54a-00238bf67a69} - G:\DPFMate.exe
HKU\S-1-5-21-2427394065-3725693352-322908783-1001\...\MountPoints2: {651ed203-6c99-11e4-b745-00238bf67a69} - F:\Startme.exe
HKU\S-1-5-21-2427394065-3725693352-322908783-1001\...\MountPoints2: {6fb53fff-0dd4-11e0-a813-00238bf67a69} - F:\Setup.exe
HKU\S-1-5-21-2427394065-3725693352-322908783-1001\...\MountPoints2: {94fb3515-992b-11e1-ac6f-00238bf67a69} - E:\NokiaPCIA_Autorun.exe
HKU\S-1-5-21-2427394065-3725693352-322908783-1001\...\MountPoints2: {be4a688e-5602-11e4-a871-00238bf67a69} - F:\Startme.exe
HKU\S-1-5-21-2427394065-3725693352-322908783-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> 
Startup: C:\Users\Norbert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Spamihilator.lnk
ShortcutTarget: Spamihilator.lnk -> C:\Program Files\Spamihilator\spamihilator.exe (Michel Krämer)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (Avast Software s.r.o.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2427394065-3725693352-322908783-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\S-1-5-21-2427394065-3725693352-322908783-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/
HKU\S-1-5-21-2427394065-3725693352-322908783-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1418551854&from=cvs2&uid=HitachiXHTS545025B9A300_090808PB4206QSJA1XWAX
SearchScopes: HKLM -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {63894242-d1a7-4235-a425-c124cb8f4633} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^BDG^man000^YYA^&ptb=AD00C554-0FFF-46C3-9918-7F98868B9CF5&ind=2014103117&n=780cc64d&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://speedial.com/results.php?f=4&q={searchTerms}&a=spd_frmr_14_20_ie&cd=2XzuyEtN2Y1L1QzutD0CyCtDyByCtB0A0EtD0F0BtBtB0CzytN0D0Tzu0SzzyCzztN1L2XzutBtFtBtDtFtCtAtFtCtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StC0Bzy0E0ByEtCyBtGyByByCtBtGtD0B0DzytG0DyEzy0AtGyDyD0C0EyBtC0A0CtAtBtBtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0EyCtA0FyB0FyEtG0A0E0EtAtG0E0F0FyBtG0CyEyD0BtGtA0EyCzy0BtDtA0AtCzyzzyD2Q&cr=2002027499&ir=
SearchScopes: HKLM -> {75b4241f-171e-44a3-bf44-23613b6e3e03} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^AYY^xdm065^YYA^at&si=flvrunner&ptb=5D93837E-53C2-4E70-BB82-266EE7848008&ind=2013073106&n=77fd0ed2&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKU\S-1-5-21-2427394065-3725693352-322908783-1001 -> DefaultScope {31090377-0740-419E-BEFC-A56E50500D5B} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2427394065-3725693352-322908783-1001 -> {31090377-0740-419E-BEFC-A56E50500D5B} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2427394065-3725693352-322908783-1001 -> {63894242-d1a7-4235-a425-c124cb8f4633} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^BDG^man000^YYA^&ptb=AD00C554-0FFF-46C3-9918-7F98868B9CF5&ind=2014103117&n=780cc64d&psa=&st=sb&searchfor={searchTerms}
BHO: CBAbzockschutz.InitToolbarBHO -> {2e250b90-0e7a-42a3-9d65-e39f9f227fa4} -> C:\Windows\system32\mscoree.dll [2010-11-05] (Microsoft Corporation)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-01-24] (CANON INC.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-22] (Oracle Corporation)
BHO: ZoneAlarm Security Engine Registrar -> {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} ->  No File
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-03-06] (Avast Software s.r.o.)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files\LastPass\LPToolbar.dll [2014-09-04] (LastPass)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-22] (Oracle Corporation)
Toolbar: HKLM - COMPUTERBILD-Abzockschutz - {353e2a48-6254-4bd3-88f4-3b51a0ca7870} - C:\Windows\system32\mscoree.dll [2010-11-05] (Microsoft Corporation)
Toolbar: HKLM - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-01-24] (CANON INC.)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files\LastPass\LPToolbar.dll [2014-09-04] (LastPass)
Toolbar: HKU\S-1-5-21-2427394065-3725693352-322908783-1001 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKU\S-1-5-21-2427394065-3725693352-322908783-1001 -> No Name - {1D8566BD-F06F-4029-A3BE-BA80AF5A09F3} -  No File
Toolbar: HKU\S-1-5-21-2427394065-3725693352-322908783-1001 -> No Name - {7E111A5C-3D11-4F56-9463-5310C3C69025} -  No File
Toolbar: HKU\S-1-5-21-2427394065-3725693352-322908783-1001 -> ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: schmap-help - No CLSID Value -  []
Winsock: Catalog9 01 C:\Windows\system32\ColorMedia.dll [318616] (Over the Rainbow Tech)
Winsock: Catalog9 02 C:\Windows\system32\ColorMedia.dll [318616] (Over the Rainbow Tech)
Winsock: Catalog9 03 C:\Windows\system32\ColorMedia.dll [318616] (Over the Rainbow Tech)
Winsock: Catalog9 04 C:\Windows\system32\ColorMedia.dll [318616] (Over the Rainbow Tech)
Winsock: Catalog9 15 C:\Windows\system32\ColorMedia.dll [318616] (Over the Rainbow Tech)
Tcpip\Parameters: [DhcpNameServer] 195.34.133.21 212.186.211.21
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Norbert\AppData\Roaming\Mozilla\Firefox\Profiles\p41lyn23.default
FF Homepage: hxxp://www.google.at/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] ()
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-22] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-22] (Oracle Corporation)
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files\LastPass\nplastpass64.dll [2014-09-04] (LastPass)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2427394065-3725693352-322908783-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Norbert\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin HKU\S-1-5-21-2427394065-3725693352-322908783-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Norbert\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF SearchPlugin: C:\Users\Norbert\AppData\Roaming\Mozilla\Firefox\Profiles\p41lyn23.default\searchplugins\c7427947-d59e-4bfe-a111-28cf88faa484.xml [2013-02-10]
FF Extension: Amazon-Icon - C:\Users\Norbert\AppData\Roaming\Mozilla\Firefox\Profiles\p41lyn23.default\Extensions\amazon-icon@giga.de [2014-06-06]
FF Extension: LastPass - C:\Users\Norbert\AppData\Roaming\Mozilla\Firefox\Profiles\p41lyn23.default\Extensions\support@lastpass.com [2014-09-04]
FF Extension: Preispilot - C:\Users\Norbert\AppData\Roaming\Mozilla\Firefox\Profiles\p41lyn23.default\Extensions\extension@preispilot.com.xpi [2013-02-10]
FF Extension: Adblock Plus - C:\Users\Norbert\AppData\Roaming\Mozilla\Firefox\Profiles\p41lyn23.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-12-04]
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-03-08]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-02-24]
FF HKU\S-1-5-21-2427394065-3725693352-322908783-1001\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Norbert\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Norbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-24]
CHR Extension: (Google Docs) - C:\Users\Norbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-24]
CHR Extension: (Google Drive) - C:\Users\Norbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-24]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Norbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-24]
CHR Extension: (YouTube) - C:\Users\Norbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-24]
CHR Extension: (Google Search) - C:\Users\Norbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-24]
CHR Extension: (Google Sheets) - C:\Users\Norbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-24]
CHR Extension: (Avira Browser Safety) - C:\Users\Norbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-02-24]
CHR Extension: (Avast Online Security) - C:\Users\Norbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-02-24]
CHR Extension: (Google Wallet) - C:\Users\Norbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-24]
CHR Extension: (Gmail) - C:\Users\Norbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-24]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-07]

Opera: 
=======
OPR Extension: (No Name) - C:\Users\Norbert\AppData\Roaming\Opera Software\Opera Stable\Extensions\hnjalnkldgigidggphhmacmimbdlafdo [2014-11-11]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [431920 2014-12-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-04] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [992560 2014-12-04] (Avira Operations GmbH & Co. KG)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-03-06] (Avast Software s.r.o.)
S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3205216 2015-03-06] (Avast Software)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [184056 2015-02-12] (Avira Operations GmbH & Co. KG)
R2 C-DillaCdaC11BA; C:\Windows\system32\drivers\CDAC11BA.EXE [39936 2010-08-28] (C-Dilla Ltd) [File not signed]
R2 Crypkey License; C:\Windows\system32\crypserv.exe [122880 2008-05-08] (CrypKey (Canada) Ltd.) [File not signed]
S3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [6079848 2015-01-14] (Reimage®)
S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software)
S2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe [1781048 2014-07-16] (TuneUp Software)
R2 VIPService; C:\Program Files\UNIQA\VIPService\VIPService.exe [80624 2011-09-26] (UNIQA) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2015x\RpcAgentSrv.exe [X]
S2 SDScannerService; "C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" [X]
S2 SDUpdateService; "C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" [X]
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24144 2015-03-06] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [73440 2015-03-06] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81728 2015-03-06] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49904 2015-03-06] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [788272 2015-03-06] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427480 2015-03-06] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [106912 2015-03-06] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206976 2015-03-06] ()
R3 athr; C:\Windows\System32\DRIVERS\athr.sys [3310592 2014-11-09] (Qualcomm Atheros Communications, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98160 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-10-07] (Avira Operations GmbH & Co. KG)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-03-07] (Malwarebytes Corporation)
R1 NetworkX; C:\Windows\system32\ckldrv.sys [19584 2008-03-17] () [File not signed]
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [16472 2010-08-16] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [11104 2010-08-16] ()
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-07-31] (Avira GmbH)
S3 tbhsd; C:\Windows\System32\drivers\tbhsd.sys [39048 2013-10-01] (RapidSolution Software AG)
S3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesDriver32.sys [12320 2014-06-23] (TuneUp Software)
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [15872 2013-02-12] (Microsoft Corporation)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [220240 2015-03-06] (Avast Software)
S3 cpuz134; \??\C:\Users\Norbert\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [X]
S3 Lavasoft Kernexplorer; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [X]
S3 SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2015x\WNt600x86\Sandra.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 taphss6; system32\DRIVERS\taphss6.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-08 12:59 - 2015-03-08 12:59 - 00021079 _____ () C:\Users\Norbert\Downloads\FRST.txt
2015-03-08 12:58 - 2015-03-08 12:59 - 00000000 ____D () C:\FRST
2015-03-08 12:57 - 2015-03-08 12:57 - 01134592 _____ (Farbar) C:\Users\Norbert\Downloads\FRST.exe
2015-03-08 12:56 - 2015-03-08 12:56 - 00000000 _____ () C:\Users\Norbert\defogger_reenable
2015-03-08 12:54 - 2015-03-08 12:54 - 00000248 _____ () C:\Users\Norbert\Downloads\defogger_enable.log
2015-03-08 12:52 - 2015-03-08 12:53 - 00050477 _____ () C:\Users\Norbert\Downloads\Defogger(2).exe
2015-03-08 12:48 - 2015-03-08 12:56 - 00000476 _____ () C:\Users\Norbert\Downloads\defogger_disable.log
2015-03-08 12:46 - 2015-03-08 12:46 - 00050477 _____ () C:\Users\Norbert\Downloads\Defogger(1).exe
2015-03-08 12:45 - 2015-03-08 12:46 - 00050477 _____ () C:\Users\Norbert\Downloads\Defogger.exe
2015-03-07 22:09 - 2014-03-09 22:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2015-03-07 22:08 - 2014-06-30 23:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2015-03-07 22:08 - 2014-06-06 07:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2015-03-07 22:08 - 2014-03-09 22:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2015-03-07 19:19 - 2015-03-07 19:19 - 00001123 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-03-07 19:19 - 2015-03-07 19:19 - 00001111 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-03-07 19:19 - 2015-03-07 19:19 - 00000000 ___DC () C:\Program Files\Mozilla Maintenance Service
2015-03-07 19:04 - 2015-03-07 19:04 - 00000000 ____D () C:\Users\Norbert\AppData\Roaming\AVAST Software
2015-03-07 18:25 - 2015-03-06 22:37 - 00291312 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-03-07 17:46 - 2015-03-07 17:56 - 00002888 _____ () C:\Users\Norbert\Desktop\Windows-Kompatibilitätsbericht.htm
2015-03-07 12:10 - 2015-03-07 12:11 - 00000000 ____D () C:\ProgramData\Reimage Protector
2015-03-07 12:09 - 2015-03-07 12:32 - 00000000 ___DC () C:\Program Files\Reimage
2015-03-07 12:09 - 2015-03-07 12:12 - 00000000 ____D () C:\rei
2015-03-07 11:20 - 2014-12-21 11:43 - 00094371 ____N () C:\Windows\system32\athwb.cat
2015-03-07 11:20 - 2014-12-11 21:47 - 03247104 ____N (Qualcomm Atheros Communications, Inc.) C:\Windows\system32\athwb.sys
2015-03-07 11:20 - 2014-11-24 12:37 - 00092290 ____N () C:\Windows\system32\athrext.cat
2015-03-07 11:20 - 2014-11-09 19:10 - 03310592 ____N (Qualcomm Atheros Communications, Inc.) C:\Windows\system32\athr.sys
2015-03-07 11:20 - 2014-11-09 19:10 - 03310592 _____ (Qualcomm Atheros Communications, Inc.) C:\Windows\system32\Drivers\athr.sys
2015-03-07 11:19 - 2015-03-07 11:21 - 00000000 ____D () C:\ProgramData\Qualcomm Atheros
2015-03-07 11:15 - 2015-03-07 11:18 - 00000000 ____D () C:\Users\Norbert\Downloads\Atheros AR5B91 Wireless Network Adapter 125773d8e5e369236226a85ec4973f81
2015-03-07 11:11 - 2015-03-07 11:11 - 00000000 ____D () C:\backup
2015-03-07 11:09 - 2015-03-07 11:09 - 00061100 _____ () C:\Users\Norbert\PCHA-Log-07-03-15-11-09-02.zip
2015-03-07 11:05 - 2015-03-08 12:30 - 00000474 _____ () C:\Windows\Tasks\ParetoLogic Update Version3 Startup Task.job
2015-03-07 11:05 - 2015-03-07 17:19 - 00000422 _____ () C:\Windows\Tasks\ParetoLogic Update Version3.job
2015-03-07 11:05 - 2015-03-07 11:50 - 00000448 _____ () C:\Windows\Tasks\ParetoLogic Registration3.job
2015-03-07 11:05 - 2015-03-07 11:25 - 00000000 ____D () C:\ProgramData\ParetoLogic
2015-03-07 11:05 - 2015-03-07 11:05 - 00000000 ____D () C:\Users\Norbert\AppData\Roaming\ParetoLogic
2015-03-07 11:05 - 2015-03-07 11:05 - 00000000 ____D () C:\Program Files\Common Files\ParetoLogic
2015-03-07 09:24 - 2013-07-20 11:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-03-06 22:38 - 2015-03-07 18:26 - 00002003 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-03-06 22:37 - 2015-03-06 22:37 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-03-06 21:41 - 2015-03-06 21:41 - 00000000 ___DC () C:\Program Files\Reference Assemblies
2015-03-06 21:41 - 2015-03-06 21:41 - 00000000 ___DC () C:\Program Files\MSBuild
2015-03-06 21:41 - 2015-03-06 21:41 - 00000000 ____D () C:\Windows\system32\XPSViewer
2015-03-06 17:15 - 2015-03-06 19:44 - 00282338 _____ () C:\Users\Norbert\Documents\Systembericht.txt
2015-03-06 17:08 - 2015-03-07 12:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SiSoftware
2015-03-06 17:08 - 2015-03-06 21:49 - 14454784 _____ () C:\Users\Norbert\AppData\Roaming\Sandra.mdb
2015-03-06 17:07 - 2015-03-07 12:36 - 00000000 ___DC () C:\Program Files\SiSoftware
2015-03-06 10:52 - 2015-03-06 10:52 - 00000000 ____D () C:\Windows\system32\%LOCALAPPDATA%
2015-03-06 09:38 - 2015-03-06 09:43 - 02288552 _____ () C:\Users\Norbert\Documents\zuverlässigkeit.XML
2015-03-06 01:25 - 2015-03-06 01:25 - 00000000 ____D () C:\AVAST Software
2015-03-05 15:35 - 2015-03-06 12:23 - 00000000 ____D () C:\Users\Norbert\Desktop\Neuer Ordner (2)
2015-03-05 15:34 - 2015-03-07 10:53 - 00000000 ____D () C:\Users\Norbert\Desktop\Windows Berater
2015-03-05 13:13 - 2015-03-06 01:18 - 00000000 ____D () C:\Users\Norbert\Downloads\Omnimo 6.0.5
2015-03-05 12:36 - 2015-03-05 12:36 - 00000000 ____D () C:\Users\Norbert\Desktop\Neuer Ordner
2015-02-27 20:31 - 2015-02-27 20:31 - 02126848 _____ () C:\Users\Norbert\Downloads\adwcleaner_4.111.exe
2015-02-27 19:46 - 2015-02-27 19:48 - 06340808 _____ (SpeedMaxPc) C:\Users\Norbert\Downloads\SpeedMaxpc_installer_de.exe
2015-02-27 17:04 - 2012-04-03 10:04 - 09462335 ____N () C:\Users\Norbert\Downloads\VirtualBox.exe
2015-02-27 16:53 - 2015-03-06 13:27 - 00000000 ____D () C:\Users\Norbert\Downloads\windows_8-toolbox (1)
2015-02-27 16:42 - 2015-03-07 21:18 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-27 16:42 - 2015-03-06 14:49 - 00001076 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-02-27 16:42 - 2015-03-06 14:49 - 00000000 ___DC () C:\Program Files\ Malwarebytes Anti-Malware 
2015-02-27 16:42 - 2015-03-06 14:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-02-27 16:42 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-27 16:42 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-27 16:42 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-27 16:38 - 2015-02-27 16:41 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Norbert\Downloads\mbam-setup-2.0.4.1028 (1).exe
2015-02-27 16:38 - 2015-02-27 16:40 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Norbert\Downloads\mbam-setup-2.0.4.1028.exe
2015-02-26 19:44 - 2015-02-26 19:50 - 00000000 ___RD () C:\Users\Norbert\Downloads\Informationen_Kontobewegung_februar_2015 (1)
2015-02-26 18:06 - 2015-03-06 13:27 - 00000000 ____D () C:\Users\Norbert\Downloads\windows_8-toolbox
2015-02-25 21:31 - 2015-01-09 03:48 - 00635904 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-02-25 21:31 - 2015-01-09 03:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-02-25 21:31 - 2015-01-09 03:48 - 00027136 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-02-25 08:00 - 2015-01-09 00:44 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-02-24 20:46 - 2015-03-06 13:18 - 00000000 ___DC () C:\Program Files\VS Revo Group
2015-02-24 20:46 - 2015-02-24 20:46 - 00001240 _____ () C:\Users\Norbert\Desktop\Revo Uninstaller.lnk
2015-02-24 20:45 - 2015-02-24 20:46 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Norbert\Downloads\revosetup95.exe
2015-02-24 20:20 - 2015-03-07 18:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-02-24 20:18 - 2015-03-06 22:38 - 00427480 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys
2015-02-24 20:18 - 2015-03-06 22:38 - 00206976 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-02-24 20:18 - 2015-03-06 22:38 - 00106912 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys
2015-02-24 20:18 - 2015-03-06 22:38 - 00081728 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys
2015-02-24 20:18 - 2015-03-06 22:38 - 00073440 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-02-24 20:18 - 2015-03-06 22:38 - 00049904 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-02-24 20:18 - 2015-03-06 22:38 - 00024144 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-02-24 20:18 - 2015-03-06 22:37 - 00788272 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-02-24 20:17 - 2015-03-07 18:16 - 00000000 ___DC () C:\Program Files\AVAST Software
2015-02-24 20:15 - 2015-02-24 20:15 - 00000000 ____D () C:\Users\Norbert\Downloads\avast_free_antivirus_setup (4)
2015-02-24 19:52 - 2015-02-24 19:55 - 132469808 _____ (AVAST Software) C:\Users\Norbert\Downloads\avast_free_antivirus_setup (3).exe
2015-02-24 19:52 - 2015-02-24 19:55 - 132469808 _____ (AVAST Software) C:\Users\Norbert\Downloads\avast_free_antivirus_setup (2).exe
2015-02-24 19:52 - 2015-02-24 19:53 - 132469808 _____ (AVAST Software) C:\Users\Norbert\Downloads\avast_free_antivirus_setup (4).exe
2015-02-24 18:44 - 2015-02-24 18:44 - 00000000 ____D () C:\Users\Norbert\Downloads\spacesniffer_1_2_0_2
2015-02-24 18:12 - 2015-02-24 18:12 - 06848648 _____ (JAM Software ) C:\Users\Norbert\Downloads\TreeSizeFreeSetup330.exe
2015-02-24 17:40 - 2015-02-24 17:41 - 02960081 _____ () C:\Users\Norbert\Downloads\Autostart-Manager64_Setup.exe
2015-02-24 15:00 - 2015-02-24 15:00 - 00001134 _____ () C:\Users\Norbert\Desktop\Weidling Beweissicherung - Verknüpfung.lnk
2015-02-24 14:49 - 2015-03-07 12:39 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-02-24 14:49 - 2015-03-07 12:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-02-24 14:49 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean.exe
2015-02-24 14:47 - 2015-02-24 14:47 - 00000000 ____D () C:\Users\Norbert\Downloads\Free_Commander_v2009_02b
2015-02-24 14:47 - 2015-02-24 14:47 - 00000000 ____D () C:\Users\Norbert\Downloads\DirectoryListPrintDE_v3_8
2015-02-24 14:43 - 2015-02-24 14:46 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Norbert\Downloads\spybot-2.4.exe
2015-02-24 14:39 - 2015-02-24 14:41 - 03788928 _____ (Ghisler Software GmbH) C:\Users\Norbert\Downloads\tcmd851ax32.exe
2015-02-24 13:11 - 2014-02-27 12:56 - 00000000 ____D () C:\Users\Norbert\Downloads\Free Commander
2015-02-24 13:05 - 2015-03-06 13:27 - 00000000 ___DC () C:\Program Files\Windows 7-Geschenk-DVD
2015-02-24 13:05 - 2015-03-06 13:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 7-Geschenk-DVD
2015-02-24 13:05 - 2015-03-06 13:25 - 00000000 ____D () C:\Users\Norbert\AppData\Roaming\Windows 7-Geschenk-DVD
2015-02-24 13:05 - 2015-02-24 13:05 - 00002047 _____ () C:\Users\Norbert\Desktop\Windows 7-Geschenk-DVD.lnk
2015-02-20 21:42 - 2015-02-20 21:42 - 00000000 ____D () C:\Windows\Crystal
2015-02-20 21:42 - 2015-02-20 21:42 - 00000000 ____D () C:\MEINHAUSPLANER
2015-02-20 21:42 - 2010-10-13 05:43 - 00882608 _____ (Codejock Software) C:\Windows\system32\Codejock.TaskPanel.v13.4.2.ocx
2015-02-20 21:42 - 2010-10-13 05:42 - 01370032 _____ (Codejock Software) C:\Windows\system32\Codejock.ReportControl.v13.4.2.ocx
2015-02-20 21:42 - 2006-04-06 17:13 - 01276088 _____ (Codejock Software) C:\Windows\system32\Codejock.CommandBars.v10.1.ocx
2015-02-20 21:42 - 2006-04-06 17:13 - 00338104 _____ (Codejock Software) C:\Windows\system32\Codejock.TaskPanel.v10.1.ocx
2015-02-20 21:42 - 2006-04-06 16:13 - 00460984 _____ (Codejock Software) C:\Windows\system32\Codejock.ReportControl.v10.1.ocx
2015-02-20 21:42 - 2004-04-27 14:47 - 00167176 _____ (/n software inc. - www.nsoftware.com) C:\Windows\system32\ftps60.ocx
2015-02-20 21:42 - 2003-02-07 13:18 - 00326656 _____ (LEAD Technologies, Inc.) C:\Windows\system32\ltvec12n.ocx
2015-02-20 21:42 - 2003-02-07 13:18 - 00176128 _____ (LEAD Technologies, Inc.) C:\Windows\system32\ltlst12n.ocx
2015-02-20 21:42 - 2003-02-07 13:18 - 00094208 _____ (LEAD Technologies, Inc.) C:\Windows\system32\ltodb12n.ocx
2015-02-20 21:42 - 2003-02-07 13:17 - 00140288 _____ (LEAD Technologies, Inc.) C:\Windows\system32\lttmb12n.ocx
2015-02-20 21:42 - 2003-02-07 13:16 - 00340480 _____ (LEAD Technologies, Inc.) C:\Windows\system32\LTDLG12n.ocx
2015-02-20 21:42 - 2003-02-07 13:04 - 00181248 _____ (LEAD Technologies, Inc.) C:\Windows\system32\Lfpng12n.dll
2015-02-20 21:42 - 2003-02-07 13:02 - 00182272 _____ (LEAD Technologies, Inc.) C:\Windows\system32\ltvid12n.dll
2015-02-20 21:42 - 2003-02-07 13:02 - 00049664 _____ (LEAD Technologies, Inc.) C:\Windows\system32\Lfwmf12n.dll
2015-02-20 21:42 - 2003-02-07 13:02 - 00047104 _____ (LEAD Technologies, Inc.) C:\Windows\system32\lfXpm12n.dll
2015-02-20 21:42 - 2003-02-07 13:02 - 00045568 _____ (LEAD Technologies, Inc.) C:\Windows\system32\lfXbm12n.dll
2015-02-20 21:42 - 2003-02-07 13:02 - 00026112 _____ (LEAD Technologies, Inc.) C:\Windows\system32\lfxwd12n.dll
2015-02-20 21:42 - 2003-02-07 13:02 - 00020992 _____ (LEAD Technologies, Inc.) C:\Windows\system32\lfwpg12n.dll
2015-02-20 21:42 - 2003-02-07 13:02 - 00020992 _____ (LEAD Technologies, Inc.) C:\Windows\system32\lftga12n.dll
2015-02-20 21:42 - 2003-02-07 13:02 - 00019968 _____ (LEAD Technologies, Inc.) C:\Windows\system32\lfwfx12n.dll
2015-02-20 21:42 - 2003-02-07 13:02 - 00019456 _____ (LEAD Technologies, Inc.) C:\Windows\system32\lfras12n.dll
2015-02-20 21:42 - 2003-02-07 13:01 - 00102400 _____ (LEAD Technologies, Inc.) C:\Windows\system32\lfmpg12n.dll
2015-02-20 21:42 - 2003-02-07 13:01 - 00089088 _____ (LEAD Technologies, Inc.) C:\Windows\system32\lfjbg12n.dll
2015-02-20 21:42 - 2003-02-07 13:01 - 00084480 _____ (LEAD Technologies, Inc.) C:\Windows\system32\lffpx12n.dll
2015-02-20 21:42 - 2003-02-07 13:01 - 00063488 _____ (LEAD Technologies, Inc.) C:\Windows\system32\Lfplt12n.dll
2015-02-20 21:42 - 2003-02-07 13:01 - 00060416 _____ (LEAD Technologies, Inc.) C:\Windows\system32\Lfpct12n.dll
2015-02-20 21:42 - 2003-02-07 13:01 - 00048128 _____ (LEAD Technologies, Inc.) C:\Windows\system32\lfica12n.dll
2015-02-20 21:42 - 2003-02-07 13:01 - 00038912 _____ (LEAD Technologies, Inc.) C:\Windows\system32\lfflc12n.dll
2015-02-20 21:42 - 2003-02-07 13:01 - 00037888 _____ (LEAD Technologies, Inc.) C:\Windows\system32\lfeps12n.dll
2015-02-20 21:42 - 2003-02-07 13:01 - 00036864 _____ (LEAD Technologies, Inc.) C:\Windows\system32\lfpsd12n.dll
2015-02-20 21:42 - 2003-02-07 13:01 - 00035328 _____ (LEAD Technologies, Inc.) C:\Windows\system32\lfgif12n.dll
2015-02-20 21:42 - 2003-02-07 13:01 - 00031744 _____ (LEAD Technologies, Inc.) C:\Windows\system32\lflmb12n.dll
2015-02-20 21:42 - 2003-02-07 13:01 - 00031232 _____ (LEAD Technologies, Inc.) C:\Windows\system32\LFPNM12n.dll
2015-02-20 21:42 - 2003-02-07 13:01 - 00029184 _____ (LEAD Technologies, Inc.) C:\Windows\system32\lflma12n.dll
2015-02-20 21:42 - 2003-02-07 13:01 - 00027648 _____ (LEAD Technologies, Inc.) C:\Windows\system32\lfiff12n.dll
2015-02-20 21:42 - 2003-02-07 13:01 - 00026112 _____ (LEAD Technologies, Inc.) C:\Windows\system32\lfpcx12n.dll
2015-02-20 21:42 - 2003-02-07 13:01 - 00020992 _____ (LEAD Technologies, Inc.) C:\Windows\system32\lfimg12n.dll
2015-02-20 21:42 - 2003-02-07 13:01 - 00019968 _____ (LEAD Technologies, Inc.) C:\Windows\system32\lfpcd12n.dll
2015-02-20 21:42 - 2003-02-07 13:01 - 00019968 _____ (LEAD Technologies, Inc.) C:\Windows\system32\lfitg12n.dll
2015-02-20 21:42 - 2003-02-07 13:01 - 00019456 _____ (LEAD Technologies, Inc.) C:\Windows\system32\lfmsp12n.dll
2015-02-20 21:42 - 2003-02-07 13:01 - 00018944 _____ (LEAD Technologies, Inc.) C:\Windows\system32\lfmac12n.dll
2015-02-20 21:42 - 2003-02-07 13:00 - 00482816 _____ (LEAD Technologies, Inc.) C:\Windows\system32\lfdwf12n.dll
2015-02-20 21:42 - 2003-02-07 13:00 - 00215552 _____ (LEAD Technologies, Inc.) C:\Windows\system32\Lvkrn12n.dll
2015-02-20 21:42 - 2003-02-07 13:00 - 00139264 _____ (LEAD Technologies, Inc.) C:\Windows\system32\Lfdxf12n.dll
2015-02-20 21:42 - 2003-02-07 13:00 - 00067584 _____ (LEAD Technologies, Inc.) C:\Windows\system32\lfdwg12N.dll
2015-02-20 21:42 - 2003-02-07 13:00 - 00058880 _____ (LEAD Technologies, Inc.) C:\Windows\system32\Lfcgm12n.dll
2015-02-20 21:42 - 2003-02-07 13:00 - 00049152 _____ (LEAD Technologies, Inc.) C:\Windows\system32\ltlst12n.dll
2015-02-20 21:42 - 2003-02-07 13:00 - 00047616 _____ (LEAD Technologies, Inc.) C:\Windows\system32\Lfdgn12n.dll
2015-02-20 21:42 - 2003-02-07 13:00 - 00046080 _____ (LEAD Technologies, Inc.) C:\Windows\system32\Lfdrw12n.dll
2015-02-20 21:42 - 2003-02-07 13:00 - 00035840 _____ (LEAD Technologies, Inc.) C:\Windows\system32\lfcal12n.dll
2015-02-20 21:42 - 2003-02-07 13:00 - 00032256 _____ (LEAD Technologies, Inc.) C:\Windows\system32\lttmb12n.dll
2015-02-20 21:42 - 2003-02-07 13:00 - 00030720 _____ (LEAD Technologies, Inc.) C:\Windows\system32\lfbmp12n.dll
2015-02-20 21:42 - 2003-02-07 13:00 - 00028672 _____ (LEAD Technologies, Inc.) C:\Windows\system32\lfclp12n.dll
2015-02-20 21:42 - 2003-02-07 13:00 - 00026112 _____ (LEAD Technologies, Inc.) C:\Windows\system32\lfani12n.dll
2015-02-20 21:42 - 2003-02-07 13:00 - 00023040 _____ (LEAD Technologies, Inc.) C:\Windows\system32\lfawd12n.dll
2015-02-20 21:42 - 2003-02-07 13:00 - 00021504 _____ (LEAD Technologies, Inc.) C:\Windows\system32\lfCUT12n.dll
2015-02-20 21:42 - 2003-02-07 12:59 - 00307712 _____ (LEAD Technologies, Inc.) C:\Windows\system32\LTDLG12n.dll
2015-02-20 21:42 - 2003-02-07 12:59 - 00062464 _____ (LEAD Technologies, Inc.) C:\Windows\system32\ltnet12n.dll
2015-02-20 21:42 - 2003-02-07 12:59 - 00053248 _____ (LEAD Technologies, Inc.) C:\Windows\system32\ltcap12n.dll
2015-02-20 21:42 - 2003-02-07 12:14 - 00630272 _____ (LEAD Technologies, Inc.) C:\Windows\system32\LTOCX12n.ocx
2015-02-20 21:42 - 2003-02-07 12:03 - 00358912 _____ (LEAD Technologies, Inc.) C:\Windows\system32\LFCMP12n.DLL
2015-02-20 21:42 - 2003-02-07 12:02 - 00141312 _____ (LEAD Technologies, Inc.) C:\Windows\system32\LFTIF12n.DLL
2015-02-20 21:42 - 2003-02-07 12:00 - 00073728 _____ (LEAD Technologies, Inc.) C:\Windows\system32\LFFAX12n.DLL
2015-02-20 21:42 - 2003-02-07 11:59 - 00208384 _____ (LEAD Technologies, Inc.) C:\Windows\system32\LTEFX12n.dll
2015-02-20 21:42 - 2003-02-07 11:59 - 00164864 _____ (LEAD Technologies, Inc.) C:\Windows\system32\LTIMG12n.dll
2015-02-20 21:42 - 2003-02-07 11:59 - 00035840 _____ (LEAD Technologies, Inc.) C:\Windows\system32\LTTWN12n.dll
2015-02-20 21:42 - 2003-02-07 11:58 - 00388096 _____ (LEAD Technologies, Inc.) C:\Windows\system32\LTKRN12n.dll
2015-02-20 21:42 - 2003-02-07 11:58 - 00259584 _____ (LEAD Technologies, Inc.) C:\Windows\system32\LTDIS12n.dll
2015-02-20 21:42 - 2003-02-07 11:58 - 00131072 _____ (LEAD Technologies, Inc.) C:\Windows\system32\LTFIL12n.dll
2015-02-20 21:42 - 2003-01-24 15:59 - 00018944 _____ (LEAD Technologies, Inc.) C:\Windows\system32\lfavi12n.dll
2015-02-20 21:42 - 2002-08-23 16:50 - 00204800 _____ () C:\Windows\system32\NumX.ocx
2015-02-20 21:42 - 2002-06-27 11:36 - 00598016 _____ (Key Company) C:\Windows\system32\KeyTV3.ocx
2015-02-20 21:42 - 2000-12-16 20:45 - 00032768 _____ () C:\Windows\system32\WKAuxil.dll
2015-02-20 21:42 - 2000-10-12 20:46 - 00220160 _____ (LEAD Technologies, Inc.) C:\Windows\system32\ltvid12n.ocx
2015-02-20 21:42 - 2000-10-12 20:45 - 00160256 _____ (LEAD Technologies, Inc.) C:\Windows\system32\ltnet12n.ocx
2015-02-20 21:42 - 2000-10-12 20:44 - 00176128 _____ (LEAD Technologies, Inc.) C:\Windows\system32\ltcap12n.ocx
2015-02-20 21:42 - 2000-10-12 20:19 - 00158208 _____ (LEAD Technologies, Inc.) C:\Windows\system32\Lvdlg12n.dll
2015-02-20 21:42 - 2000-05-02 03:17 - 00212480 _____ (Eastman Kodak) C:\Windows\system32\PCDLIB32.DLL
2015-02-20 21:42 - 2000-04-12 15:28 - 00118784 _____ () C:\Windows\system32\lfkodak.dll
2015-02-20 21:42 - 2000-04-12 15:24 - 00338944 _____ () C:\Windows\system32\lffpx7.dll
2015-02-20 21:42 - 2000-02-10 09:46 - 00745472 _____ (Seagate Software, Inc.) C:\Windows\system32\crpe32_res_de.dll
2015-02-20 21:42 - 2000-02-03 03:16 - 00507904 _____ (Seagate Software) C:\Windows\system32\crviewer.dll
2015-02-20 21:42 - 2000-02-02 00:48 - 00036864 _____ (Seagate Software, Inc) C:\Windows\system32\p3smnde.dll
2015-02-20 21:42 - 2000-02-02 00:48 - 00036864 _____ (Seagate Software Information Management Group, Inc.) C:\Windows\system32\p3sodde.dll
2015-02-20 21:42 - 2000-02-01 12:49 - 00848376 _____ (APEX Software Corporation) C:\Windows\system32\tdbl6.ocx
2015-02-20 21:42 - 2000-02-01 12:49 - 00242144 _____ (Apex Software Corporation) C:\Windows\system32\tdbgpp.dll
2015-02-20 21:42 - 2000-02-01 11:49 - 00106984 _____ (Apex Software Corporation) C:\Windows\system32\xarraydb.ocx
2015-02-20 21:42 - 2000-01-28 08:16 - 05550080 _____ (Seagate Software, Inc.) C:\Windows\system32\craxdrt.dll
2015-02-20 21:42 - 2000-01-28 08:16 - 05337088 _____ (Seagate Software, Inc.) C:\Windows\system32\crpe32.dll
2015-02-20 21:42 - 2000-01-27 04:05 - 00270336 _____ (Seagate Software Information Management Group, Inc.) C:\Windows\system32\p2sodbc.dll
2015-02-20 21:42 - 2000-01-14 04:58 - 00544768 _____ (Seagate Software, Inc.) C:\Windows\system32\exlate32.dll
2015-02-20 21:42 - 2000-01-11 08:10 - 00442368 _____ (Seagate Software, Inc) C:\Windows\system32\cpeaut32.dll
2015-02-20 21:42 - 2000-01-11 00:09 - 00618496 _____ (Seagate Software) C:\Windows\system32\crpaig80.dll
2015-02-20 21:42 - 2000-01-07 01:15 - 00040960 _____ (Seagate Software, Inc) C:\Windows\system32\cdo32.dll
2015-02-20 21:42 - 1999-12-15 00:17 - 00147456 _____ (Seagate Software, Inc) C:\Windows\system32\p2smon.dll
2015-02-20 21:42 - 1999-12-08 02:59 - 00024576 _____ (Seagate Software Information Management Group, Inc.) C:\Windows\system32\p3rdode.dll
2015-02-20 21:42 - 1999-12-08 02:59 - 00024576 _____ (Seagate Software Information Management Group, Inc.) C:\Windows\system32\p3ddode.dll
2015-02-20 21:42 - 1999-12-07 00:31 - 00094208 _____ (Seagate Software Information Management Group, Inc.) C:\Windows\system32\p2sevt.dll
2015-02-20 21:42 - 1999-12-07 00:31 - 00094208 _____ (Seagate Software Information Management Group, Inc.) C:\Windows\system32\p2bdao.dll
2015-02-20 21:42 - 1999-12-07 00:31 - 00061440 _____ (Seagate Software Information Management Group, Inc.) C:\Windows\system32\p2irdao.dll
2015-02-20 21:42 - 1999-12-07 00:31 - 00053248 _____ (Seagate Software Information Management Group, Inc.) C:\Windows\system32\p2ctdao.dll
2015-02-20 21:42 - 1999-12-07 00:31 - 00023040 _____ (Seagate Software Information Management Group, Inc.) C:\Windows\system32\p2bbnd.dll
2015-02-20 21:42 - 1999-12-07 00:31 - 00017920 _____ () C:\Windows\system32\implode.dll
2015-02-20 21:42 - 1999-12-06 11:47 - 00851420 _____ (Seagate Software, Inc.) C:\Windows\system32\crystl32.ocx
2015-02-20 21:42 - 1999-12-01 03:15 - 00004096 _____ (Seagate Software Information Management Group, Inc.) C:\Windows\system32\p3dbdde.dll
2015-02-20 21:42 - 1999-11-15 06:53 - 00036864 _____ (Seagate Software Information Management Group, Inc.) C:\Windows\system32\p3sevde.dll
2015-02-20 21:42 - 1999-11-08 06:15 - 00020480 _____ (Seagate Software Information Management Group, Inc.) C:\Windows\system32\p3tdode.dll
2015-02-20 21:42 - 1999-10-22 07:33 - 00565760 _____ (Microsoft Corporation) C:\Windows\system32\Msvcp50.dll
2015-02-20 21:42 - 1999-06-07 12:59 - 00801464 _____ (APEX Software Corporation) C:\Windows\system32\tdbg6.ocx
2015-02-20 21:42 - 1999-05-07 01:00 - 00414944 _____ (Microsoft Corporation ) C:\Windows\system32\Comct332.ocx
2015-02-20 21:42 - 1999-05-07 01:00 - 00198640 _____ (Microsoft Corporation) C:\Windows\system32\Mci32.ocx
2015-02-20 21:42 - 1999-05-07 01:00 - 00082960 _____ (Microsoft Corporation) C:\Windows\system32\PicClp32.ocx
2015-02-20 21:42 - 1998-10-30 03:02 - 00595968 _____ (KL Group Inc.) C:\Windows\system32\Resizer.dll
2015-02-20 21:42 - 1998-10-30 03:02 - 00187904 _____ (KL Group Inc.) C:\Windows\system32\ResizerPPG.ocx
2015-02-20 21:42 - 1998-10-30 03:02 - 00132608 _____ (KL Group Inc.) C:\Windows\system32\ResizableControl.dll
2015-02-20 21:42 - 1998-10-30 03:02 - 00058880 _____ (KL Group Inc.) C:\Windows\system32\ResizableControlPPG.ocx
2015-02-20 21:42 - 1998-07-06 01:00 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\Mscc2de.dll
2015-02-20 21:42 - 1998-07-06 01:00 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\MSComDE.dll
2015-02-20 21:42 - 1998-06-24 01:00 - 00103744 _____ (Microsoft Corporation) C:\Windows\system32\MSCOMM32.OCX
2015-02-20 21:42 - 1998-06-18 01:00 - 00299008 _____ (Microsoft Corporation) C:\Windows\system32\MSDBRPTR.DLL
2015-02-20 21:42 - 1998-04-24 01:00 - 00005807 _____ () C:\Windows\system32\MSCALDEU.TLB
2015-02-20 21:42 - 1998-04-24 00:00 - 00250128 _____ (Microsoft Corporation) C:\Windows\system32\Mspdox35.dll
2015-02-20 21:42 - 1998-04-24 00:00 - 00250128 _____ (Microsoft Corporation) C:\Windows\system32\Msexcl35.dll
2015-02-20 21:42 - 1998-04-24 00:00 - 00166160 _____ (Microsoft Corporation) C:\Windows\system32\Msltus35.dll
2015-02-20 21:42 - 1998-04-24 00:00 - 00165648 _____ (Microsoft Corporation) C:\Windows\system32\Mstext35.dll
2015-02-20 21:42 - 1997-07-30 12:47 - 00099866 _____ (Microsoft Corporation) C:\Windows\system32\VB5DE.dll
2015-02-20 21:42 - 1997-01-10 21:37 - 00182784 _____ (Microsoft Corporation) C:\Windows\system32\ddao35.dll
2015-02-20 21:41 - 2015-02-20 22:00 - 00000000 ____D () C:\Program Files\Common Files\BAUSET
2015-02-20 21:41 - 1998-06-17 01:00 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\MFC42LOC.DLL
2015-02-20 21:41 - 1997-09-04 09:37 - 03782416 _____ () C:\Windows\system32\mso97.dll
2015-02-20 21:38 - 2013-02-15 17:31 - 00000000 ____D () C:\Users\Norbert\Downloads\mHpl Frei 50
2015-02-19 09:26 - 2015-02-19 09:26 - 00000000 ____D () C:\Users\Norbert\eTeks
2015-02-18 15:07 - 2015-03-07 18:16 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-02-18 15:06 - 2015-02-18 15:07 - 132469808 _____ (AVAST Software) C:\Users\Norbert\Downloads\avast_free_antivirus_setup (1).exe
2015-02-18 15:04 - 2015-02-18 15:05 - 132469808 _____ (AVAST Software) C:\Users\Norbert\Downloads\avast_free_antivirus_setup.exe
2015-02-18 14:46 - 2015-02-18 14:46 - 00000000 ____D () C:\Windows\system32\directx
2015-02-18 14:45 - 2015-02-18 14:47 - 00000000 ____D () C:\Users\Norbert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rigs of Rods 0.38.67
2015-02-18 14:45 - 2015-02-18 14:45 - 00000000 ____D () C:\Users\Norbert\Documents\Rigs of Rods 0.38
2015-02-18 14:44 - 2015-02-18 14:47 - 00000000 ___DC () C:\Program Files\Rigs of Rods 0.38
2015-02-18 14:42 - 2015-02-18 14:43 - 139017086 _____ (www.rigsofrods.com) C:\Users\Norbert\Downloads\RoR-Setup-0.38.67.exe
2015-02-17 06:50 - 2015-02-17 06:50 - 00000000 ____D () C:\Users\Norbert\AppData\Roaming\SuperEasy Software
2015-02-16 13:45 - 2015-02-16 13:45 - 00011919 _____ () C:\Users\Norbert\Documents\Mayerbrugger Masse.xlsx
2015-02-15 20:56 - 2015-02-17 07:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sigel
2015-02-15 11:54 - 2004-12-07 11:11 - 00258352 _____ (Microsoft Corporation) C:\Windows\system32\unicows.dll
2015-02-12 21:24 - 2015-03-07 19:03 - 00576970 _____ () C:\Windows\PFRO.log
2015-02-12 16:34 - 2015-01-23 04:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-12 16:34 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-11 19:47 - 2015-01-15 08:46 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 19:47 - 2015-01-15 08:46 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-11 19:47 - 2015-01-15 08:43 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-11 19:47 - 2015-01-15 08:43 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-11 19:47 - 2015-01-15 08:42 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 19:47 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-11 19:47 - 2015-01-15 08:42 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-11 19:47 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-11 19:47 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-11 19:47 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-11 19:47 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 19:47 - 2015-01-15 05:21 - 00369968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 19:47 - 2015-01-09 02:45 - 02380288 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-11 19:46 - 2015-02-04 03:54 - 00482304 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-11 19:46 - 2015-02-04 03:53 - 00767488 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-11 19:46 - 2015-02-04 03:53 - 00621056 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-11 19:46 - 2015-02-04 03:53 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-11 19:46 - 2015-02-04 03:53 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-11 19:46 - 2015-02-04 03:53 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-02-11 19:46 - 2015-02-04 03:49 - 00886784 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-11 19:46 - 2015-01-28 00:36 - 01167520 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-02-11 19:46 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-02-11 19:46 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 19:46 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 19:45 - 2015-01-14 06:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-11 19:45 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 19:45 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 19:45 - 2015-01-12 03:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-11 19:45 - 2015-01-12 03:21 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-11 19:45 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 19:45 - 2015-01-12 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-11 19:45 - 2015-01-12 03:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-11 19:45 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-11 19:45 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 19:45 - 2015-01-12 03:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-11 19:45 - 2015-01-12 02:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-11 19:45 - 2015-01-12 02:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-11 19:45 - 2015-01-12 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-11 19:45 - 2015-01-12 02:55 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-11 19:45 - 2015-01-12 02:48 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-11 19:45 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 19:45 - 2015-01-12 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-11 19:45 - 2015-01-12 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-11 19:45 - 2015-01-12 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 19:45 - 2015-01-12 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-11 19:45 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 19:45 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 19:45 - 2015-01-12 02:23 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-11 19:45 - 2015-01-12 02:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-11 19:45 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 19:45 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 19:45 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 19:45 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-11 19:45 - 2015-01-10 07:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-11 19:45 - 2015-01-10 07:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-11 19:45 - 2015-01-10 07:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-11 19:45 - 2015-01-10 07:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-11 19:45 - 2015-01-10 07:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-11 19:45 - 2015-01-10 07:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-11 19:45 - 2015-01-10 07:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-11 19:45 - 2014-12-12 06:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-11 19:45 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 19:26 - 2015-03-08 12:31 - 00008432 _____ () C:\Windows\error.log
2015-02-11 19:26 - 2015-03-08 12:30 - 00003808 _____ () C:\Windows\setupact.log
2015-02-11 19:26 - 2015-03-08 12:30 - 00001890 _____ () C:\Windows\errord.log
2015-02-11 19:26 - 2015-02-11 19:26 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-10 14:03 - 2015-02-26 21:28 - 00000000 ____D () C:\ProgramData\16a379cb768f4632acbd7bc4c211ef27
2015-02-10 14:03 - 2015-02-10 14:03 - 00000000 ____D () C:\ProgramData\ca7f1237741e43bb9b5f364c67c93027
2015-02-10 14:03 - 2015-02-07 21:45 - 00318616 _____ (Over the Rainbow Tech) C:\Windows\system32\ColorMedia.dll
2015-02-10 14:03 - 2014-07-16 10:24 - 00036664 _____ (TuneUp Software) C:\Windows\system32\TURegOpt.exe
2015-02-10 14:03 - 2014-07-16 10:24 - 00025400 _____ (TuneUp Software) C:\Windows\system32\authuitu.dll
2015-02-10 14:02 - 2015-02-10 14:02 - 00002161 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2014.lnk
2015-02-10 14:02 - 2015-02-10 14:02 - 00000000 ____D () C:\Users\Norbert\AppData\Local\TuneUp Software
2015-02-10 14:02 - 2015-02-10 14:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2014
2015-02-10 14:01 - 2015-02-23 15:02 - 00000000 ___DC () C:\Program Files\TuneUp Utilities 2014
2015-02-10 13:59 - 2015-03-07 10:29 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2015-02-06 13:24 - 2015-02-06 13:24 - 00001147 _____ () C:\Users\Public\Desktop\YouTube Song Downloader.lnk
2015-02-06 13:24 - 2015-02-06 13:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YouTube Song Downloader

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-08 12:56 - 2010-05-27 18:29 - 00000000 ____D () C:\Users\Norbert
2015-03-08 12:47 - 2011-06-06 21:30 - 594387968 _____ () C:\Users\Norbert\Documents\Outlook.pst
2015-03-08 12:47 - 2009-07-14 05:34 - 00020992 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-08 12:47 - 2009-07-14 05:34 - 00020992 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-08 12:44 - 2011-02-02 22:46 - 01636386 _____ () C:\Windows\WindowsUpdate.log
2015-03-08 12:43 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-03-08 12:30 - 2010-07-04 20:01 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-08 12:30 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-07 22:12 - 2014-11-06 19:47 - 00001128 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2427394065-3725693352-322908783-1001UA.job
2015-03-07 22:10 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE
2015-03-07 21:29 - 2012-04-16 00:40 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-07 21:16 - 2010-07-04 20:01 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-07 21:04 - 2010-06-01 10:37 - 00000000 ____D () C:\Program Files\Google
2015-03-07 19:20 - 2012-10-03 08:39 - 00000000 ____D () C:\Users\Norbert\AppData\Local\Mozilla
2015-03-07 19:19 - 2013-01-19 21:53 - 00000000 ___DC () C:\Program Files\Mozilla Firefox
2015-03-07 18:16 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\wfp
2015-03-07 18:16 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\registration
2015-03-07 18:08 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2015-03-07 12:44 - 2013-02-16 09:31 - 00000000 ___DC () C:\Program Files\JAM Software
2015-03-07 12:44 - 2013-02-16 09:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TreeSize Free
2015-03-07 12:41 - 2012-05-18 09:04 - 00000000 ____D () C:\Users\Norbert\AppData\Roaming\GHISLER
2015-03-07 12:24 - 2010-08-28 18:58 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-03-07 12:12 - 2014-11-14 18:33 - 00000158 _____ () C:\Windows\Reimage.ini
2015-03-07 11:58 - 2014-09-20 09:51 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR
2015-03-07 11:23 - 2010-05-27 18:32 - 01630572 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-06 22:44 - 2011-01-17 15:26 - 00000000 ___DC () C:\Log
2015-03-06 17:12 - 2014-11-06 19:47 - 00001076 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2427394065-3725693352-322908783-1001Core.job
2015-03-06 16:44 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\AppCompat
2015-03-06 14:29 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\NDF
2015-03-06 13:34 - 2014-08-05 09:55 - 00000000 ____D () C:\ProgramData\Package Cache
2015-03-06 13:33 - 2013-07-31 11:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-03-06 13:27 - 2014-04-30 20:29 - 00000000 ___HD () C:\ProgramData\CanonIJScan
2015-03-06 13:27 - 2013-04-15 14:36 - 00000000 ____D () C:\Users\Norbert\AppData\Roaming\Spamihilator
2015-03-06 13:25 - 2014-10-30 16:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2015-03-06 13:25 - 2014-10-30 16:43 - 00000000 ___DC () C:\Program Files\Sony
2015-03-06 13:25 - 2014-10-17 16:52 - 00000000 ___DC () C:\Program Files\Sony Mobile
2015-03-06 13:25 - 2014-10-17 16:52 - 00000000 ____D () C:\ProgramData\Sony Mobile
2015-03-06 13:25 - 2013-08-10 20:21 - 00000000 ____D () C:\Users\Norbert\AppData\Roaming\Opera Software
2015-03-06 13:25 - 2012-11-25 22:03 - 00000000 ____D () C:\Users\Norbert\Desktop\Bilder
2015-03-06 13:25 - 2010-05-31 13:59 - 00000000 ____D () C:\Users\Norbert\AppData\Roaming\Ahnenblatt
2015-03-06 13:24 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public
2015-03-06 13:20 - 2014-11-01 07:56 - 00000000 ____D () C:\Users\Norbert\Desktop\Friaul
2015-03-06 13:19 - 2010-03-12 10:21 - 00000000 ____D () C:\Users\Norbert Fohr\AppData\Roaming\IObit
2015-03-06 13:19 - 2009-01-31 19:19 - 00000000 ____D () C:\Users\Norbert Fohr\AppData\Roaming\OpenOffice.org
2015-03-06 13:19 - 2008-12-08 15:50 - 00000000 ____D () C:\Users\Norbert Fohr\AppData\Local\IM
2015-03-06 13:19 - 2007-08-20 17:39 - 00000000 ____D () C:\Users\Norbert Fohr\AppData\Roaming\Mozilla
2015-03-06 13:19 - 2007-08-20 17:39 - 00000000 ____D () C:\Users\Norbert Fohr\AppData\Local\Mozilla
2015-03-06 13:19 - 2007-04-02 21:58 - 00000000 ____D () C:\Users\Norbert Fohr\AppData\Roaming\CyberLink
2015-03-06 13:19 - 2007-03-26 15:30 - 00000000 ____D () C:\Users\Norbert Fohr\AppData\Roaming\Adobe
2015-03-06 13:19 - 2007-03-26 15:30 - 00000000 ____D () C:\Users\Norbert Fohr\AppData\Local\Adobe
2015-03-06 13:19 - 2007-03-26 10:35 - 00000000 ____D () C:\Users\Norbert Fohr\Documents\Privat
2015-03-06 13:19 - 2007-03-26 09:37 - 00000000 ____D () C:\Users\Norbert Fohr\AppData\Local\VirtualStore
2015-03-06 13:19 - 2007-03-26 09:37 - 00000000 ____D () C:\Users\Norbert Fohr
2015-03-06 13:16 - 2013-07-31 11:14 - 00000000 ___DC () C:\Program Files\Avira
2015-03-06 12:46 - 2013-08-10 20:21 - 00000000 ____D () C:\Users\Norbert\AppData\Local\Opera Software
2015-03-06 10:10 - 2013-02-13 21:48 - 00000000 ____D () C:\Users\Norbert\AppData\Roaming\JAM Software
2015-03-03 16:34 - 2013-03-03 13:49 - 00039424 ___SH () C:\Users\Norbert\Thumbs.db
2015-02-27 21:52 - 2014-12-19 13:23 - 00000000 ____D () C:\Users\Norbert\AppData\Roaming\AllDup
2015-02-27 20:36 - 2014-06-14 11:29 - 00000000 ____D () C:\AdwCleaner
2015-02-27 20:26 - 2015-01-13 15:42 - 00000000 ____D () C:\ProgramData\SpeedMaxPc
2015-02-27 17:58 - 2009-07-14 05:52 - 00000000 ____D () C:\Windows\Offline Web Pages
2015-02-26 12:22 - 2014-12-20 20:04 - 00000000 ____D () C:\Users\Norbert\Documents\My Digital Editions
2015-02-26 08:36 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\tracing
2015-02-25 21:20 - 2010-05-28 08:39 - 00000000 ____D () C:\Users\Norbert\Desktop\Vermietung
2015-02-25 16:46 - 2010-05-28 08:39 - 00000000 ____D () C:\Users\Norbert\Desktop\Buchhaltung
2015-02-25 12:17 - 2010-05-27 19:39 - 00000000 ____D () C:\Users\Norbert\AppData\Local\Microsoft Help
2015-02-24 21:07 - 2010-05-28 08:47 - 00000000 ____D () C:\Users\Norbert\Documents\Privat
2015-02-24 20:21 - 2010-06-01 10:54 - 00000000 ____D () C:\Users\Norbert\AppData\Local\Google
2015-02-24 17:41 - 2010-08-25 12:27 - 00000000 ____D () C:\Windows\Downloaded Installations
2015-02-24 03:23 - 2010-05-27 18:53 - 00246920 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-02-22 20:54 - 2013-02-12 21:15 - 00005169 _____ () C:\Users\Norbert\Documents\Fixit50388.reg
2015-02-22 20:04 - 2010-05-27 19:39 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-20 21:42 - 2014-05-14 15:29 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2015-02-18 16:48 - 2014-12-02 10:08 - 00000000 ____D () C:\Users\Norbert\Downloads\ihre_telekom_mobilfunk_december_2014 (1)(3)
2015-02-18 14:46 - 2007-04-08 22:20 - 00000000 ____D () C:\Temp
2015-02-15 12:10 - 2012-12-02 14:26 - 00000000 ___DC () C:\Program Files\MyHeritage
2015-02-15 11:56 - 2012-12-02 14:27 - 00000000 ____D () C:\Users\Norbert\Documents\MyHeritage
2015-02-15 11:45 - 2010-05-31 13:59 - 00000000 ____D () C:\Users\Norbert\Documents\Ahnenblatt
2015-02-14 14:08 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2015-02-12 17:13 - 2014-02-03 09:50 - 00710656 ___SH () C:\Users\Norbert\Desktop\Thumbs.db
2015-02-12 08:34 - 2012-12-14 09:33 - 00352736 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-12 08:32 - 2014-12-10 22:30 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-12 08:32 - 2014-05-07 12:28 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-11 21:05 - 2013-08-03 06:56 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-11 20:56 - 2010-06-03 12:15 - 113756392 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-10 15:59 - 2013-02-14 19:03 - 00000000 __SHD () C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2015-02-10 15:59 - 2012-05-13 18:27 - 00000000 __SHD () C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2015-02-10 15:59 - 2011-01-17 16:14 - 00000000 ____D () C:\Users\Norbert\AppData\Local\Downloaded Installations
2015-02-10 15:51 - 2011-01-17 15:35 - 00000000 ____D () C:\ProgramData\TuneUp Software
2015-02-10 14:02 - 2011-01-17 15:36 - 00000000 ____D () C:\Users\Norbert\AppData\Roaming\TuneUp Software
2015-02-10 09:45 - 2009-07-14 05:53 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-02-06 13:24 - 2013-10-04 11:47 - 00000000 ___DC () C:\Program Files\K-Lite Codec Pack
2015-02-06 13:24 - 2011-05-11 21:38 - 00000000 ____D () C:\Program Files\YouTube Song Downloader

==================== Files in the root of some directories =======

2014-04-29 16:25 - 2014-09-04 19:22 - 15000576 _____ (LastPass) C:\Program Files\Common Files\lpuninstall.exe
2012-02-20 11:46 - 2012-02-20 17:00 - 0007730 _____ () C:\Users\Norbert\AppData\Roaming\.freeciv-client-rc-2.3
2014-03-29 16:21 - 2014-04-02 22:45 - 0009933 _____ () C:\Users\Norbert\AppData\Roaming\.freeciv-client-rc-2.4
2014-01-25 15:20 - 2014-01-25 15:20 - 0012963 _____ () C:\Users\Norbert\AppData\Roaming\Kommagetrennte Werte (Windows).CAL
2015-02-27 19:50 - 2015-02-27 20:26 - 0000115 _____ () C:\Users\Norbert\AppData\Roaming\LogFile.txt
2014-11-01 10:38 - 2014-11-01 10:38 - 0012964 _____ () C:\Users\Norbert\AppData\Roaming\Microsoft Excel 97-2003.CAL
2015-03-06 17:08 - 2015-03-06 21:49 - 14454784 _____ () C:\Users\Norbert\AppData\Roaming\Sandra.mdb
2013-12-20 14:41 - 2014-03-30 17:42 - 0000158 _____ () C:\Users\Norbert\AppData\Roaming\WB.CFG
2011-05-12 08:20 - 2011-05-12 08:20 - 0000000 ____H () C:\Users\Norbert\AppData\Local\BIT74C1.tmp
2011-06-15 09:50 - 2011-06-15 09:50 - 0000000 ____H () C:\Users\Norbert\AppData\Local\BITCA02.tmp
2011-01-06 12:24 - 2014-07-20 16:06 - 0013312 _____ () C:\Users\Norbert\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-01-10 17:45 - 2014-01-10 17:45 - 0000036 _____ () C:\Users\Norbert\AppData\Local\housecall.guid.cache
2011-01-13 15:02 - 2011-01-26 18:47 - 0007607 _____ () C:\Users\Norbert\AppData\Local\resmon.resmoncfg
2011-06-15 09:50 - 2011-06-15 09:50 - 0000000 _____ () C:\Users\Norbert\AppData\Local\{0B661C8B-9FC1-4E66-A045-5155F06F1CD8}
2011-06-14 12:34 - 2011-06-14 12:34 - 0000000 _____ () C:\Users\Norbert\AppData\Local\{5DF91D43-A0A6-4FA5-BC23-7A1C844E9BA5}
2011-05-12 08:20 - 2011-05-12 08:20 - 0000000 _____ () C:\Users\Norbert\AppData\Local\{8B72A529-5C34-402D-995A-49875747BF6F}
2011-03-08 11:11 - 2014-05-01 21:08 - 0003857 _____ () C:\ProgramData\hpzinstall.log

Some content of TEMP:
====================
C:\Users\Norbert\AppData\Local\Temp\avgnt.exe
C:\Users\Norbert\AppData\Local\Temp\Quarantine.exe
C:\Users\Norbert\AppData\Local\Temp\ReimagePackage.exe
C:\Users\Norbert\AppData\Local\Temp\ReiSysUpdate.exe
C:\Users\Norbert\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-06 08:53

==================== End Of Log ============================
         

Addition.txt:

Code: Alles auswählenAufklappen

ATTFilter

Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 122 seconds with 120 seconds of active time.  This session ended with a crash.

Error: (10/17/2010 03:29:22 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 145 seconds with 120 seconds of active time.  This session ended with a crash.


==================== Memory info =========================== 

Processor: Pentium(R) Dual-Core CPU T4300 @ 2.10GHz
Percentage of memory in use: 38%
Total physical RAM: 3000.93 MB
Available physical RAM: 1857.82 MB
Total Pagefile: 6000.14 MB
Available Pagefile: 4396.35 MB
Total Virtual: 2047.88 MB
Available Virtual: 1891.23 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:227.28 GB) (Free:96.1 GB) NTFS
Drive h: (HITACHI) (Fixed) (Total:931.28 GB) (Free:360.99 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 391F5D34)
Partition 1: (Not Active) - (Size=1 GB) - (Type=82)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=227.3 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 31BED6D9)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=0C)

==================== End Of Log ============================
         

Ich wäre für Hilfe sehr dankbar
Nofo

Hallo nofo,

mein Name ist Jonas und ich werde dir bei deiner Bereinigung helfen. Diese kann mit viel Arbeit für dich verbunden sein. Bevor wir anfangen können, lies bitte die Bereinigungsregeln und Hinweise:

Regeln zum Ablauf der Bereinigung

• Arbeite die Anleitungen und Schritte sorgfältig und nacheinander ab.
• Wenn du etwas nicht verstehst oder du dir unsicher bist, frage nach und schildere das Problem, so gut es geht. Handle nicht auf eigene Faust.
  • Die Ausführung diverser Bereinigungsprogramme (mit Scripts aus anderen Threads) können dein Betriebssystem zerschießen!
• Die Bereinigung eines Rechners in verschiedenen Foren zur selben Zeit ist verboten (Crossposting).

• Installiere oder deinstalliere keine zusätzlichen Programme, lösche keine Dateien und führe nicht selbstständig Systemupdates durch.

• Die Symptome können verschwunden sein, jedoch bedeutet das Verschwinden von äußeren Merkmalen einer Infektion nicht, dass du wieder clean bist.
  • Ich werde dir ein eindeutiges Clean geben, solange arbeite bitte mit.

Hinweis

• Die von uns benutzten Programme erstellen meist ein Ergebnisprotokoll (Logfile genannt). Bitte füge alle von mir in einem Schritt geforderten Logfiles in einer Antwort/einem Post ein.
  • http://www.trojaner-board.de/137229-...code-tags.html; Falls das Logfile zu groß für einen Post ist, teile es in zwei/mehrere Posts.

Wenn du alles gelesen hast, kann es losgehen. Bitte speichere alle Programme auf dem Desktop und führe sie von dort aus.

Bitte nochmal das Addition.txt Logfile vollständig posten und dein Problem etwas genauer beschreiben .

Hallo Jonas,
danke, dass Du mir helfen willst.
Ich sende noch einmal den additional scan result.
Meine Probleme:
es dauert es sehr lange, bis ich mit dem Internet verbunden werde.
es bleiben geöffnete Fenster eingefroren, egal ob in office, internet oder sonstwo.
der laptop arbeitet langsamer.
http://www.trojaner-board.de/images/...ankeschoen.gif
Danke einstweilen!
Nofo

Code: Alles auswählenAufklappen

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 08-03-2015 01
Ran by Norbert at 2015-03-08 13:01:11
Running from C:\Users\Norbert\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.34 (HKLM\...\{23170F69-40C1-2701-0934-000001000000}) (Version: 9.34.00.0 - Igor Pavlov)
ABBYY FineReader 6.0 (HKLM\...\{AF600F7B-67A7-48D9-BA3B-0FF97F35F970}) (Version: 6.0.759.29410 - ABBYY Software House)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 16.0.0.273 - Adobe Systems Incorporated)
Adobe Digital Editions 4.0 (HKLM\...\Adobe Digital Editions 4.0) (Version: 4.0.2 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Ahnenblatt 2.74 (HKLM\...\Ahnenblatt_is1) (Version: 2.74.0.1 - Dirk Boettcher)
AllDup 3.4.24 (HKLM\...\AllDup_is1) (Version: 3.4.24 - Michael Thummerer Software Design)
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.2.2214 - AVAST Software)
Avira (HKLM\...\{d9ed6dcf-6bfc-4fbb-802e-81dd5b767d6e}) (Version: 1.1.32.25147 - Avira Operations & Co. KG)
Avira (Version: 1.1.32.25147 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 15.0.8.650 - Avira)
Banana Buchhaltung 6.0 (HKLM\...\Banana60_is1) (Version: 6.0.8.0 - Banana.ch SA - Lugano (Switzerland))
BufferChm (Version: 130.0.331.000 - Hewlett-Packard) Hidden
Canon Easy-WebPrint EX (HKLM\...\Easy-WebPrint EX) (Version: 1.4.1.0 - Canon Inc.)
Canon IJ Network Scanner Selector EX (HKLM\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - Canon Inc.)
Canon IJ Network Tool (HKLM\...\Canon_IJ_Network_UTILITY) (Version: 3.2.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM\...\Canon_IJ_Scan_Utility) (Version:  - Canon Inc.)
Canon Kurzwahlprogramm (HKLM\...\Speed Dial Utility) (Version: 1.3.0 - Canon Inc.)
Canon MX450 series Benutzerregistrierung (HKLM\...\Canon MX450 series Benutzerregistrierung) (Version:  - *Canon Inc.)
Canon MX450 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX450_series) (Version: 1.00 - Canon Inc.)
Canon MX450 series On-screen Manual (HKLM\...\Canon MX450 series On-screen Manual) (Version: 7.6.0 - Canon Inc.)
Canon My Image Garden (HKLM\...\Canon My Image Garden) (Version: 1.1.2 - Canon Inc.)
Canon My Image Garden Design Files (HKLM\...\Canon My Image Garden Design Files) (Version: 1.0.1 - Canon Inc.)
Canon My Printer (HKLM\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Canon Quick Menu (HKLM\...\CanonQuickMenu) (Version: 2.3.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
COMPUTERBILD-Abzockschutz (HKLM\...\{7FFB135C-A940-4F79-BD78-6899477FD91F}) (Version: 1.0.37 - J3S)
D2400 (Version: 130.0.365.000 - Hewlett-Packard) Hidden
D2400_Help (Version: 90.0.235.000 - Hewlett-Packard) Hidden
dj_sf_ProductContext (Version: 130.0.365.000 - Hewlett-Packard) Hidden
dj_sf_software (Version: 130.0.365.000 - Hewlett-Packard) Hidden
dj_sf_software_req (Version: 130.0.365.000 - Hewlett-Packard) Hidden
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
Google+ Auto Backup (HKU\S-1-5-21-2427394065-3725693352-322908783-1001\...\Google+ Auto Backup) (Version: 1.0.26.151 - Google, Inc.)
GPBaseService2 (Version: 130.0.371.000 - Hewlett-Packard) Hidden
honestech Audio Recorder 2.0 Deluxe (HKLM\...\{A0BC5BCD-893F-47F4-8903-FDC7CAC2AFB1}) (Version: 2.0 - honestech)
honestech Audio Recorder 2.0 Deluxe (Version: 2.0 - Honest Technology) Hidden
HPPhotoGadget (Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPProductAssistant (Version: 130.0.371.000 - Hewlett-Packard) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1892 - Intel Corporation)
Intel(R) TV Wizard (HKLM\...\TVWiz) (Version:  - Intel Corporation)
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version:  - )
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
K-Lite Codec Pack 6.0.4 (Basic) (HKLM\...\KLiteCodecPack_is1) (Version: 6.0.4 - )
LastPass (Nur deinstallieren) (HKLM\...\LastPass) (Version:  - LastPass)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MarketResearch (Version: 130.0.374.000 - Hewlett-Packard) Hidden
MEDION GoPal Assistant (HKLM\...\{12C77A13-A31B-4565-8E60-494FD65EBB2F}) (Version: 6.4.17.13525 - MEDION)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Standard 2007 (HKLM\...\STANDARDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 English (HKLM\...\{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft_VC100_CRT_x86 (HKLM\...\{6FDDB201-2CA0-42BD-973F-7B2C4A61EA3F}) (Version: 1.0.0 - Microsoft)
Mozilla Firefox 36.0.1 (x86 de) (HKLM\...\Mozilla Firefox 36.0.1 (x86 de)) (Version: 36.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 36.0.1 - Mozilla)
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyFreeCodec (HKU\S-1-5-21-2427394065-3725693352-322908783-1001\...\MyFreeCodec) (Version:  - )
MyPhoneExplorer (HKLM\...\MPE) (Version: 1.8.6 - F.J. Wechselberger)
Nokia Connectivity Cable Driver (HKLM\...\{29373274-977E-413C-A4DE-DC0F8E80C429}) (Version: 7.1.172.0 - Nokia)
Nokia PC-Internetzugang (HKLM\...\Nokia PC Internet Access) (Version: 2.0.1.6 - Nokia)
Nokia PC-Internetzugang (Version: 2.0.1.6 - Nokia) Hidden
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}) (Version: 3.60.0 - dotPDN LLC)
PC Connectivity Solution (HKLM\...\{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}) (Version: 12.0.109.0 - Nokia)
Personal Ancestral File 5 (HKLM\...\{D94A8E22-DF2B-4107-9E51-608A60A7671D}) (Version:  - )
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Rigs of Rods 0.38.67 (HKLM\...\Rigs of Rods 0.38.67) (Version: 0.38.67 - Rigs of Rods Team)
Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.0.13091_9 - Samsung Electronics Co., Ltd.)
Samsung Kies (Version: 2.6.0.13091_9 - Samsung Electronics Co., Ltd.) Hidden
Samsung Story Album Viewer (HKLM\...\InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}) (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.)
Samsung Story Album Viewer (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
SmartWebPrinting (Version: 130.0.457.000 - Hewlett-Packard) Hidden
SolutionCenter (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Sony Mobile Update Engine (HKLM\...\Update Engine) (Version: 2.14.14.201410081526 - Sony Mobile Communications AB)
Sony PC Companion 2.10.236 (HKLM\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.236 - Sony)
Spamihilator 1.6.0 (32-Bit) (HKLM\...\{624CDCC7-9E58-46FE-956B-04A8004A9FCC}) (Version: 1.6.0 - Michel Krämer)
Toolbox (Version: 130.0.648.000 - Hewlett-Packard) Hidden
UnloadSupport (Version: 11.0.0 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_STANDARDR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_STANDARDR_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_STANDARDR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_STANDARDR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
VC 9.0 Runtime (Version: 1.0.0 - Check Point Software Technologies Ltd) Hidden
VideoPad Videobearbeitungs-Software (HKLM\...\VideoPad) (Version:  - NCH Software)
WebReg (Version: 130.0.132.017 - Hewlett-Packard) Hidden
Windows 7-Geschenk-DVD (HKLM\...\{4088F003-0133-4961-A807-B65CF1F5D58D}_is1) (Version:  - Windows 7-Geschenk-DVD)
Windows Mobile Device Center Driver Update (HKLM\...\{E7044E25-3038-4A76-9064-344AC038043E}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows Mobile-Gerätecenter (HKLM\...\{904CCF62-818D-4675-BC76-D37EB399F917}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows-Treiberpaket - Nokia pccsmcfd “LegacyDriver”  (05/31/2012 7.1.2.0) (HKLM\...\17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382) (Version: 05/31/2012 7.1.2.0 - Nokia)
YouTube Song Downloader (HKLM\...\{4281435C-AD1D-4C8A-B9C0-3961C11EF142}_is1) (Version: 10.3 - Abelssoft)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2427394065-3725693352-322908783-1001_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Norbert\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2427394065-3725693352-322908783-1001_Classes\CLSID\{0450ACEB-4BB5-4B77-8A0A-42B425344A9F}\InprocServer32 -> C:\Program Files\Common Files\Lexware\Dll\LXConfiguration.dll (Haufe-Lexware GmbH & Co. KG)
CustomCLSID: HKU\S-1-5-21-2427394065-3725693352-322908783-1001_Classes\CLSID\{1224F4E3-EEE0-4110-8FD3-360B05CEC23A}\InprocServer32 -> C:\Program Files\Common Files\Lexware\Dll\LxMasterPlausiProvider.dll (Haufe-Lexware GmbH & Co. KG)
CustomCLSID: HKU\S-1-5-21-2427394065-3725693352-322908783-1001_Classes\CLSID\{1570B1B8-2DBD-11D5-B8C5-0050DA64D04F}\InprocServer32 -> C:\Program Files\Common Files\Lexware\Dll\lxtab10.ocx (Haufe-Lexware GmbH & Co. KG)
CustomCLSID: HKU\S-1-5-21-2427394065-3725693352-322908783-1001_Classes\CLSID\{1570B1B9-2DBD-11D5-B8C5-0050DA64D04F}\InprocServer32 -> C:\Program Files\Common Files\Lexware\Dll\lxtab10.ocx (Haufe-Lexware GmbH & Co. KG)
CustomCLSID: HKU\S-1-5-21-2427394065-3725693352-322908783-1001_Classes\CLSID\{15ED2527-993A-451B-9584-B039E23295BD}\InprocServer32 -> C:\Program Files\Common Files\Lexware\Dll\LxHtmlCtl.ocx (Haufe-Lexware GmbH & Co. KG)
CustomCLSID: HKU\S-1-5-21-2427394065-3725693352-322908783-1001_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Norbert\AppData\Local\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2427394065-3725693352-322908783-1001_Classes\CLSID\{2402EA77-1AB6-11D4-B2CC-00105AEFBDC4}\InprocServer32 -> C:\Program Files\Common Files\Lexware\Dll\SelectEdit.dll ()
CustomCLSID: HKU\S-1-5-21-2427394065-3725693352-322908783-1001_Classes\CLSID\{25F3E173-942A-4FF1-BA68-329AAAB62319}\InprocServer32 -> C:\Program Files\Common Files\Lexware\Dll\LxMasterPlausiProvider.dll (Haufe-Lexware GmbH & Co. KG)
CustomCLSID: HKU\S-1-5-21-2427394065-3725693352-322908783-1001_Classes\CLSID\{2837E0FE-686B-4CB0-BE53-0EA097EAF71B}\InprocServer32 -> C:\Windows\Downloaded Program Files\isusweb.dll (InstallShield Software Corporation)
CustomCLSID: HKU\S-1-5-21-2427394065-3725693352-322908783-1001_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Norbert\AppData\Local\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2427394065-3725693352-322908783-1001_Classes\CLSID\{32FA2293-EA2A-4C2E-AD4A-3832090B49F8}\InprocServer32 -> C:\Program Files\Common Files\Lexware\Dll\LxMasterPlausiProvider.dll (Haufe-Lexware GmbH & Co. KG)
CustomCLSID: HKU\S-1-5-21-2427394065-3725693352-322908783-1001_Classes\CLSID\{3B787333-771D-48D7-8198-21EA0A40C263}\InprocServer32 -> C:\Program Files\Common Files\Lexware\Dll\LxHtmlCtl.ocx (Haufe-Lexware GmbH & Co. KG)
CustomCLSID: HKU\S-1-5-21-2427394065-3725693352-322908783-1001_Classes\CLSID\{43E632C6-EB4B-11D2-AEC1-923184CE550D}\InprocServer32 -> C:\Program Files\Common Files\Lexware\Dll\BitButton.ocx ()
CustomCLSID: HKU\S-1-5-21-2427394065-3725693352-322908783-1001_Classes\CLSID\{4C785741-7F95-4309-B372-41BF7CD4804C}\localserver32 -> C:\Program Files\Common Files\Lexware\LxWebAccess\LxWebAccess.exe (Lexware GmbH & Co. KG)
CustomCLSID: HKU\S-1-5-21-2427394065-3725693352-322908783-1001_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Norbert\AppData\Local\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2427394065-3725693352-322908783-1001_Classes\CLSID\{5480521C-4EEB-11D3-B28C-00A024A8131E}\InprocServer32 -> C:\Program Files\Common Files\Lexware\Dll\lxbalz50.ocx (Haufe-Lexware GmbH & Co. KG)
CustomCLSID: HKU\S-1-5-21-2427394065-3725693352-322908783-1001_Classes\CLSID\{5480521D-4EEB-11D3-B28C-00A024A8131E}\InprocServer32 -> C:\Program Files\Common Files\Lexware\Dll\lxbalz50.ocx (Haufe-Lexware GmbH & Co. KG)
CustomCLSID: HKU\S-1-5-21-2427394065-3725693352-322908783-1001_Classes\CLSID\{55261742-7EA7-48BE-89A6-93C88CE653E6}\InprocServer32 -> C:\Program Files\Common Files\Lexware\Dll\PLZ.ocx (Haufe-Lexware GmbH & Co. KG)
CustomCLSID: HKU\S-1-5-21-2427394065-3725693352-322908783-1001_Classes\CLSID\{5B7524C8-2446-40E9-9474-94A779DBA224}\InprocServer32 -> C:\Windows\Downloaded Program Files\isusweb.dll (InstallShield Software Corporation)
CustomCLSID: HKU\S-1-5-21-2427394065-3725693352-322908783-1001_Classes\CLSID\{621D3650-F1D3-414C-97F9-03A02B211261}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (InstallShield Software Corporation)
CustomCLSID: HKU\S-1-5-21-2427394065-3725693352-322908783-1001_Classes\CLSID\{623E415A-22EF-4DAA-A2FF-E68E77A673C9}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (InstallShield Software Corporation)
CustomCLSID: HKU\S-1-5-21-2427394065-3725693352-322908783-1001_Classes\CLSID\{62F95A22-765F-11D3-B2A4-00105AEFBDC4}\InprocServer32 -> C:\Program Files\Common Files\Lexware\Dll\SelectEdit.dll ()
CustomCLSID: HKU\S-1-5-21-2427394065-3725693352-322908783-1001_Classes\CLSID\{65F3623F-180D-440B-B466-D58AC49B1B8C}\InprocServer32 -> C:\Program Files\Common Files\Lexware\Dll\lxhhlp10.dll (Haufe-Lexware GmbH & Co. KG)
CustomCLSID: HKU\S-1-5-21-2427394065-3725693352-322908783-1001_Classes\CLSID\{676D68E6-C435-11D2-AEC1-E6BCC959B40A}\InprocServer32 -> C:\Program Files\Common Files\Lexware\Dll\BitButton.ocx ()
CustomCLSID: HKU\S-1-5-21-2427394065-3725693352-322908783-1001_Classes\CLSID\{81C0C72B-C8BB-11D2-AEC1-A01E1399A50A}\InprocServer32 -> C:\Program Files\Common Files\Lexware\Dll\BitButton.ocx ()
CustomCLSID: HKU\S-1-5-21-2427394065-3725693352-322908783-1001_Classes\CLSID\{885BB46A-3F1E-44C3-A01B-A7D9260CC98B}\InprocServer32 -> C:\Windows\Downloaded Program Files\dwusplay.exe (InstallShield Software Corporation)
CustomCLSID: HKU\S-1-5-21-2427394065-3725693352-322908783-1001_Classes\CLSID\{885BB46A-3F1E-44C3-A01B-A7D9260CC98B}\localserver32 -> C:\Windows\Downloaded Program Files\dwusplay.exe (InstallShield Software Corporation)
CustomCLSID: HKU\S-1-5-21-2427394065-3725693352-322908783-1001_Classes\CLSID\{8FF91931-20C6-11D4-9D7D-00500440ECE2}\InprocServer32 -> C:\Program Files\Common Files\Lexware\Dll\SelectBtn.ocx (Haufe-Lexware GmbH & Co. KG)
CustomCLSID: HKU\S-1-5-21-2427394065-3725693352-322908783-1001_Classes\CLSID\{8FF91932-20C6-11D4-9D7D-00500440ECE2}\InprocServer32 -> C:\Program Files\Common Files\Lexware\Dll\SelectBtn.ocx (Haufe-Lexware GmbH & Co. KG)
CustomCLSID: HKU\S-1-5-21-2427394065-3725693352-322908783-1001_Classes\CLSID\{915C2CEB-216B-4B7C-89E4-9ED3512D58D9}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (InstallShield Software Corporation)
CustomCLSID: HKU\S-1-5-21-2427394065-3725693352-322908783-1001_Classes\CLSID\{92C5E738-7372-4CD6-BE57-15833624EBF3}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (InstallShield Software Corporation)
CustomCLSID: HKU\S-1-5-21-2427394065-3725693352-322908783-1001_Classes\CLSID\{98E84D43-23CF-4A64-A759-140A21F6AE38}\InprocServer32 -> C:\Program Files\Common Files\Lexware\Dll\LxHtmlCtl.ocx (Haufe-Lexware GmbH & Co. KG)
CustomCLSID: HKU\S-1-5-21-2427394065-3725693352-322908783-1001_Classes\CLSID\{9CAAD2EA-177B-4D07-871F-47255B5D30F3}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (InstallShield Software Corporation)
CustomCLSID: HKU\S-1-5-21-2427394065-3725693352-322908783-1001_Classes\CLSID\{AC514BC8-6BAF-4477-BE42-941B512DA9C0}\InprocServer32 -> C:\Program Files\Common Files\Lexware\Dll\PLZ.ocx (Haufe-Lexware GmbH & Co. KG)
CustomCLSID: HKU\S-1-5-21-2427394065-3725693352-322908783-1001_Classes\CLSID\{B391A1DB-28C8-4506-A43C-5BD6051F16BA}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (InstallShield Software Corporation)
CustomCLSID: HKU\S-1-5-21-2427394065-3725693352-322908783-1001_Classes\CLSID\{BE4C1154-B0C9-11D4-B311-00105AEFBDC4}\InprocServer32 -> C:\Program Files\Common Files\Lexware\Dll\LxMaskedEdit.dll (Haufe-Lexware GmbH & Co. KG)
CustomCLSID: HKU\S-1-5-21-2427394065-3725693352-322908783-1001_Classes\CLSID\{C092C0A0-18F9-11D4-AA9F-204C4F4F5020}\InprocServer32 -> C:\Program Files\Common Files\Lexware\Dll\ControlBar.ocx (Haufe-Lexware GmbH & Co. KG)
CustomCLSID: HKU\S-1-5-21-2427394065-3725693352-322908783-1001_Classes\CLSID\{C092C0D0-18F9-11D4-AA9F-204C4F4F5020}\InprocServer32 -> C:\Program Files\Common Files\Lexware\Dll\ControlBar.ocx (Haufe-Lexware GmbH & Co. KG)
CustomCLSID: HKU\S-1-5-21-2427394065-3725693352-322908783-1001_Classes\CLSID\{C092C0E0-18F9-11D4-AA9F-204C4F4F5020}\InprocServer32 -> C:\Program Files\Common Files\Lexware\Dll\ControlBar.ocx (Haufe-Lexware GmbH & Co. KG)
CustomCLSID: HKU\S-1-5-21-2427394065-3725693352-322908783-1001_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Norbert\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2427394065-3725693352-322908783-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Norbert\AppData\Local\Google\Update\1.3.26.9\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2427394065-3725693352-322908783-1001_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Norbert\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2427394065-3725693352-322908783-1001_Classes\CLSID\{E50C953D-311A-481B-8F8D-C55E65AF7417}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (InstallShield Software Corporation)
CustomCLSID: HKU\S-1-5-21-2427394065-3725693352-322908783-1001_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Norbert\AppData\Local\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2427394065-3725693352-322908783-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Norbert\AppData\Local\Google\Update\1.3.26.9\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2427394065-3725693352-322908783-1001_Classes\CLSID\{E9880553-B8A7-4960-A668-95C68BED571E}\InprocServer32 -> C:\Windows\Downloaded Program Files\isusweb.dll (InstallShield Software Corporation)
CustomCLSID: HKU\S-1-5-21-2427394065-3725693352-322908783-1001_Classes\CLSID\{E9A93328-79D4-4AED-A778-146E7191F8BC}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (InstallShield Software Corporation)
CustomCLSID: HKU\S-1-5-21-2427394065-3725693352-322908783-1001_Classes\CLSID\{F219C6CC-2A9C-4D4C-9F87-8241CAF3283C}\InprocServer32 -> C:\Program Files\Common Files\Lexware\Dll\LxDtv80.dll (Haufe-Lexware GmbH & Co. KG)
CustomCLSID: HKU\S-1-5-21-2427394065-3725693352-322908783-1001_Classes\CLSID\{FFF2D28F-E4EE-44D9-8104-8E71556757F6}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe (InstallShield Software Corporation)

==================== Restore Points  =========================

06-03-2015 09:50:40 Windows-Sicherung
06-03-2015 10:00:36 Windows Update
06-03-2015 10:23:28 Revo Uninstaller's restore point - Avast Internet Security
06-03-2015 10:24:31 avast! antivirus system restore point
06-03-2015 10:29:40 Revo Uninstaller's restore point - Spybot - Search & Destroy
06-03-2015 10:33:25 Revo Uninstaller's restore point - TreeSize Free V3.3
06-03-2015 10:35:37 Revo Uninstaller's restore point - Total Commander 64-bit (Remove or Repair)
06-03-2015 10:38:18 Revo Uninstaller's restore point - Rainmeter
06-03-2015 10:43:27 Revo Uninstaller's restore point - Sony Mobile Update Engine
06-03-2015 10:45:32 Revo Uninstaller's restore point - Sony PC Companion 2.10.236
06-03-2015 12:45:23 Revo Uninstaller's restore point - Opera Stable 27.0.1689.76
06-03-2015 13:09:11 Wiederherstellungsvorgang
06-03-2015 13:30:11 avast! antivirus system restore point
06-03-2015 13:39:48 Windows Update
06-03-2015 13:40:54 Windows-Sicherung
06-03-2015 13:45:12 Gerätetreiber-Paketinstallation: Avast Netzwerkdienst
06-03-2015 17:05:45 SiSoftware Sandra Lite
06-03-2015 17:07:12 SiSoftware Sandra Lite
06-03-2015 21:39:18 Windows Modules Installer
06-03-2015 22:34:03 Revo Uninstaller's restore point - Avast Internet Security
06-03-2015 22:35:47 avast! antivirus system restore point
07-03-2015 10:31:01 TuneUp Utilities 2014 wird installiert
07-03-2015 10:35:39 TuneUp Utilities 2014 (de-DE) wird entfernt
07-03-2015 10:43:03 Installed SLOW-PCfighter.
07-03-2015 10:48:51 Fighters Backup
07-03-2015 17:24:59 avast! antivirus system restore point
07-03-2015 18:21:06 avast! antivirus system restore point
07-03-2015 21:01:11 Autostart-Manager wird entfernt
07-03-2015 22:06:07 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0224EFBB-1BE3-443A-928F-F4D887C1692A} - System32\Tasks\{15925105-2E51-480C-8AD1-4DB5DA85D21D} => pcalua.exe -a D:\demo\Haus32\disk1\setup.exe -d D:\
Task: {03AEA4D5-8D7E-4844-8E2A-1CC3FB34E53C} - System32\Tasks\{9FD6C984-830D-4AE7-85CD-C79AA7DE76EA} => C:\Users\Norbert\Desktop\sca90093wxpw7.exe
Task: {072F7E87-1081-41BD-BC61-80B2CC34A71D} - System32\Tasks\Abelssoft\Updater scan => C:\Program Files\CHIP Updater\CHIPUpdater.exe
Task: {084791B4-AEFF-48DB-8B77-5FA7DFF52793} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {090623C4-0089-4E38-A3A6-9DEB57EDC1E8} - System32\Tasks\{68C11C40-023A-483F-BC52-4FEED93EC7A2} => C:\Users\Norbert\Downloads\vewo\VEWO_FREEWARE\SETUP.EXE
Task: {0987644A-DD0F-4B62-8D37-2B89D2F4AE7A} - System32\Tasks\{176B0549-ADA6-4D59-B8FA-DB015A899914} => pcalua.exe -a "C:\Users\Norbert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VZO300DD\stanfield-netzwerk-wh10.EXE" -d C:\Users\Norbert\Desktop
Task: {0A4B2401-3044-4522-BE16-D9298C5DBE61} - System32\Tasks\{253B975B-D1D2-49C6-8EBE-1D03A375B431} => pcalua.exe -a "C:\Users\Norbert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\868DGOSR\VAVakusSetup_10.0.0.0_Extern[1].exe" -d C:\Users\Norbert\Desktop
Task: {18FD6166-E2D4-4A32-B24D-55D0BD305293} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {1B57F139-1972-4F21-934C-636642C4A72F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {1D6F63C5-9543-48C5-A054-3AAF8981DB2F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {2179D3FE-14D0-4622-8F1F-1436BE528A88} - System32\Tasks\{4C6171D4-9E28-4C4A-944C-759C65E1BF31} => pcalua.exe -a D:\VIPSETUP\SETUP.EXE
Task: {280C7F67-DE39-4AFD-B531-F72657F90C52} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
Task: {2E3F34D0-8028-40F6-9E6F-31D15D8BB34A} - System32\Tasks\{E6B125EA-3113-4625-AA9C-5D0AB403B0FB} => pcalua.exe -a "C:\Program Files\InstallShield Installation Information\{80F24F31-F641-4349-83F3-59E335976D16}\setup.exe" -c -runfromtemp -l0x0007 -removeonly
Task: {2E63FBFD-180C-4863-AE34-59B2C70AB64A} - System32\Tasks\{12CCC1A2-7038-48E7-A362-66C95C44E754} => C:\Program Files\simfy\simfy.exe
Task: {30DEA97B-1605-4666-8776-E742A5B4EC90} - System32\Tasks\{5C6A874C-2DD1-4F6E-9BEA-C4FB0EAEFE9C} => C:\WINVIP\VIPSYS\VIPMENUE.EXE
Task: {32151FFB-2A43-41B5-ABFB-812661F406C2} - System32\Tasks\{1C581586-49D4-44FA-BAA2-42C8DFF09D7D} => pcalua.exe -a "C:\Users\Norbert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A75RKAK0\avira_free_antivirus_de1200861.exe" -d C:\Users\Norbert\Desktop
Task: {33B80B9E-D8F8-4CC2-AB88-341D3079C278} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-03-06] (Avast Software s.r.o.)
Task: {36F9DAFE-E20E-449B-83A1-346A03618592} - System32\Tasks\{5F416640-3127-4BF7-851D-AB7546D277EF} => pcalua.exe -a "C:\Users\Norbert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O9Q8PQPX\dotnetfx30SP1setup.exe" -d C:\Users\Norbert\Desktop
Task: {3F0763B7-62A5-41C7-916C-BC1E3D0AF3C2} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {4011767E-3BCE-430E-8F94-F60FF6743FC0} - System32\Tasks\{E6C81904-7DD5-43C5-B647-2854D53BCF9C} => pcalua.exe -a "C:\Program Files\Uniblue\RegistryBooster\Launcher.exe" -d C:\Users\Norbert\Desktop
Task: {40D351CA-6BBE-48E9-A2BA-3CEB8B772630} - System32\Tasks\{2206B1C1-28BF-413C-BFC7-6E10D3750B00} => C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE [2014-01-29] (Microsoft Corporation)
Task: {412C2D73-963A-4095-84C8-AADD03CD467D} - System32\Tasks\Start Registry Reviver => C:\Program Files\Reviversoft\Registry Reviver\RegistryReviver.exe
Task: {417C6594-306A-4C98-BDB4-D2C1C2906A55} - System32\Tasks\{4F5CFF9E-3FE2-4ED7-9D24-B74B99C490C6} => C:\Users\Norbert\Desktop\Nicht verwendete Desktopverknüpfungen\WINVIP\VIPSYS\VIPCHECK.EXE
Task: {42153A3C-62E9-436F-9C0F-4EAF42167B13} - System32\Tasks\{6EF803C8-BAFB-486C-BE49-0D7E1901F40B} => C:\Program Files\Avira\AntiVir Desktop\avcenter.exe [2014-12-04] (Avira Operations GmbH & Co. KG)
Task: {433A1379-D271-4A9F-B0D5-4F856F13654A} - System32\Tasks\{16CF8910-8832-4065-B6B2-3142AB27E324} => C:\Program Files\simfy\simfy.exe
Task: {49A9F5C2-3D93-46CE-A892-E512C12A9AC7} - System32\Tasks\{473EB14F-DF98-42AD-AAA2-7745244EA6DC} => C:\Program Files\Opera\launcher.exe
Task: {4B649214-B7A9-4977-A19E-95B0672965D0} - System32\Tasks\ParetoLogic Update Version3 Startup Task => C:\Program Files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2014-12-08] ()
Task: {4F2061F6-EA28-41B8-8AB1-738A2578A2B7} - System32\Tasks\ParetoLogic Registration3 => Rundll32.exe "C:\Program Files\Common Files\ParetoLogic\UUS3\UUS3.dll" RunUns
Task: {632DAA04-8A97-4C86-8868-68F0831DCF41} - System32\Tasks\ReimageUpdater => C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [2015-01-14] (Reimage®) <==== ATTENTION
Task: {66B007E4-1231-4E50-AB23-4DA077F5A053} - System32\Tasks\{B811E291-763D-4D3D-B9D0-F36DB26DA7DD} => C:\Program Files\Opera\launcher.exe
Task: {677D63F6-2ADF-4C6F-B8B6-46B2CCF64E5F} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2014-12-17] (Oracle Corporation)
Task: {69430D3F-86AD-4369-A8A8-ABAAE1D41188} - System32\Tasks\{A8C71C06-CEE3-470A-844F-2DC01FBF2EEF} => C:\Program Files\Avery Dennison\DesignPro Business Cards SE\labeler.exe
Task: {6A03FF8E-CB5C-4908-BFA3-01EB41AE0BA9} - System32\Tasks\{514064DF-D378-4556-9C7B-BED50FB39AE7} => C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE [2014-01-29] (Microsoft Corporation)
Task: {6B1D7376-7618-4F08-A0F8-F15A0FFDA50F} - \Registry Reviver-Norbert-Startup No Task File <==== ATTENTION
Task: {6B421457-D526-4374-94D9-ABC3D2903E4D} - System32\Tasks\{7C7AC558-C0A2-46F9-8BA8-2B15DC764E8A} => pcalua.exe -a "C:\Users\Norbert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\868DGOSR\visitenkarten[1].exe" -d C:\Users\Norbert\Desktop
Task: {6F7A0788-1364-4008-B0E3-BDE071CA2171} - System32\Tasks\{7FFC8355-C6FC-4056-91F8-741585C8D5F1} => C:\Program Files\Uniblue\RegistryBooster\Launcher.exe
Task: {7043E22E-53E6-4DB5-96D5-F85766BCF30F} - System32\Tasks\{C62DA294-A918-4061-835A-7FAAD7D96B4F} => C:\Program Files\Opera\launcher.exe
Task: {70F3E617-CE98-459F-8F77-890C1B554497} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {81D4162D-9EDE-4BEC-98DB-E060C0284CA4} - System32\Tasks\{D89052A4-B237-44D5-92BA-C75C0DFA91AC} => C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE [2014-01-29] (Microsoft Corporation)
Task: {83980FBD-FF7B-4677-95CC-04C41C87EB30} - System32\Tasks\{F28D758B-44B0-4136-A26F-22DEEEB8DAEB} => C:\Program Files\Avira\AntiVir Desktop\avcenter.exe [2014-12-04] (Avira Operations GmbH & Co. KG)
Task: {843C62CB-BF1A-4B66-9890-F11A537406EB} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2427394065-3725693352-322908783-1001UA => C:\Users\Norbert\AppData\Local\Google\Update\GoogleUpdate.exe [2014-11-06] (Google Inc.)
Task: {87DB79FA-5A36-4C21-B06B-BC114BA54C12} - System32\Tasks\{65BBCBE8-DAE6-4FE2-8DD1-E356789B0D8D} => C:\WINVIP\VIPSYS\VIPMENUE.EXE
Task: {8A62BF5E-AF29-4555-B349-EE92C155F157} - System32\Tasks\{2B2E8366-4C23-4347-B754-A6BF3DF6AC3F} => C:\Users\Norbert\Desktop\Nicht verwendete Desktopverknüpfungen\WINVIP\VIPSYS\VIPMENUE.EXE
Task: {8BDD9E21-8886-4E0B-BBFE-DD275470183F} - System32\Tasks\{A4F3EAF7-BC89-46FD-ACA1-2314BC998B6B} => C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE [2014-01-29] (Microsoft Corporation)
Task: {8CE53F95-50DA-47F4-A73A-8C5DAF9C3076} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {8DDFFE20-1CE7-45DD-9D72-D4F30B7B66BF} - System32\Tasks\{A9AD8B52-B1B4-46D7-B8B7-8767AEF2C45B} => C:\Program Files\BearShare Applications\BearShare\BearShare.exe
Task: {8F13CC87-6790-432D-B5C6-4BE28A0A787D} - System32\Tasks\{0555B30E-8EFB-4FE7-BA1D-1D653163FCA7} => pcalua.exe -a "C:\Program Files\LucasFan Games\MMD\Uninstal.exe" -d "C:\Program Files\LucasFan Games\MMD"
Task: {90955C3F-2955-46BA-B5FD-48A1D636DBF2} - System32\Tasks\{F658BFCC-8B0C-45CF-9C4F-C661A65B8E5C} => C:\Banana\Banana60\Banana60.exe [2011-06-14] (Banana.ch SA - Lugano (Switzerland))
Task: {9370E666-AD6A-40FF-A893-A8037361AF7F} - System32\Tasks\{05D80299-92DF-4462-8309-EFBAC9F65173} => C:\Users\Norbert\Desktop\Nicht verwendete Desktopverknüpfungen\WINVIP\VIPSYS\VIPMENUE.EXE
Task: {938127CD-C69B-430E-B10B-ED1DD4DB966E} - System32\Tasks\{B20456B5-ED9C-48D5-B4AC-99D8B13E8569} => C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE [2014-01-29] (Microsoft Corporation)
Task: {938F63DD-30B6-4B9F-8AB7-24C441C39199} - System32\Tasks\{EEF15B95-7EC1-4E15-BE6A-718436A7DAE6} => pcalua.exe -a C:\Users\Norbert\AppData\Roaming\webssearches\UninstallManager.exe -c  -ptid=cvs2 <==== ATTENTION
Task: {93AEAB62-7DF7-4671-9F27-844EAA0E25A6} - System32\Tasks\{82BE0577-8A0C-477D-80B7-609DBC6DCEAB} => C:\WINVIP\VIPSYS\VIPMENUE.EXE
Task: {9759C23E-9041-4989-B01F-89A2B8564E46} - System32\Tasks\{FDBACD20-C867-4470-B1A7-8354A42A9A99} => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [2015-02-12] (Avira Operations GmbH & Co. KG)
Task: {97699AA5-3026-4679-93C4-E9AA4CBF6E19} - System32\Tasks\{548EB896-E930-4486-ADF8-C42B1FB99E03} => pcalua.exe -a C:\Users\Norbert\Downloads\avira_antivir_personal_de.exe -d C:\Users\Norbert\Desktop
Task: {9AC3FB81-EDED-40E5-A30E-57ADB159F5F1} - System32\Tasks\{00813430-CA52-4311-8B90-3176DD97207B} => C:\Users\Norbert\Downloads\vewo\VEWO_FREEWARE\SETUP.EXE
Task: {9C14F4B3-94B6-4E73-A266-EAA0CF6771A1} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files\TuneUp Utilities 2014\OneClick.exe [2014-07-16] (TuneUp Software)
Task: {9F45BEE5-7949-4842-9036-69D2BBE39889} - System32\Tasks\{202F20D1-91B3-4B94-9761-907759F31F7D} => C:\Users\Norbert\Desktop\PasswordGenerator_2 (1).exe
Task: {A24BDC3A-8DE6-4011-B012-FF9609F896B5} - System32\Tasks\ParetoLogic Update Version3 => C:\Program Files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2014-12-08] ()
Task: {A4875CCE-F298-494E-B352-0F489F3FD5A8} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2427394065-3725693352-322908783-1001Core => C:\Users\Norbert\AppData\Local\Google\Update\GoogleUpdate.exe [2014-11-06] (Google Inc.)
Task: {A58AD2EE-2FA8-4DCD-9672-8733104A4CB5} - System32\Tasks\{8FF18639-D614-42DE-8920-0A808123E2FE} => C:\Users\Norbert\Downloads\vewo\VEWO_FREEWARE\SETUP.EXE
Task: {A76DF3E5-5B59-4759-A4D9-0AC747031F8E} - System32\Tasks\{83BCF712-88F8-4DB1-B41C-B73FF376FDAD} => C:\Program Files\Avery Dennison\DesignPro Business Cards SE\labeler.exe
Task: {A9ACA26D-D843-4FA7-B792-CE26B5E138A4} - System32\Tasks\{101ADF13-70F7-42D4-94AC-F54A8B80F6B2} => pcalua.exe -a D:\VIPSETUP\SETUP.EXE -d D:\VIPSETUP
Task: {AAF2049E-139D-4CA0-BC63-DB6601BAFDA4} - System32\Tasks\{017053DB-9560-488F-A726-A3476FDD7DAA} => pcalua.exe -a "C:\Users\Norbert\Desktop\Nicht verwendete Desktopverknüpfungen\avira_antivir_personal_de.exe" -d "C:\Users\Norbert\Desktop\Nicht verwendete Desktopverknüpfungen"
Task: {AB496B45-584F-4602-AED8-FA222417D8BF} - System32\Tasks\{A685A02E-87B6-4454-AA1C-C009F56F5686} => pcalua.exe -a "C:\Users\Norbert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3CBXFYHI\dotnetfx.exe" -d C:\Users\Norbert\Desktop
Task: {B01141F9-205E-4094-A70F-C8FF9E87A637} - System32\Tasks\{C88A18D1-BF43-48A6-98A3-9795AF2FB679} => C:\Program Files\simfy\simfy.exe
Task: {B2D8FE27-9DAC-42FC-8C03-BB45954DDA57} - System32\Tasks\{4F7BDE4E-2842-4FD2-B381-D4DAC589CCA1} => pcalua.exe -a "C:\Program Files\Uniblue\RegistryBooster\Launcher.exe" -d C:\Users\Norbert\Desktop
Task: {B50F08BF-CCEE-4964-ABEA-E674C7045D66} - System32\Tasks\{70DADB44-057C-44E0-BFD1-5E81B3F0DFEC} => C:\Program Files\MiniTool Partition Wizard Home Edition 5.2\PartitionWizard.exe
Task: {B5A7321B-2D97-4A32-98DB-5D54B85550F9} - System32\Tasks\{350CFD31-86F9-45B7-88B4-5BF88780DDCA} => pcalua.exe -a "C:\Users\Norbert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OLAB268W\DE_de_DP5_DL_20100525.exe" -d C:\Users\Norbert\Desktop
Task: {B92D8207-4FF4-4817-AD15-CEDD28C742DB} - System32\Tasks\{58A35663-56C4-43A9-BCFC-763E9A58C1AA} => C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE [2014-01-29] (Microsoft Corporation)
Task: {BB2F711D-6483-40E2-AD44-1B1B225E5769} - System32\Tasks\{32616C80-5390-475B-9A53-74E3F3FBAFE3} => C:\Program Files\Uniblue\RegistryBooster\Launcher.exe
Task: {BD1267D7-2BD5-4392-9A08-527029440B8F} - System32\Tasks\{F383150D-377F-42D6-B5F1-6DAD569398E1} => pcalua.exe -a D:\SETUP.EXE -d D:\
Task: {BEB3C570-76BE-4116-9F11-3079DC61AD11} - System32\Tasks\{98130F49-BDDD-4F37-BD68-179C0FC3A0C4} => C:\WINVIP\VIPSYS\VIPMENUE.EXE
Task: {C06E86CC-82F3-4901-9F9C-2EE1765AFB41} - System32\Tasks\{0C4C22E7-449C-4551-95EC-DBCC2C412CF7} => C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE [2014-01-29] (Microsoft Corporation)
Task: {C1D910F8-EB7B-41D3-958E-493683150D2D} - System32\Tasks\avastBCLRestartS-1-5-21-2427394065-3725693352-322908783-1001 => Chrome.exe 
Task: {C3A3674F-4D99-4EBD-9597-F17508DD82AE} - System32\Tasks\{EC69203E-0BF6-44DA-A866-F2A64F499D3B} => C:\WINVIP\VIPSYS\VIPMENUE.EXE
Task: {C4014ADA-0380-4DEF-82DC-01537E533BEE} - System32\Tasks\{D14291D9-4358-49D7-8AC8-407AB12575EF} => C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE [2014-01-29] (Microsoft Corporation)
Task: {C79179BA-9343-43A7-BED9-B4E1B5499977} - System32\Tasks\{ABE8A9D0-D6F2-4D82-901E-B3461D4A3AB6} => C:\Program Files\Uniblue\RegistryBooster\Launcher.exe
Task: {C79C4033-4335-48FA-BB72-E855A1031739} - System32\Tasks\{A43EDD25-F7E1-489C-B1BA-A4D9AE5194AF} => C:\Program Files\simfy\simfy.exe
Task: {CAC20457-45CE-4586-8ACB-D592DEC14E27} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {CF1CB963-5396-4FAC-8D20-665038E2A101} - System32\Tasks\{8DD97B6A-24FC-4618-A9D3-821451A6D8D8} => pcalua.exe -a D:\setup.exe -d D:\
Task: {D1AAFE21-D50C-4B8A-99E3-ECC7C9B791B1} - System32\Tasks\{8C4DF6DB-4182-4976-A2A9-8790224FCE4A} => C:\Windows\WindowsMobile\wmdc.exe [2007-05-31] (Microsoft Corporation)
Task: {D398F9DF-0DAA-4FA6-A9E1-120A8B1FE731} - System32\Tasks\{B814169D-1219-41A3-87AD-A7DB05905230} => pcalua.exe -a "C:\Program Files\BabylonToolbar\BabylonToolbar\1.8.4.9\GUninstaller.exe" -c -uprtc -key "BabylonToolbar"
Task: {D400DA60-39DC-4ED0-9C24-64A59E42CF03} - System32\Tasks\SuperEasyDriverUpdaterRunAtStartup => C:\Program Files\SuperEasy Software\Driver Updater\supereasydu.exe
Task: {D4887C35-E262-4716-88F7-B87F3440DDBA} - System32\Tasks\{065CCB58-191F-48D8-A346-721A167903A8} => C:\Users\Norbert\Desktop\Banana50.exe
Task: {DF79483F-C2DA-455C-BF2A-98137A4A392B} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2427394065-3725693352-322908783-1001
Task: {E109A05C-B72E-4956-A9FE-4A526FADD266} - \WinMaximizer-Norbert-Startup No Task File <==== ATTENTION
Task: {E647392B-1ED7-4584-9DE2-4FC8DB21DE1A} - System32\Tasks\{70D01075-BDD0-477F-B4AC-DEBF71F94BC5} => C:\Users\Norbert\Desktop\PasswordGenerator_2 (1).exe
Task: {E77CA2E7-4B0A-4809-9845-0B0BF29EFD16} - System32\Tasks\{4DC70161-EAEC-4623-8FDB-D549C6E82015} => pcalua.exe -a "C:\Users\Norbert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IF3YRDI7\VAVakus11.0.exe" -d C:\Users\Norbert\Desktop
Task: {E8861CB8-673E-445E-973F-565165FDC636} - System32\Tasks\{D34389CA-8DB6-42E3-A7F0-EF3A1AFEA2AD} => pcalua.exe -a "C:\Users\Norbert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HFO4X7RQ\maniac_mansion_www_freispiel_de.exe" -d C:\Users\Norbert\Desktop
Task: {EB6B64CE-5EB7-40C8-9B58-7DA770DCF28B} - System32\Tasks\{3D72EBC0-C943-4B22-9DAB-3B46E705B3BC} => pcalua.exe -a "C:\Program Files\Rainmeter\Addons\Rainstaller\Rainstaller.exe" -d C:\Users\Norbert\Downloads\windows_8-toolbox\Omnimo -c C:\Users\Norbert\Downloads\windows_8-toolbox\Omnimo\SETUP (new users).rmskin
Task: {EE1B5A55-4A5E-47FA-BCB6-5082A53C3467} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {F8C963B7-9893-4C36-A3C9-480BCCC391AD} - System32\Tasks\{0F0E3D31-943B-4A8F-8A4D-B1DB2FB0A51C} => C:\Program Files\simfy\simfy.exe
Task: {F8D227EA-D8F4-4F1E-84D2-70830EF88A5D} - System32\Tasks\{7A7F32AE-8747-4371-85F5-A9304EDACE89} => C:\Program Files\Uniblue\RegistryBooster\Launcher.exe
Task: {FC4F9E73-82C4-43D1-84DE-76CE7D825C9D} - System32\Tasks\Opera scheduled Autoupdate 1413889501 => C:\Program Files\Opera\launcher.exe
Task: {FDB3045B-2381-4CC0-AFF7-38911F7B4109} - System32\Tasks\{DA1F53DA-373D-4CC5-B7DE-F7048FDA1328} => pcalua.exe -a C:\Users\Norbert\AppData\Local\Temp\Temp1_NOVALIS-HVW-2003-Free-setup.zip\NOVALIS-HVW-2003-Free-setup.exe
Task: {FDBD47CA-3689-4600-B0A7-437BF55927EC} - System32\Tasks\{FDCF1C82-7BEA-459E-9A18-1DF818EBC52C} => pcalua.exe -a C:\Users\Norbert\Downloads\VAVakus11.0.exe -d C:\Users\Norbert\Downloads

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2427394065-3725693352-322908783-1001Core.job => C:\Users\Norbert\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2427394065-3725693352-322908783-1001UA.job => C:\Users\Norbert\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ParetoLogic Registration3.job => C:\Windows\system32\rundll32.exeAC:\Program Files\Common Files\ParetoLogic\UUS3\UUS3.dll
Task: C:\Windows\Tasks\ParetoLogic Update Version3 Startup Task.job => C:\Program Files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe
Task: C:\Windows\Tasks\ParetoLogic Update Version3.job => C:\Program Files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe

==================== Loaded Modules (whitelisted) ==============

2015-03-06 22:37 - 2015-03-06 22:37 - 00104400 ____C () C:\Program Files\AVAST Software\Avast\log.dll
2015-03-06 22:37 - 2015-03-06 22:37 - 00081728 ____C () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-03-07 21:00 - 2015-03-07 21:00 - 02919424 ____C () C:\Program Files\AVAST Software\Avast\defs\15030701\algo.dll
2015-03-08 12:37 - 2015-03-08 12:37 - 02919424 ____C () C:\Program Files\AVAST Software\Avast\defs\15030800\algo.dll
2015-03-06 22:37 - 2015-03-06 22:37 - 40540672 ____C () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-03-06 22:37 - 2015-03-06 22:37 - 01359872 ____C () C:\Program Files\AVAST Software\Avast\libglesv2.dll
2015-03-06 22:37 - 2015-03-06 22:37 - 00212992 ____C () C:\Program Files\AVAST Software\Avast\libegl.dll
2014-09-04 19:22 - 2014-09-04 19:22 - 01020928 _____ () C:\Users\Norbert\AppData\Roaming\Mozilla\Firefox\Profiles\p41lyn23.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Norbert Fohr:zylomtest
AlternateDataStreams: C:\Users\Norbert Fohr:zylomtr{000HQ7FF-AD7A-3FG3-8AT4-258NF6K78VVT}
AlternateDataStreams: C:\Users\Norbert Fohr:zylomtr{000HQ7FF-AD7A-3FG3-L1G2-28QRSPMS6VVH}
AlternateDataStreams: C:\ProgramData\TEMP:07BF512B
AlternateDataStreams: C:\ProgramData\TEMP:C3AE45C9
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2427394065-3725693352-322908783-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Norbert\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 195.34.133.21 - 212.186.211.21

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Install LastPass FF RunOnce.lnk => C:\Windows\pss\Install LastPass FF RunOnce.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Install LastPass IE RunOnce.lnk => C:\Windows\pss\Install LastPass IE RunOnce.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PHOTOfunSTUDIO 5.0.lnk => C:\Windows\pss\PHOTOfunSTUDIO 5.0.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Scanner Finder.lnk => C:\Windows\pss\Scanner Finder.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AutoEJCD_0ACE20FF => C:\Program Files\AutoInstall\ZD1211B_Auto_Install_CD_Only_Gen_0ACE20FF\AutoEJCD.EXE /VID=0ACE /PID=20FF
MSCONFIG\startupreg: avgnt => "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
MSCONFIG\startupreg: Avira Systray => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
MSCONFIG\startupreg: CanonQuickMenu => C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE /logon
MSCONFIG\startupreg: Elite Unzip AppIntegrator 32-bit => C:\PROGRA~1\EliteUnzip_aa\bar\1.bin\AppIntegrator.exe
MSCONFIG\startupreg: Elite Unzip EPM Support => "C:\PROGRA~1\EliteUnzip_aa\bar\1.bin\aamedint.exe" T8EPMSUP.DLL,S
MSCONFIG\startupreg: Google Update => "C:\Users\Norbert\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: Google+ Auto Backup => "C:\Users\Norbert\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe" /autostart
MSCONFIG\startupreg: HP Software Update => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: hpqSRMon => C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
MSCONFIG\startupreg: IJNetworkScannerSelectorEX => C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
MSCONFIG\startupreg: ISUSPM Startup => C:\PROGRA~1\COMMON~1\INSTAL~1\UpdateService\ISUSPM.exe -startup
MSCONFIG\startupreg: ISUSScheduler => "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
MSCONFIG\startupreg: KiesPDLR.exe => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe Run
MSCONFIG\startupreg: KiesPreload => C:\Program Files\Samsung\Kies\Kies.exe /preload
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: MyTransitGuide AppIntegrator 32-bit => C:\PROGRA~1\MyTransitGuide_b7\bar\1.bin\AppIntegrator.exe
MSCONFIG\startupreg: NokiaPCInternetAccess => "C:\Program Files\Nokia\PC Internet Access\NPCIA.exe" /b
MSCONFIG\startupreg: NokiaSuite.exe => C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe -tray
MSCONFIG\startupreg: PDFPrint => C:\Program Files\pdf24\pdf24.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RegistryBooster => "C:\Program Files\Uniblue\RegistryBooster\launcher.exe" delay 20000 
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

==================== Accounts: =============================

Administrator (S-1-5-21-2427394065-3725693352-322908783-500 - Administrator - Disabled)
Gast (S-1-5-21-2427394065-3725693352-322908783-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2427394065-3725693352-322908783-1002 - Limited - Enabled)
Norbert (S-1-5-21-2427394065-3725693352-322908783-1001 - Administrator - Enabled) => C:\Users\Norbert

==================== Faulty Device Manager Devices =============

Name: Scanner 4800dpi
Description: Scanner 4800dpi
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Microtek Driver Team
Service: usbscan
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/07/2015 09:04:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: chrome.exe, Version: 40.0.2214.115, Zeitstempel: 0x54e3aecf
Name des fehlerhaften Moduls: chrome.dll, Version: 40.0.2214.115, Zeitstempel: 0x54e3aaab
Ausnahmecode: 0x80000003
Fehleroffset: 0x00539aca
ID des fehlerhaften Prozesses: 0x15cc
Startzeit der fehlerhaften Anwendung: 0xchrome.exe0
Pfad der fehlerhaften Anwendung: chrome.exe1
Pfad des fehlerhaften Moduls: chrome.exe2
Berichtskennung: chrome.exe3

Error: (03/07/2015 07:21:03 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm iexplore.exe, Version 11.0.9600.17631 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1180

Startzeit: 01d05901aae1241f

Endzeit: 12

Anwendungspfad: C:\Program Files\Internet Explorer\iexplore.exe

Berichts-ID:

Error: (03/07/2015 06:55:17 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm iexplore.exe, Version 11.0.9600.17631 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1460

Startzeit: 01d058fec5fe1a1d

Endzeit: 8

Anwendungspfad: C:\Program Files\Internet Explorer\iexplore.exe

Berichts-ID:

Error: (03/07/2015 06:52:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: chrome.exe, Version: 40.0.2214.115, Zeitstempel: 0x54e3aecf
Name des fehlerhaften Moduls: chrome.dll, Version: 40.0.2214.115, Zeitstempel: 0x54e3aaab
Ausnahmecode: 0x80000003
Fehleroffset: 0x00539aca
ID des fehlerhaften Prozesses: 0x14e4
Startzeit der fehlerhaften Anwendung: 0xchrome.exe0
Pfad der fehlerhaften Anwendung: chrome.exe1
Pfad des fehlerhaften Moduls: chrome.exe2
Berichtskennung: chrome.exe3

Error: (03/07/2015 06:22:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: opera.exe, Version: 27.0.1689.76, Zeitstempel: 0x54e7ed06
Name des fehlerhaften Moduls: opera.exe, Version: 27.0.1689.76, Zeitstempel: 0x54e7ed06
Ausnahmecode: 0x80000003
Fehleroffset: 0x000873e0
ID des fehlerhaften Prozesses: 0x45c
Startzeit der fehlerhaften Anwendung: 0xopera.exe0
Pfad der fehlerhaften Anwendung: opera.exe1
Pfad des fehlerhaften Moduls: opera.exe2
Berichtskennung: opera.exe3

Error: (03/07/2015 06:21:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: opera.exe, Version: 27.0.1689.76, Zeitstempel: 0x54e7ed06
Name des fehlerhaften Moduls: opera.exe, Version: 27.0.1689.76, Zeitstempel: 0x54e7ed06
Ausnahmecode: 0x80000003
Fehleroffset: 0x000873e0
ID des fehlerhaften Prozesses: 0x1d4
Startzeit der fehlerhaften Anwendung: 0xopera.exe0
Pfad der fehlerhaften Anwendung: opera.exe1
Pfad des fehlerhaften Moduls: opera.exe2
Berichtskennung: opera.exe3

Error: (03/07/2015 06:21:04 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {c07561cc-547f-4a51-a71c-ca612f8f5938}

Error: (03/07/2015 05:29:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: opera.exe, Version: 27.0.1689.76, Zeitstempel: 0x54e7ed06
Name des fehlerhaften Moduls: opera.exe, Version: 27.0.1689.76, Zeitstempel: 0x54e7ed06
Ausnahmecode: 0x80000003
Fehleroffset: 0x000873e0
ID des fehlerhaften Prozesses: 0x17c0
Startzeit der fehlerhaften Anwendung: 0xopera.exe0
Pfad der fehlerhaften Anwendung: opera.exe1
Pfad des fehlerhaften Moduls: opera.exe2
Berichtskennung: opera.exe3

Error: (03/07/2015 05:24:58 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {d856217c-5f73-43f7-aa4b-7cb0680e5fa5}

Error: (03/07/2015 00:31:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: opera.exe, Version: 27.0.1689.76, Zeitstempel: 0x54e7ed06
Name des fehlerhaften Moduls: opera.exe, Version: 27.0.1689.76, Zeitstempel: 0x54e7ed06
Ausnahmecode: 0x80000003
Fehleroffset: 0x000873e0
ID des fehlerhaften Prozesses: 0x1270
Startzeit der fehlerhaften Anwendung: 0xopera.exe0
Pfad der fehlerhaften Anwendung: opera.exe1
Pfad des fehlerhaften Moduls: opera.exe2
Berichtskennung: opera.exe3


System errors:
=============
Error: (03/08/2015 00:38:45 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Windows Update" wurde nicht richtig gestartet.

Error: (03/08/2015 00:31:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Spybot-S&D 2 Security Center Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (03/08/2015 00:31:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "TuneUp Utilities Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (03/08/2015 00:31:02 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst TuneUp Utilities Service erreicht.

Error: (03/08/2015 00:31:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Spybot-S&D 2 Updating Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (03/08/2015 00:31:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Spybot-S&D 2 Scanner Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (03/07/2015 09:08:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Spybot-S&D 2 Security Center Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (03/07/2015 09:08:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "TuneUp Utilities Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (03/07/2015 09:08:48 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst TuneUp Utilities Service erreicht.

Error: (03/07/2015 09:08:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Spybot-S&D 2 Updating Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2


Microsoft Office Sessions:
=========================
Error: (12/02/2014 00:27:40 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 8 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (01/20/2014 04:06:40 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6690.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1721 seconds with 540 seconds of active time.  This session ended with a crash.

Error: (11/10/2012 07:01:04 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 288 seconds with 120 seconds of active time.  This session ended with a crash.

Error: (08/26/2012 04:21:32 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 9146 seconds with 60 seconds of active time.  This session ended with a crash.

Error: (05/01/2012 00:14:45 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6654.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 1621 seconds with 1560 seconds of active time.  This session ended with a crash.

Error: (10/12/2011 00:14:42 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 188 seconds with 60 seconds of active time.  This session ended with a crash.

Error: (09/27/2011 09:40:38 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 362 seconds with 180 seconds of active time.  This session ended with a crash.

Error: (06/26/2011 07:06:06 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 783 seconds with 600 seconds of active time.  This session ended with a crash.

Error: (02/19/2011 10:48:31 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 122 seconds with 120 seconds of active time.  This session ended with a crash.

Error: (10/17/2010 03:29:22 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 145 seconds with 120 seconds of active time.  This session ended with a crash.


==================== Memory info =========================== 

Processor: Pentium(R) Dual-Core CPU T4300 @ 2.10GHz
Percentage of memory in use: 38%
Total physical RAM: 3000.93 MB
Available physical RAM: 1857.82 MB
Total Pagefile: 6000.14 MB
Available Pagefile: 4396.35 MB
Total Virtual: 2047.88 MB
Available Virtual: 1891.23 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:227.28 GB) (Free:96.1 GB) NTFS
Drive h: (HITACHI) (Fixed) (Total:931.28 GB) (Free:360.99 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 391F5D34)
Partition 1: (Not Active) - (Size=1 GB) - (Type=82)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=227.3 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 31BED6D9)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=0C)
         

Hi,

dann wollen wir mal .


Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code: Alles auswählenAufklappen

ATTFilter

R2 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [6079848 2015-01-14] (Reimage®)
(Reimage®) C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe
(Reimage®) C:\Program Files\Reimage\Reimage Protector\ReiSystem.exe
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2427394065-3725693352-322908783-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2427394065-3725693352-322908783-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1418551854&from=cvs2&uid=HitachiXHTS545025B9A300_090808PB4206QSJA1XWAX
SearchScopes: HKLM -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {63894242-d1a7-4235-a425-c124cb8f4633} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^BDG^man000^YYA^&ptb=AD00C554-0FFF-46C3-9918-7F98868B9CF5&ind=2014103117&n=780cc64d&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://speedial.com/results.php?f=4&q={searchTerms}&a=spd_frmr_14_20_ie&cd=2XzuyEtN2Y1L1QzutD0CyCtDyByCtB0A0EtD0F0BtBtB0CzytN0D0Tzu0SzzyCzztN1L2XzutBtFtBtDtFtCtAtFtCtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StC0Bzy0E0ByEtCyBtGyByByCtBtGtD0B0DzytG0DyEzy0AtGyDyD0C0EyBtC0A0CtAtBtBtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0EyCtA0FyB0FyEtG0A0E0EtAtG0E0F0FyBtG0CyEyD0BtGtA0EyCzy0BtDtA0AtCzyzzyD2Q&cr=2002027499&ir=
SearchScopes: HKLM -> {75b4241f-171e-44a3-bf44-23613b6e3e03} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^AYY^xdm065^YYA^at&si=flvrunner&ptb=5D93837E-53C2-4E70-BB82-266EE7848008&ind=2013073106&n=77fd0ed2&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKU\S-1-5-21-2427394065-3725693352-322908783-1001 -> {63894242-d1a7-4235-a425-c124cb8f4633} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^BDG^man000^YYA^&ptb=AD00C554-0FFF-46C3-9918-7F98868B9CF5&ind=2014103117&n=780cc64d&psa=&st=sb&searchfor={searchTerms}
Toolbar: HKU\S-1-5-21-2427394065-3725693352-322908783-1001 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKU\S-1-5-21-2427394065-3725693352-322908783-1001 -> No Name - {1D8566BD-F06F-4029-A3BE-BA80AF5A09F3} -  No File
Toolbar: HKU\S-1-5-21-2427394065-3725693352-322908783-1001 -> No Name - {7E111A5C-3D11-4F56-9463-5310C3C69025} -  No File
cmd: netsh winsock reset
2015-02-10 14:03 - 2015-02-26 21:28 - 00000000 ____D () C:\ProgramData\16a379cb768f4632acbd7bc4c211ef27
2015-02-10 14:03 - 2015-02-10 14:03 - 00000000 ____D () C:\ProgramData\ca7f1237741e43bb9b5f364c67c93027
2015-02-10 14:03 - 2015-02-07 21:45 - 00318616 _____ (Over the Rainbow Tech) C:\Windows\system32\ColorMedia.dll
2015-03-07 12:10 - 2015-03-07 12:11 - 00000000 ____D () C:\ProgramData\Reimage Protector
2015-03-07 12:09 - 2015-03-07 12:32 - 00000000 ___DC () C:\Program Files\Reimage
2015-03-07 12:09 - 2015-03-07 12:12 - 00000000 ____D () C:\rei
2015-02-27 19:46 - 2015-02-27 19:48 - 06340808 _____ (SpeedMaxPc) C:\Users\Norbert\Downloads\SpeedMaxpc_installer_de.exe
2015-02-27 20:26 - 2015-01-13 15:42 - 00000000 ____D () C:\ProgramData\SpeedMaxPc
Task: {632DAA04-8A97-4C86-8868-68F0831DCF41} - System32\Tasks\ReimageUpdater => C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [2015-01-14] (Reimage®) <==== ATTENTION
Task: {938F63DD-30B6-4B9F-8AB7-24C441C39199} - System32\Tasks\{EEF15B95-7EC1-4E15-BE6A-718436A7DAE6} => pcalua.exe -a C:\Users\Norbert\AppData\Roaming\webssearches\UninstallManager.exe -c  -ptid=cvs2 <==== ATTENTION
C:\Users\Norbert\AppData\Roaming\webssearches
AlternateDataStreams: C:\Users\Norbert Fohr:zylomtest
AlternateDataStreams: C:\Users\Norbert Fohr:zylomtr{000HQ7FF-AD7A-3FG3-8AT4-258NF6K78VVT}
AlternateDataStreams: C:\Users\Norbert Fohr:zylomtr{000HQ7FF-AD7A-3FG3-L1G2-28QRSPMS6VVH}
AlternateDataStreams: C:\ProgramData\TEMP:07BF512B
AlternateDataStreams: C:\ProgramData\TEMP:C3AE45C9
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1
EmptyTemp:
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

• Starte nun FRST erneut und klicke den Entfernen Button.
• Das Tool erstellt eine Fixlog.txt.
• Poste mir deren Inhalt.

Schritt 2
Bitte scanne dein System mit Malwarebytes Anti-Malware, wenn dein letzer Scan älter als zwei Tage ist und poste das Logfile hier. Falls der letzte Scan von gestern oder vorgestern ist, poste das Logfile von diesem Scan bitte hier.

Schritt 3

ESET Online Scanner

• Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
• Lade und starte Eset Online Scanner
• Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
• Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
• Klicke auf Starten.
• Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
• Klicke am Ende des Suchlaufs auf Fertig stellen.
• Schließe das Fenster von ESET.
• Explorer öffnen.
• C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
• Logfile hier posten.
• Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
• Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Schritt 4
Starte noch einmal FRST.

• Ändere keine der Voreinstellungen und drücke auf Scan.
• Wenn der Scan abgeschlossen ist, wird ein neues Logfile FRST.txt erstellt und auf dem Desktop gespeichert.
• Poste den Inhalt dieses Logfiles bitte hier in deinen Thread.

Wie siehts mit deinen Problemen aus, sind diese immer noch vorhanden?


Poste folgende Logfiles in deiner nächsten Antwort:

• Fixlog.txt
• mbam.txt
• log.txt
• FRST.txt

Hallo Jonas,
zuerst einmal den Fixlog.txt.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 08-03-2015 01
Ran by Norbert at 2015-03-09 22:45:57 Run:1
Running from C:\Users\Norbert\Downloads
Loaded Profiles: Norbert (Available profiles: Norbert)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
R2 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [6079848 2015-01-14] (Reimage®)
(Reimage®) C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe
(Reimage®) C:\Program Files\Reimage\Reimage Protector\ReiSystem.exe
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2427394065-3725693352-322908783-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2427394065-3725693352-322908783-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1418551854&from=cvs2&uid=HitachiXHTS545025B9A300_090808PB4206QSJA1XWAX
SearchScopes: HKLM -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {63894242-d1a7-4235-a425-c124cb8f4633} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^BDG^man000^YYA^&ptb=AD00C554-0FFF-46C3-9918-7F98868B9CF5&ind=2014103117&n=780cc64d&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://speedial.com/results.php?f=4&q={searchTerms}&a=spd_frmr_14_20_ie&cd=2XzuyEtN2Y1L1QzutD0CyCtDyByCtB0A0EtD0F0BtBtB0CzytN0D0Tzu0SzzyCzztN1L2XzutBtFtBtDtFtCtAtFtCtN1L1 CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StC0Bzy0E0ByEtCyBtGyByByCtBtGtD0B0DzytG0DyEzy0AtGyDyD0C0EyBtC0A0CtAtBtBtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0EyCtA0Fy B0FyEtG0A0E0EtAtG0E0F0FyBtG0CyEyD0BtGtA0EyCzy0BtDtA0AtCzyzzyD2Q&cr=2002027499&ir=
SearchScopes: HKLM -> {75b4241f-171e-44a3-bf44-23613b6e3e03} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^AYY^xdm065^YYA^at&si=flvrunner&ptb=5D93837E-53C2-4E70-BB82-266EE7848008&ind=2013073106&n=77fd0ed2&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKU\S-1-5-21-2427394065-3725693352-322908783-1001 -> {63894242-d1a7-4235-a425-c124cb8f4633} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^BDG^man000^YYA^&ptb=AD00C554-0FFF-46C3-9918-7F98868B9CF5&ind=2014103117&n=780cc64d&psa=&st=sb&searchfor={searchTerms}
Toolbar: HKU\S-1-5-21-2427394065-3725693352-322908783-1001 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKU\S-1-5-21-2427394065-3725693352-322908783-1001 -> No Name - {1D8566BD-F06F-4029-A3BE-BA80AF5A09F3} - No File
Toolbar: HKU\S-1-5-21-2427394065-3725693352-322908783-1001 -> No Name - {7E111A5C-3D11-4F56-9463-5310C3C69025} - No File
cmd: netsh winsock reset
2015-02-10 14:03 - 2015-02-26 21:28 - 00000000 ____D () C:\ProgramData\16a379cb768f4632acbd7bc4c211ef27
2015-02-10 14:03 - 2015-02-10 14:03 - 00000000 ____D () C:\ProgramData\ca7f1237741e43bb9b5f364c67c93027
2015-02-10 14:03 - 2015-02-07 21:45 - 00318616 _____ (Over the Rainbow Tech) C:\Windows\system32\ColorMedia.dll
2015-03-07 12:10 - 2015-03-07 12:11 - 00000000 ____D () C:\ProgramData\Reimage Protector
2015-03-07 12:09 - 2015-03-07 12:32 - 00000000 ___DC () C:\Program Files\Reimage
2015-03-07 12:09 - 2015-03-07 12:12 - 00000000 ____D () C:\rei
2015-02-27 19:46 - 2015-02-27 19:48 - 06340808 _____ (SpeedMaxPc) C:\Users\Norbert\Downloads\SpeedMaxpc_installer_de.exe
2015-02-27 20:26 - 2015-01-13 15:42 - 00000000 ____D () C:\ProgramData\SpeedMaxPc
Task: {632DAA04-8A97-4C86-8868-68F0831DCF41} - System32\Tasks\ReimageUpdater => C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [2015-01-14] (Reimage®) <==== ATTENTION
Task: {938F63DD-30B6-4B9F-8AB7-24C441C39199} - System32\Tasks\{EEF15B95-7EC1-4E15-BE6A-718436A7DAE6} => pcalua.exe -a C:\Users\Norbert\AppData\Roaming\webssearches\UninstallManager.exe -c -ptid=cvs2 <==== ATTENTION
C:\Users\Norbert\AppData\Roaming\webssearches
AlternateDataStreams: C:\Users\Norbert Fohr:zylomtest
AlternateDataStreams: C:\Users\Norbert Fohr:zylomtr{000HQ7FF-AD7A-3FG3-8AT4-258NF6K78VVT}
AlternateDataStreams: C:\Users\Norbert Fohr:zylomtr{000HQ7FF-AD7A-3FG3-L1G2-28QRSPMS6VVH}
AlternateDataStreams: C:\ProgramData\TEMP:07BF512B
AlternateDataStreams: C:\ProgramData\TEMP:C3AE45C9
AlternateDataStreams: C:\ProgramData\TEMP1B5B4F1
EmptyTemp:
*****************

ReimageRealTimeProtector => Service stopped successfully.
ReimageRealTimeProtector => Service deleted successfully.
C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe => No running process found
C:\Program Files\Reimage\Reimage Protector\ReiSystem.exe => No running process found
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-2427394065-3725693352-322908783-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\S-1-5-21-2427394065-3725693352-322908783-1001\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{63894242-d1a7-4235-a425-c124cb8f4633}" => Key deleted successfully.
HKCR\CLSID\{63894242-d1a7-4235-a425-c124cb8f4633} => Key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key deleted successfully.
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{75b4241f-171e-44a3-bf44-23613b6e3e03}" => Key deleted successfully.
HKCR\CLSID\{75b4241f-171e-44a3-bf44-23613b6e3e03} => Key not found.
"HKU\S-1-5-21-2427394065-3725693352-322908783-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{63894242-d1a7-4235-a425-c124cb8f4633}" => Key deleted successfully.
HKCR\CLSID\{63894242-d1a7-4235-a425-c124cb8f4633} => Key not found.
HKU\S-1-5-21-2427394065-3725693352-322908783-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => value deleted successfully.
HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Key not found.
HKU\S-1-5-21-2427394065-3725693352-322908783-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1D8566BD-F06F-4029-A3BE-BA80AF5A09F3} => value deleted successfully.
HKCR\CLSID\{1D8566BD-F06F-4029-A3BE-BA80AF5A09F3} => Key not found.
HKU\S-1-5-21-2427394065-3725693352-322908783-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7E111A5C-3D11-4F56-9463-5310C3C69025} => value deleted successfully.
HKCR\CLSID\{7E111A5C-3D11-4F56-9463-5310C3C69025} => Key not found.

========= netsh winsock reset =========


Der Winsock-Katalog wurde zur�ckgesetzt.
Sie m�ssen den Computer neu starten, um den Vorgang abzuschlie�en.


========= End of CMD: =========

C:\ProgramData\16a379cb768f4632acbd7bc4c211ef27 => Moved successfully.
C:\ProgramData\ca7f1237741e43bb9b5f364c67c93027 => Moved successfully.
C:\Windows\system32\ColorMedia.dll => Moved successfully.
C:\ProgramData\Reimage Protector => Moved successfully.
C:\Program Files\Reimage => Moved successfully.
C:\rei => Moved successfully.
C:\Users\Norbert\Downloads\SpeedMaxpc_installer_de.exe => Moved successfully.
C:\ProgramData\SpeedMaxPc => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{632DAA04-8A97-4C86-8868-68F0831DCF41}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{632DAA04-8A97-4C86-8868-68F0831DCF41}" => Key deleted successfully.
C:\Windows\System32\Tasks\ReimageUpdater => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ReimageUpdater" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{938F63DD-30B6-4B9F-8AB7-24C441C39199}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{938F63DD-30B6-4B9F-8AB7-24C441C39199}" => Key deleted successfully.
C:\Windows\System32\Tasks\{EEF15B95-7EC1-4E15-BE6A-718436A7DAE6} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{EEF15B95-7EC1-4E15-BE6A-718436A7DAE6}" => Key deleted successfully.
"C:\Users\Norbert\AppData\Roaming\webssearches" => File/Directory not found.
C:\Users\Norbert Fohr => ":zylomtest" ADS removed successfully.
C:\Users\Norbert Fohr => ":zylomtr{000HQ7FF-AD7A-3FG3-8AT4-258NF6K78VVT}" ADS removed successfully.
C:\Users\Norbert Fohr => ":zylomtr{000HQ7FF-AD7A-3FG3-L1G2-28QRSPMS6VVH}" ADS removed successfully.
C:\ProgramData\TEMP => ":07BF512B" ADS removed successfully.
C:\ProgramData\TEMP => ":C3AE45C9" ADS removed successfully.
C:\ProgramData\TEMP => "1B5B4F1" ADS removed successfully.
EmptyTemp: => Removed 2.7 GB temporary data.


The system needed a reboot.

==== End of Fixlog 22:47:12 ====

Bis nachher
Nofo

Hallo Sunjojo,

zuerst noch eine Information: Heute nach dem Hochfahren erschien folgende Fehlermeldung:
"Avira Sicherheitshinweis. Der Zugriff auf die Datei ".......V BoxRes.dll" mit dem Virus oder dem unerwünschten Programm "TR/Crypt.cfi.8353" wurde blockiert". Ich habe es nicht entfernt.

Nun zur Beantwortung:

Schritt 1:

ich sende Dir den Fixlog.txt

Wenn ich hier auf die "#" Symbol drücke, passiert gar nichts. Deshalb sende ich es einfach so:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 08-03-2015 01
Ran by Norbert at 2015-03-10 11:58:19 Run:2
Running from C:\Users\Norbert\Downloads
Loaded Profiles: Norbert (Available profiles: Norbert)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
R2 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [6079848 2015-01-14] (Reimage®)
(Reimage®) C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe
(Reimage®) C:\Program Files\Reimage\Reimage Protector\ReiSystem.exe
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2427394065-3725693352-322908783-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2427394065-3725693352-322908783-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1418551854&from=cvs2&uid=HitachiXHTS545025B9A300_090808PB4206QSJA1XWAX
SearchScopes: HKLM -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {63894242-d1a7-4235-a425-c124cb8f4633} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^BDG^man000^YYA^&ptb=AD00C554-0FFF-46C3-9918-7F98868B9CF5&ind=2014103117&n=780cc64d&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://speedial.com/results.php?f=4&q={searchTerms}&a=spd_frmr_14_20_ie&cd=2XzuyEtN2Y1L1QzutD0CyCtDyByCtB0A0EtD0F0BtBtB0CzytN0D0Tzu0SzzyCzztN1L2XzutBtFtBtDtFtCtAtFtCtN1L1 CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StC0Bzy0E0ByEtCyBtGyByByCtBtGtD0B0DzytG0DyEzy0AtGyDyD0C0EyBtC0A0CtAtBtBtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0EyCtA0Fy B0FyEtG0A0E0EtAtG0E0F0FyBtG0CyEyD0BtGtA0EyCzy0BtDtA0AtCzyzzyD2Q&cr=2002027499&ir=
SearchScopes: HKLM -> {75b4241f-171e-44a3-bf44-23613b6e3e03} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^AYY^xdm065^YYA^at&si=flvrunner&ptb=5D93837E-53C2-4E70-BB82-266EE7848008&ind=2013073106&n=77fd0ed2&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKU\S-1-5-21-2427394065-3725693352-322908783-1001 -> {63894242-d1a7-4235-a425-c124cb8f4633} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^BDG^man000^YYA^&ptb=AD00C554-0FFF-46C3-9918-7F98868B9CF5&ind=2014103117&n=780cc64d&psa=&st=sb&searchfor={searchTerms}
Toolbar: HKU\S-1-5-21-2427394065-3725693352-322908783-1001 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKU\S-1-5-21-2427394065-3725693352-322908783-1001 -> No Name - {1D8566BD-F06F-4029-A3BE-BA80AF5A09F3} - No File
Toolbar: HKU\S-1-5-21-2427394065-3725693352-322908783-1001 -> No Name - {7E111A5C-3D11-4F56-9463-5310C3C69025} - No File
cmd: netsh winsock reset
2015-02-10 14:03 - 2015-02-26 21:28 - 00000000 ____D () C:\ProgramData\16a379cb768f4632acbd7bc4c211ef27
2015-02-10 14:03 - 2015-02-10 14:03 - 00000000 ____D () C:\ProgramData\ca7f1237741e43bb9b5f364c67c93027
2015-02-10 14:03 - 2015-02-07 21:45 - 00318616 _____ (Over the Rainbow Tech) C:\Windows\system32\ColorMedia.dll
2015-03-07 12:10 - 2015-03-07 12:11 - 00000000 ____D () C:\ProgramData\Reimage Protector
2015-03-07 12:09 - 2015-03-07 12:32 - 00000000 ___DC () C:\Program Files\Reimage
2015-03-07 12:09 - 2015-03-07 12:12 - 00000000 ____D () C:\rei
2015-02-27 19:46 - 2015-02-27 19:48 - 06340808 _____ (SpeedMaxPc) C:\Users\Norbert\Downloads\SpeedMaxpc_installer_de.exe
2015-02-27 20:26 - 2015-01-13 15:42 - 00000000 ____D () C:\ProgramData\SpeedMaxPc
Task: {632DAA04-8A97-4C86-8868-68F0831DCF41} - System32\Tasks\ReimageUpdater => C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [2015-01-14] (Reimage®) <==== ATTENTION
Task: {938F63DD-30B6-4B9F-8AB7-24C441C39199} - System32\Tasks\{EEF15B95-7EC1-4E15-BE6A-718436A7DAE6} => pcalua.exe -a C:\Users\Norbert\AppData\Roaming\webssearches\UninstallManager.exe -c -ptid=cvs2 <==== ATTENTION
C:\Users\Norbert\AppData\Roaming\webssearches
AlternateDataStreams: C:\Users\Norbert Fohr:zylomtest
AlternateDataStreams: C:\Users\Norbert Fohr:zylomtr{000HQ7FF-AD7A-3FG3-8AT4-258NF6K78VVT}
AlternateDataStreams: C:\Users\Norbert Fohr:zylomtr{000HQ7FF-AD7A-3FG3-L1G2-28QRSPMS6VVH}
AlternateDataStreams: C:\ProgramData\TEMP:07BF512B
AlternateDataStreams: C:\ProgramData\TEMP:C3AE45C9
AlternateDataStreams: C:\ProgramData\TEMP1B5B4F1
EmptyTemp:
*****************

ReimageRealTimeProtector => Service not found.
C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe => No running process found
C:\Program Files\Reimage\Reimage Protector\ReiSystem.exe => No running process found
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => Key not found.
HKU\S-1-5-21-2427394065-3725693352-322908783-1001\SOFTWARE\Policies\Microsoft\Internet Explorer => Key not found.
HKU\S-1-5-21-2427394065-3725693352-322908783-1001\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{63894242-d1a7-4235-a425-c124cb8f4633} => Key not found.
HKCR\CLSID\{63894242-d1a7-4235-a425-c124cb8f4633} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key not found.
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{75b4241f-171e-44a3-bf44-23613b6e3e03} => Key not found.
HKCR\CLSID\{75b4241f-171e-44a3-bf44-23613b6e3e03} => Key not found.
HKU\S-1-5-21-2427394065-3725693352-322908783-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{63894242-d1a7-4235-a425-c124cb8f4633} => Key not found.
HKCR\CLSID\{63894242-d1a7-4235-a425-c124cb8f4633} => Key not found.
HKU\S-1-5-21-2427394065-3725693352-322908783-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Value not found.
HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Key not found.
HKU\S-1-5-21-2427394065-3725693352-322908783-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1D8566BD-F06F-4029-A3BE-BA80AF5A09F3} => Value not found.
HKCR\CLSID\{1D8566BD-F06F-4029-A3BE-BA80AF5A09F3} => Key not found.
HKU\S-1-5-21-2427394065-3725693352-322908783-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7E111A5C-3D11-4F56-9463-5310C3C69025} => Value not found.
HKCR\CLSID\{7E111A5C-3D11-4F56-9463-5310C3C69025} => Key not found.

========= netsh winsock reset =========


Der Winsock-Katalog wurde zur�ckgesetzt.
Sie m�ssen den Computer neu starten, um den Vorgang abzuschlie�en.


========= End of CMD: =========

"C:\ProgramData\16a379cb768f4632acbd7bc4c211ef27" => File/Directory not found.
"C:\ProgramData\ca7f1237741e43bb9b5f364c67c93027" => File/Directory not found.
"C:\Windows\system32\ColorMedia.dll" => File/Directory not found.
"C:\ProgramData\Reimage Protector" => File/Directory not found.
"C:\Program Files\Reimage" => File/Directory not found.
"C:\rei" => File/Directory not found.
"C:\Users\Norbert\Downloads\SpeedMaxpc_installer_de.exe" => File/Directory not found.
"C:\ProgramData\SpeedMaxPc" => File/Directory not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{632DAA04-8A97-4C86-8868-68F0831DCF41} => Key not found.
C:\Windows\System32\Tasks\ReimageUpdater not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ReimageUpdater => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{938F63DD-30B6-4B9F-8AB7-24C441C39199} => Key not found.
C:\Windows\System32\Tasks\{EEF15B95-7EC1-4E15-BE6A-718436A7DAE6} not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{EEF15B95-7EC1-4E15-BE6A-718436A7DAE6} => Key not found.
"C:\Users\Norbert\AppData\Roaming\webssearches" => File/Directory not found.
"C:\Users\Norbert Fohr" => ":zylomtest" ADS not found.
"C:\Users\Norbert Fohr" => ":zylomtr{000HQ7FF-AD7A-3FG3-8AT4-258NF6K78VVT}" ADS not found.
"C:\Users\Norbert Fohr" => ":zylomtr{000HQ7FF-AD7A-3FG3-L1G2-28QRSPMS6VVH}" ADS not found.
"C:\ProgramData\TEMP" => ":07BF512B" ADS not found.
"C:\ProgramData\TEMP" => ":C3AE45C9" ADS not found.
"C:\ProgramData\TEMP" => "1B5B4F1" ADS not found.
EmptyTemp: => Removed 19.2 MB temporary data.


The system needed a reboot.

==== End of Fixlog 11:58:43 ====


Ende der Sendung, ich bin bei Schritt 2. Wie bekomme ich hier ein Logfile?

Bis später
Norbert

Hallo Jonas,
hier kommt Schritt 2 Malwarebytes Anti-Malware:
Ich kann es leider wieder nur hier mitsenden:


Malwarebytes' Anti-Malware 1.44
Datenbank Version: 3510
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882

09.03.2010 14:25:19
mbam-log-2010-03-09 (14-25-19).txt

Scan-Methode: Vollständiger Scan (C:\|E:\|)
Durchsuchte Objekte: 292256
Laufzeit: 1 hour(s), 45 minute(s), 16 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Liebe Grüße
Norbert

Moin,

Zitat:

zuerst noch eine Information: Heute nach dem Hochfahren erschien folgende Fehlermeldung:
"Avira Sicherheitshinweis. Der Zugriff auf die Datei ".......V BoxRes.dll" mit dem Virus oder dem unerwünschten Programm "TR/Crypt.cfi.8353" wurde blockiert". Ich habe es nicht entfernt.

Kannst du dazu bitte den genauen Fund posten, am besten ein Logfile, bzw. einen Screenshot?

Zitat:

Wenn ich hier auf die "#" Symbol drücke, passiert gar nichts. Deshalb sende ich es einfach so:

Komisch, wenn ich auf das #-Symbol drücke kommt bei mir folgendes: [code][/code]. Dazwischen müsstest du dann das Logfile posten .

Dann mache bitte mit Schritt 3 und 4 weiter.

Hallo Sunjojo,
hier bin ich wieder. Ich habe das System mit Malwarebytes Anti-Malware gescannt. Ergebnis: nichts gefunden.
Jetzt mache ich Schritt 3: ESET Online Scanner und melde mich dann wieder.

Bis dann
nofo

Hallo, hier ist wieder nofo,

Hier kommt log.txt:

SETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=e9760099d8893449b68fb6b7da0adac9
# engine=22839
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-03-10 01:56:33
# local_time=2015-03-10 02:56:33 (+0100, Mitteleuropäische Zeit)
# country="Austria"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 71 94 58054 1193918 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 5903 177626984 0 0
# scanned=20
# found=0
# cleaned=0
# scan_time=64

Grüße
Norbert

Hallo,
nofo ist wieder hier.

derzeit sind die Probleme weg, bis auf die Länge des Internetverbindungsaufbaues. Abstürze gab es vorläufig keine.

Schritt 4 ist erledigt - hier ist das Logfile:
FRST Logfile:

FRST Logfile:

FRST Logfile:

Code: Alles auswählenAufklappen

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 08-03-2015 01
Ran by Norbert (administrator) on NORBERT-PC on 10-03-2015 15:24:04
Running from C:\Users\Norbert\Downloads
Loaded Profiles: Norbert (Available profiles: Norbert)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(C-Dilla Ltd) C:\Windows\System32\drivers\CDAC11BA.EXE
(CrypKey (Canada) Ltd.) C:\Windows\System32\Crypserv.exe
(UNIQA) C:\Program Files\UNIQA\VIPService\VIPService.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5511352 2015-03-09] (Avast Software s.r.o.)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-04] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [SDTray] => rem "c:\program files\spybot - search & destroy 2\sdtray.exe"
HKLM\...\Run: [Avira Systray] => c:\program files\avira\my avira\avira.oe.systray.exe [127792 2015-02-12] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-21-2427394065-3725693352-322908783-1001\...\Run: [ISUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2004-06-14] (InstallShield Software Corporation)
HKU\S-1-5-21-2427394065-3725693352-322908783-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-2427394065-3725693352-322908783-1001\...\MountPoints2: {3f185b13-3f15-11e2-b54a-00238bf67a69} - F:\DPFMate.exe
HKU\S-1-5-21-2427394065-3725693352-322908783-1001\...\MountPoints2: {3f185b2d-3f15-11e2-b54a-00238bf67a69} - G:\DPFMate.exe
HKU\S-1-5-21-2427394065-3725693352-322908783-1001\...\MountPoints2: {651ed203-6c99-11e4-b745-00238bf67a69} - F:\Startme.exe
HKU\S-1-5-21-2427394065-3725693352-322908783-1001\...\MountPoints2: {6fb53fff-0dd4-11e0-a813-00238bf67a69} - F:\Setup.exe
HKU\S-1-5-21-2427394065-3725693352-322908783-1001\...\MountPoints2: {94fb3515-992b-11e1-ac6f-00238bf67a69} - E:\NokiaPCIA_Autorun.exe
HKU\S-1-5-21-2427394065-3725693352-322908783-1001\...\MountPoints2: {be4a688e-5602-11e4-a871-00238bf67a69} - F:\Startme.exe
HKU\S-1-5-21-2427394065-3725693352-322908783-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> 
Startup: C:\Users\Norbert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Spamihilator.lnk
ShortcutTarget: Spamihilator.lnk -> C:\Program Files\Spamihilator\spamihilator.exe (Michel Krämer)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\S-1-5-21-2427394065-3725693352-322908783-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2427394065-3725693352-322908783-1001 -> DefaultScope {31090377-0740-419E-BEFC-A56E50500D5B} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2427394065-3725693352-322908783-1001 -> {31090377-0740-419E-BEFC-A56E50500D5B} URL = https://www.google.com/search?q={searchTerms}
BHO: CBAbzockschutz.InitToolbarBHO -> {2e250b90-0e7a-42a3-9d65-e39f9f227fa4} -> C:\Windows\system32\mscoree.dll [2010-11-05] (Microsoft Corporation)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-01-24] (CANON INC.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-22] (Oracle Corporation)
BHO: ZoneAlarm Security Engine Registrar -> {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} ->  No File
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files\LastPass\LPToolbar.dll [2014-09-04] (LastPass)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-22] (Oracle Corporation)
Toolbar: HKLM - COMPUTERBILD-Abzockschutz - {353e2a48-6254-4bd3-88f4-3b51a0ca7870} - C:\Windows\system32\mscoree.dll [2010-11-05] (Microsoft Corporation)
Toolbar: HKLM - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-01-24] (CANON INC.)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files\LastPass\LPToolbar.dll [2014-09-04] (LastPass)
Toolbar: HKU\S-1-5-21-2427394065-3725693352-322908783-1001 -> ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: schmap-help - No CLSID Value -  []
Tcpip\Parameters: [DhcpNameServer] 195.34.133.21 212.186.211.21
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Norbert\AppData\Roaming\Mozilla\Firefox\Profiles\p41lyn23.default
FF Homepage: hxxp://www.google.at/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] ()
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-22] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-22] (Oracle Corporation)
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files\LastPass\nplastpass64.dll [2014-09-04] (LastPass)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2427394065-3725693352-322908783-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Norbert\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin HKU\S-1-5-21-2427394065-3725693352-322908783-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Norbert\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF SearchPlugin: C:\Users\Norbert\AppData\Roaming\Mozilla\Firefox\Profiles\p41lyn23.default\searchplugins\c7427947-d59e-4bfe-a111-28cf88faa484.xml [2013-02-10]
FF Extension: Amazon-Icon - C:\Users\Norbert\AppData\Roaming\Mozilla\Firefox\Profiles\p41lyn23.default\Extensions\amazon-icon@giga.de [2014-06-06]
FF Extension: LastPass - C:\Users\Norbert\AppData\Roaming\Mozilla\Firefox\Profiles\p41lyn23.default\Extensions\support@lastpass.com [2014-09-04]
FF Extension: Preispilot - C:\Users\Norbert\AppData\Roaming\Mozilla\Firefox\Profiles\p41lyn23.default\Extensions\extension@preispilot.com.xpi [2013-02-10]
FF Extension: Adblock Plus - C:\Users\Norbert\AppData\Roaming\Mozilla\Firefox\Profiles\p41lyn23.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-12-04]
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-03-08]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-02-24]
FF HKU\S-1-5-21-2427394065-3725693352-322908783-1001\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Norbert\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Norbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-24]
CHR Extension: (Google Docs) - C:\Users\Norbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-24]
CHR Extension: (Google Drive) - C:\Users\Norbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-24]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Norbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-24]
CHR Extension: (YouTube) - C:\Users\Norbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-24]
CHR Extension: (Google Search) - C:\Users\Norbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-24]
CHR Extension: (Google Sheets) - C:\Users\Norbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-24]
CHR Extension: (Avira Browser Safety) - C:\Users\Norbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-02-24]
CHR Extension: (Avast Online Security) - C:\Users\Norbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-02-24]
CHR Extension: (Google Wallet) - C:\Users\Norbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-24]
CHR Extension: (Gmail) - C:\Users\Norbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-24]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-07]

Opera: 
=======
OPR Extension: (No Name) - C:\Users\Norbert\AppData\Roaming\Opera Software\Opera Stable\Extensions\hnjalnkldgigidggphhmacmimbdlafdo [2014-11-11]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [431920 2014-12-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-04] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [992560 2014-12-04] (Avira Operations GmbH & Co. KG)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-03-06] (Avast Software s.r.o.)
S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3205216 2015-03-06] (Avast Software)
S2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [184056 2015-02-12] (Avira Operations GmbH & Co. KG)
R2 C-DillaCdaC11BA; C:\Windows\system32\drivers\CDAC11BA.EXE [39936 2010-08-28] (C-Dilla Ltd) [File not signed]
R2 Crypkey License; C:\Windows\system32\crypserv.exe [122880 2008-05-08] (CrypKey (Canada) Ltd.) [File not signed]
S3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software)
S2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe [1781048 2014-07-16] (TuneUp Software)
R2 VIPService; C:\Program Files\UNIQA\VIPService\VIPService.exe [80624 2011-09-26] (UNIQA) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2015x\RpcAgentSrv.exe [X]
S2 SDScannerService; "C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" [X]
S2 SDUpdateService; "C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" [X]
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24144 2015-03-06] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [73440 2015-03-06] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81728 2015-03-06] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49904 2015-03-06] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [788272 2015-03-06] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427480 2015-03-06] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [106912 2015-03-06] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206976 2015-03-06] ()
R3 athr; C:\Windows\System32\DRIVERS\athr.sys [3310592 2014-11-09] (Qualcomm Atheros Communications, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98160 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-10-07] (Avira Operations GmbH & Co. KG)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-03-10] (Malwarebytes Corporation)
R1 NetworkX; C:\Windows\system32\ckldrv.sys [19584 2008-03-17] () [File not signed]
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [16472 2010-08-16] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [11104 2010-08-16] ()
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-07-31] (Avira GmbH)
S3 tbhsd; C:\Windows\System32\drivers\tbhsd.sys [39048 2013-10-01] (RapidSolution Software AG)
S3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesDriver32.sys [12320 2014-06-23] (TuneUp Software)
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [15872 2013-02-12] (Microsoft Corporation)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [220240 2015-03-06] (Avast Software)
S3 cpuz134; \??\C:\Users\Norbert\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [X]
S3 Lavasoft Kernexplorer; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [X]
S3 SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2015x\WNt600x86\Sandra.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 taphss6; system32\DRIVERS\taphss6.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-10 14:31 - 2015-03-10 14:32 - 02347384 _____ (ESET) C:\Users\Norbert\Downloads\esetsmartinstaller_deu.exe
2015-03-10 12:34 - 2015-03-10 12:50 - 00196608 ___HT () C:\Users\Norbert\Documents\~Outlook.pst.tmp
2015-03-08 13:01 - 2015-03-08 17:06 - 00063625 _____ () C:\Users\Norbert\Downloads\Addition.txt
2015-03-08 12:59 - 2015-03-10 15:24 - 00018542 _____ () C:\Users\Norbert\Downloads\FRST.txt
2015-03-08 12:58 - 2015-03-10 15:24 - 00000000 ____D () C:\FRST
2015-03-08 12:57 - 2015-03-08 12:57 - 01134592 _____ (Farbar) C:\Users\Norbert\Downloads\FRST.exe
2015-03-08 12:56 - 2015-03-08 12:56 - 00000000 _____ () C:\Users\Norbert\defogger_reenable
2015-03-08 12:54 - 2015-03-08 12:54 - 00000248 _____ () C:\Users\Norbert\Downloads\defogger_enable.log
2015-03-08 12:52 - 2015-03-08 12:53 - 00050477 _____ () C:\Users\Norbert\Downloads\Defogger(2).exe
2015-03-08 12:48 - 2015-03-08 12:56 - 00000476 _____ () C:\Users\Norbert\Downloads\defogger_disable.log
2015-03-08 12:46 - 2015-03-08 12:46 - 00050477 _____ () C:\Users\Norbert\Downloads\Defogger(1).exe
2015-03-08 12:45 - 2015-03-08 12:46 - 00050477 _____ () C:\Users\Norbert\Downloads\Defogger.exe
2015-03-07 22:09 - 2014-03-09 22:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2015-03-07 22:08 - 2014-06-30 23:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2015-03-07 22:08 - 2014-06-06 07:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2015-03-07 22:08 - 2014-03-09 22:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2015-03-07 19:19 - 2015-03-07 19:19 - 00001123 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-03-07 19:19 - 2015-03-07 19:19 - 00001111 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-03-07 19:19 - 2015-03-07 19:19 - 00000000 ___DC () C:\Program Files\Mozilla Maintenance Service
2015-03-07 19:04 - 2015-03-07 19:04 - 00000000 ____D () C:\Users\Norbert\AppData\Roaming\AVAST Software
2015-03-07 18:25 - 2015-03-06 22:37 - 00291312 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-03-07 17:46 - 2015-03-07 17:56 - 00002888 _____ () C:\Users\Norbert\Desktop\Windows-Kompatibilitätsbericht.htm
2015-03-07 11:20 - 2014-12-21 11:43 - 00094371 ____N () C:\Windows\system32\athwb.cat
2015-03-07 11:20 - 2014-12-11 21:47 - 03247104 ____N (Qualcomm Atheros Communications, Inc.) C:\Windows\system32\athwb.sys
2015-03-07 11:20 - 2014-11-24 12:37 - 00092290 ____N () C:\Windows\system32\athrext.cat
2015-03-07 11:20 - 2014-11-09 19:10 - 03310592 ____N (Qualcomm Atheros Communications, Inc.) C:\Windows\system32\athr.sys
2015-03-07 11:20 - 2014-11-09 19:10 - 03310592 _____ (Qualcomm Atheros Communications, Inc.) C:\Windows\system32\Drivers\athr.sys
2015-03-07 11:19 - 2015-03-07 11:21 - 00000000 ____D () C:\ProgramData\Qualcomm Atheros
2015-03-07 11:15 - 2015-03-07 11:18 - 00000000 ____D () C:\Users\Norbert\Downloads\Atheros AR5B91 Wireless Network Adapter 125773d8e5e369236226a85ec4973f81
2015-03-07 11:11 - 2015-03-07 11:11 - 00000000 ____D () C:\backup
2015-03-07 11:09 - 2015-03-07 11:09 - 00061100 _____ () C:\Users\Norbert\PCHA-Log-07-03-15-11-09-02.zip
2015-03-07 11:05 - 2015-03-10 12:00 - 00000474 _____ () C:\Windows\Tasks\ParetoLogic Update Version3 Startup Task.job
2015-03-07 11:05 - 2015-03-07 17:19 - 00000422 _____ () C:\Windows\Tasks\ParetoLogic Update Version3.job
2015-03-07 11:05 - 2015-03-07 11:50 - 00000448 _____ () C:\Windows\Tasks\ParetoLogic Registration3.job
2015-03-07 11:05 - 2015-03-07 11:25 - 00000000 ____D () C:\ProgramData\ParetoLogic
2015-03-07 11:05 - 2015-03-07 11:05 - 00000000 ____D () C:\Users\Norbert\AppData\Roaming\ParetoLogic
2015-03-07 11:05 - 2015-03-07 11:05 - 00000000 ____D () C:\Program Files\Common Files\ParetoLogic
2015-03-07 09:24 - 2013-07-20 11:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-03-06 22:38 - 2015-03-07 18:26 - 00002003 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-03-06 22:37 - 2015-03-06 22:37 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-03-06 21:41 - 2015-03-06 21:41 - 00000000 ___DC () C:\Program Files\Reference Assemblies
2015-03-06 21:41 - 2015-03-06 21:41 - 00000000 ___DC () C:\Program Files\MSBuild
2015-03-06 21:41 - 2015-03-06 21:41 - 00000000 ____D () C:\Windows\system32\XPSViewer
2015-03-06 17:15 - 2015-03-06 19:44 - 00282338 _____ () C:\Users\Norbert\Documents\Systembericht.txt
2015-03-06 17:08 - 2015-03-07 12:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SiSoftware
2015-03-06 17:08 - 2015-03-06 21:49 - 14454784 _____ () C:\Users\Norbert\AppData\Roaming\Sandra.mdb
2015-03-06 17:07 - 2015-03-07 12:36 - 00000000 ___DC () C:\Program Files\SiSoftware
2015-03-06 10:52 - 2015-03-06 10:52 - 00000000 ____D () C:\Windows\system32\%LOCALAPPDATA%
2015-03-06 09:38 - 2015-03-06 09:43 - 02288552 _____ () C:\Users\Norbert\Documents\zuverlässigkeit.XML
2015-03-06 01:25 - 2015-03-06 01:25 - 00000000 ____D () C:\AVAST Software
2015-03-05 15:35 - 2015-03-06 12:23 - 00000000 ____D () C:\Users\Norbert\Desktop\Neuer Ordner (2)
2015-03-05 15:34 - 2015-03-07 10:53 - 00000000 ____D () C:\Users\Norbert\Desktop\Windows Berater
2015-03-05 13:13 - 2015-03-06 01:18 - 00000000 ____D () C:\Users\Norbert\Downloads\Omnimo 6.0.5
2015-03-05 12:36 - 2015-03-05 12:36 - 00000000 ____D () C:\Users\Norbert\Desktop\Neuer Ordner
2015-02-27 20:31 - 2015-02-27 20:31 - 02126848 _____ () C:\Users\Norbert\Downloads\adwcleaner_4.111.exe
2015-02-27 17:04 - 2012-04-03 10:04 - 09462335 ____N () C:\Users\Norbert\Downloads\VirtualBox.exe
2015-02-27 16:53 - 2015-03-06 13:27 - 00000000 ____D () C:\Users\Norbert\Downloads\windows_8-toolbox (1)
2015-02-27 16:42 - 2015-03-10 12:57 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-27 16:42 - 2015-03-06 14:49 - 00001076 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-02-27 16:42 - 2015-03-06 14:49 - 00000000 ___DC () C:\Program Files\ Malwarebytes Anti-Malware 
2015-02-27 16:42 - 2015-03-06 14:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-02-27 16:42 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-27 16:42 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-27 16:42 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-27 16:38 - 2015-02-27 16:41 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Norbert\Downloads\mbam-setup-2.0.4.1028 (1).exe
2015-02-27 16:38 - 2015-02-27 16:40 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Norbert\Downloads\mbam-setup-2.0.4.1028.exe
2015-02-26 19:44 - 2015-02-26 19:50 - 00000000 ___RD () C:\Users\Norbert\Downloads\Informationen_Kontobewegung_februar_2015 (1)
2015-02-26 18:06 - 2015-03-06 13:27 - 00000000 ____D () C:\Users\Norbert\Downloads\windows_8-toolbox
2015-02-25 21:31 - 2015-01-09 03:48 - 00635904 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-02-25 21:31 - 2015-01-09 03:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-02-25 21:31 - 2015-01-09 03:48 - 00027136 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-02-25 08:00 - 2015-01-09 00:44 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-02-24 20:46 - 2015-03-06 13:18 - 00000000 ___DC () C:\Program Files\VS Revo Group
2015-02-24 20:46 - 2015-02-24 20:46 - 00001240 _____ () C:\Users\Norbert\Desktop\Revo Uninstaller.lnk
2015-02-24 20:45 - 2015-02-24 20:46 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Norbert\Downloads\revosetup95.exe
2015-02-24 20:20 - 2015-03-07 18:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-02-24 20:18 - 2015-03-06 22:38 - 00427480 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys
2015-02-24 20:18 - 2015-03-06 22:38 - 00206976 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-02-24 20:18 - 2015-03-06 22:38 - 00106912 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys
2015-02-24 20:18 - 2015-03-06 22:38 - 00081728 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys
2015-02-24 20:18 - 2015-03-06 22:38 - 00073440 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-02-24 20:18 - 2015-03-06 22:38 - 00049904 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-02-24 20:18 - 2015-03-06 22:38 - 00024144 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-02-24 20:18 - 2015-03-06 22:37 - 00788272 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-02-24 20:17 - 2015-03-07 18:16 - 00000000 ___DC () C:\Program Files\AVAST Software
2015-02-24 20:15 - 2015-02-24 20:15 - 00000000 ____D () C:\Users\Norbert\Downloads\avast_free_antivirus_setup (4)
2015-02-24 19:52 - 2015-02-24 19:55 - 132469808 _____ (AVAST Software) C:\Users\Norbert\Downloads\avast_free_antivirus_setup (3).exe
2015-02-24 19:52 - 2015-02-24 19:55 - 132469808 _____ (AVAST Software) C:\Users\Norbert\Downloads\avast_free_antivirus_setup (2).exe
2015-02-24 19:52 - 2015-02-24 19:53 - 132469808 _____ (AVAST Software) C:\Users\Norbert\Downloads\avast_free_antivirus_setup (4).exe
2015-02-24 18:44 - 2015-02-24 18:44 - 00000000 ____D () C:\Users\Norbert\Downloads\spacesniffer_1_2_0_2
2015-02-24 18:12 - 2015-02-24 18:12 - 06848648 _____ (JAM Software ) C:\Users\Norbert\Downloads\TreeSizeFreeSetup330.exe
2015-02-24 17:40 - 2015-02-24 17:41 - 02960081 _____ () C:\Users\Norbert\Downloads\Autostart-Manager64_Setup.exe
2015-02-24 15:00 - 2015-02-24 15:00 - 00001134 _____ () C:\Users\Norbert\Desktop\Weidling Beweissicherung - Verknüpfung.lnk
2015-02-24 14:49 - 2015-03-07 12:39 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-02-24 14:49 - 2015-03-07 12:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-02-24 14:49 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean.exe
2015-02-24 14:47 - 2015-02-24 14:47 - 00000000 ____D () C:\Users\Norbert\Downloads\Free_Commander_v2009_02b
2015-02-24 14:47 - 2015-02-24 14:47 - 00000000 ____D () C:\Users\Norbert\Downloads\DirectoryListPrintDE_v3_8
2015-02-24 14:43 - 2015-02-24 14:46 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Norbert\Downloads\spybot-2.4.exe
2015-02-24 14:39 - 2015-02-24 14:41 - 03788928 _____ (Ghisler Software GmbH) C:\Users\Norbert\Downloads\tcmd851ax32.exe
2015-02-24 13:11 - 2014-02-27 12:56 - 00000000 ____D () C:\Users\Norbert\Downloads\Free Commander
2015-02-24 13:05 - 2015-03-06 13:27 - 00000000 ___DC () C:\Program Files\Windows 7-Geschenk-DVD
2015-02-24 13:05 - 2015-03-06 13:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 7-Geschenk-DVD
2015-02-24 13:05 - 2015-03-06 13:25 - 00000000 ____D () C:\Users\Norbert\AppData\Roaming\Windows 7-Geschenk-DVD
2015-02-24 13:05 - 2015-02-24 13:05 - 00002047 _____ () C:\Users\Norbert\Desktop\Windows 7-Geschenk-DVD.lnk
2015-02-20 21:42 - 2015-02-20 21:42 - 00000000 ____D () C:\Windows\Crystal
2015-02-20 21:42 - 2015-02-20 21:42 - 00000000 ____D () C:\MEINHAUSPLANER
2015-02-20 21:42 - 2010-10-13 05:43 - 00882608 _____ (Codejock Software) C:\Windows\system32\Codejock.TaskPanel.v13.4.2.ocx
2015-02-20 21:42 - 2010-10-13 05:42 - 01370032 _____ (Codejock Software) C:\Windows\system32\Codejock.ReportControl.v13.4.2.ocx
2015-02-20 21:42 - 2006-04-06 17:13 - 01276088 _____ (Codejock Software) C:\Windows\system32\Codejock.CommandBars.v10.1.ocx
2015-02-20 21:42 - 2006-04-06 17:13 - 00338104 _____ (Codejock Software) C:\Windows\system32\Codejock.TaskPanel.v10.1.ocx
2015-02-20 21:42 - 2006-04-06 16:13 - 00460984 _____ (Codejock Software) C:\Windows\system32\Codejock.ReportControl.v10.1.ocx
2015-02-20 21:42 - 2004-04-27 14:47 - 00167176 _____ (/n software inc. - www.nsoftware.com) C:\Windows\system32\ftps60.ocx
2015-02-20 21:42 - 2003-02-07 13:18 - 00326656 _____ (LEAD Technologies, Inc.) C:\Windows\system32\ltvec12n.ocx
2015-02-20 21:42 - 2003-02-07 13:18 - 00176128 _____ (LEAD Technologies, Inc.) C:\Windows\system32\ltlst12n.ocx
2015-02-20 21:42 - 2003-02-07 13:18 - 00094208 _____ (LEAD Technologies, Inc.) C:\Windows\system32\ltodb12n.ocx
2015-02-20 21:42 - 2003-02-07 13:17 - 00140288 _____ (LEAD Technologies, Inc.) C:\Windows\system32\lttmb12n.ocx
2015-02-20 21:42 - 2003-02-07 13:16 - 00340480 _____ (LEAD Technologies, Inc.) C:\Windows\system32\LTDLG12n.ocx
2015-02-20 21:42 - 2003-02-07 13:04 - 00181248 _____ (LEAD Technologies, Inc.) C:\Windows\system32\Lfpng12n.dll
2015-02-20 21:42 - 2003-02-07 13:02 - 00182272 _____ (LEAD Technologies, Inc.) C:\Windows\system32\ltvid12n.dll
2015-02-20 21:42 - 2003-02-07 13:02 - 00049664 _____ (LEAD Technologies, Inc.) C:\Windows\system32\Lfwmf12n.dll
2015-02-20 21:42 - 2003-02-07 13:02 - 00047104 _____ (LEAD Technologies, Inc.) C:\Windows\system32\lfXpm12n.dll
2015-02-20 21:42 - 2003-02-07 13:02 - 00045568 _____ (LEAD Technologies, Inc.) C:\Windows\system32\lfXbm12n.dll
2015-02-20 21:42 - 2003-02-07 13:02 - 00026112 _____ (LEAD Technologies, Inc.) C:\Windows\system32\lfxwd12n.dll
2015-02-20 21:42 - 2003-02-07 13:02 - 00020992 _____ (LEAD Technologies, Inc.) C:\Windows\system32\lfwpg12n.dll
2015-02-20 21:42 - 2003-02-07 13:02 - 00020992 _____ (LEAD Technologies, Inc.) C:\Windows\system32\lftga12n.dll
2015-02-20 21:42 - 2003-02-07 13:02 - 00019968 _____ (LEAD Technologies, Inc.) C:\Windows\system32\lfwfx12n.dll
2015-02-20 21:42 - 2003-02-07 13:02 - 00019456 _____ (LEAD Technologies, Inc.) C:\Windows\system32\lfras12n.dll
2015-02-20 21:42 - 2003-02-07 13:01 - 00102400 _____ (LEAD Technologies, Inc.) C:\Windows\system32\lfmpg12n.dll
2015-02-20 21:42 - 2003-02-07 13:01 - 00089088 _____ (LEAD Technologies, Inc.) C:\Windows\system32\lfjbg12n.dll
2015-02-20 21:42 - 2003-02-07 13:01 - 00084480 _____ (LEAD Technologies, Inc.) C:\Windows\system32\lffpx12n.dll
2015-02-20 21:42 - 2003-02-07 13:01 - 00063488 _____ (LEAD Technologies, Inc.) C:\Windows\system32\Lfplt12n.dll
2015-02-20 21:42 - 2003-02-07 13:01 - 00060416 _____ (LEAD Technologies, Inc.) C:\Windows\system32\Lfpct12n.dll
2015-02-20 21:42 - 2003-02-07 13:01 - 00048128 _____ (LEAD Technologies, Inc.) C:\Windows\system32\lfica12n.dll
2015-02-20 21:42 - 2003-02-07 13:01 - 00038912 _____ (LEAD Technologies, Inc.) C:\Windows\system32\lfflc12n.dll
2015-02-20 21:42 - 2003-02-07 13:01 - 00037888 _____ (LEAD Technologies, Inc.) C:\Windows\system32\lfeps12n.dll
2015-02-20 21:42 - 2003-02-07 13:01 - 00036864 _____ (LEAD Technologies, Inc.) C:\Windows\system32\lfpsd12n.dll
2015-02-20 21:42 - 2003-02-07 13:01 - 00035328 _____ (LEAD Technologies, Inc.) C:\Windows\system32\lfgif12n.dll
2015-02-20 21:42 - 2003-02-07 13:01 - 00031744 _____ (LEAD Technologies, Inc.) C:\Windows\system32\lflmb12n.dll
2015-02-20 21:42 - 2003-02-07 13:01 - 00031232 _____ (LEAD Technologies, Inc.) C:\Windows\system32\LFPNM12n.dll
2015-02-20 21:42 - 2003-02-07 13:01 - 00029184 _____ (LEAD Technologies, Inc.) C:\Windows\system32\lflma12n.dll
2015-02-20 21:42 - 2003-02-07 13:01 - 00027648 _____ (LEAD Technologies, Inc.) C:\Windows\system32\lfiff12n.dll
2015-02-20 21:42 - 2003-02-07 13:01 - 00026112 _____ (LEAD Technologies, Inc.) C:\Windows\system32\lfpcx12n.dll
2015-02-20 21:42 - 2003-02-07 13:01 - 00020992 _____ (LEAD Technologies, Inc.) C:\Windows\system32\lfimg12n.dll
2015-02-20 21:42 - 2003-02-07 13:01 - 00019968 _____ (LEAD Technologies, Inc.) C:\Windows\system32\lfpcd12n.dll
2015-02-20 21:42 - 2003-02-07 13:01 - 00019968 _____ (LEAD Technologies, Inc.) C:\Windows\system32\lfitg12n.dll
2015-02-20 21:42 - 2003-02-07 13:01 - 00019456 _____ (LEAD Technologies, Inc.) C:\Windows\system32\lfmsp12n.dll
2015-02-20 21:42 - 2003-02-07 13:01 - 00018944 _____ (LEAD Technologies, Inc.) C:\Windows\system32\lfmac12n.dll
2015-02-20 21:42 - 2003-02-07 13:00 - 00482816 _____ (LEAD Technologies, Inc.) C:\Windows\system32\lfdwf12n.dll
2015-02-20 21:42 - 2003-02-07 13:00 - 00215552 _____ (LEAD Technologies, Inc.) C:\Windows\system32\Lvkrn12n.dll
2015-02-20 21:42 - 2003-02-07 13:00 - 00139264 _____ (LEAD Technologies, Inc.) C:\Windows\system32\Lfdxf12n.dll
2015-02-20 21:42 - 2003-02-07 13:00 - 00067584 _____ (LEAD Technologies, Inc.) C:\Windows\system32\lfdwg12N.dll
2015-02-20 21:42 - 2003-02-07 13:00 - 00058880 _____ (LEAD Technologies, Inc.) C:\Windows\system32\Lfcgm12n.dll
2015-02-20 21:42 - 2003-02-07 13:00 - 00049152 _____ (LEAD Technologies, Inc.) C:\Windows\system32\ltlst12n.dll
2015-02-20 21:42 - 2003-02-07 13:00 - 00047616 _____ (LEAD Technologies, Inc.) C:\Windows\system32\Lfdgn12n.dll
2015-02-20 21:42 - 2003-02-07 13:00 - 00046080 _____ (LEAD Technologies, Inc.) C:\Windows\system32\Lfdrw12n.dll
2015-02-20 21:42 - 2003-02-07 13:00 - 00035840 _____ (LEAD Technologies, Inc.) C:\Windows\system32\lfcal12n.dll
2015-02-20 21:42 - 2003-02-07 13:00 - 00032256 _____ (LEAD Technologies, Inc.) C:\Windows\system32\lttmb12n.dll
2015-02-20 21:42 - 2003-02-07 13:00 - 00030720 _____ (LEAD Technologies, Inc.) C:\Windows\system32\lfbmp12n.dll
2015-02-20 21:42 - 2003-02-07 13:00 - 00028672 _____ (LEAD Technologies, Inc.) C:\Windows\system32\lfclp12n.dll
2015-02-20 21:42 - 2003-02-07 13:00 - 00026112 _____ (LEAD Technologies, Inc.) C:\Windows\system32\lfani12n.dll
2015-02-20 21:42 - 2003-02-07 13:00 - 00023040 _____ (LEAD Technologies, Inc.) C:\Windows\system32\lfawd12n.dll
2015-02-20 21:42 - 2003-02-07 13:00 - 00021504 _____ (LEAD Technologies, Inc.) C:\Windows\system32\lfCUT12n.dll
2015-02-20 21:42 - 2003-02-07 12:59 - 00307712 _____ (LEAD Technologies, Inc.) C:\Windows\system32\LTDLG12n.dll
2015-02-20 21:42 - 2003-02-07 12:59 - 00062464 _____ (LEAD Technologies, Inc.) C:\Windows\system32\ltnet12n.dll
2015-02-20 21:42 - 2003-02-07 12:59 - 00053248 _____ (LEAD Technologies, Inc.) C:\Windows\system32\ltcap12n.dll
2015-02-20 21:42 - 2003-02-07 12:14 - 00630272 _____ (LEAD Technologies, Inc.) C:\Windows\system32\LTOCX12n.ocx
2015-02-20 21:42 - 2003-02-07 12:03 - 00358912 _____ (LEAD Technologies, Inc.) C:\Windows\system32\LFCMP12n.DLL
2015-02-20 21:42 - 2003-02-07 12:02 - 00141312 _____ (LEAD Technologies, Inc.) C:\Windows\system32\LFTIF12n.DLL
2015-02-20 21:42 - 2003-02-07 12:00 - 00073728 _____ (LEAD Technologies, Inc.) C:\Windows\system32\LFFAX12n.DLL
2015-02-20 21:42 - 2003-02-07 11:59 - 00208384 _____ (LEAD Technologies, Inc.) C:\Windows\system32\LTEFX12n.dll
2015-02-20 21:42 - 2003-02-07 11:59 - 00164864 _____ (LEAD Technologies, Inc.) C:\Windows\system32\LTIMG12n.dll
2015-02-20 21:42 - 2003-02-07 11:59 - 00035840 _____ (LEAD Technologies, Inc.) C:\Windows\system32\LTTWN12n.dll
2015-02-20 21:42 - 2003-02-07 11:58 - 00388096 _____ (LEAD Technologies, Inc.) C:\Windows\system32\LTKRN12n.dll
2015-02-20 21:42 - 2003-02-07 11:58 - 00259584 _____ (LEAD Technologies, Inc.) C:\Windows\system32\LTDIS12n.dll
2015-02-20 21:42 - 2003-02-07 11:58 - 00131072 _____ (LEAD Technologies, Inc.) C:\Windows\system32\LTFIL12n.dll
2015-02-20 21:42 - 2003-01-24 15:59 - 00018944 _____ (LEAD Technologies, Inc.) C:\Windows\system32\lfavi12n.dll
2015-02-20 21:42 - 2002-08-23 16:50 - 00204800 _____ () C:\Windows\system32\NumX.ocx
2015-02-20 21:42 - 2002-06-27 11:36 - 00598016 _____ (Key Company) C:\Windows\system32\KeyTV3.ocx
2015-02-20 21:42 - 2000-12-16 20:45 - 00032768 _____ () C:\Windows\system32\WKAuxil.dll
2015-02-20 21:42 - 2000-10-12 20:46 - 00220160 _____ (LEAD Technologies, Inc.) C:\Windows\system32\ltvid12n.ocx
2015-02-20 21:42 - 2000-10-12 20:45 - 00160256 _____ (LEAD Technologies, Inc.) C:\Windows\system32\ltnet12n.ocx
2015-02-20 21:42 - 2000-10-12 20:44 - 00176128 _____ (LEAD Technologies, Inc.) C:\Windows\system32\ltcap12n.ocx
2015-02-20 21:42 - 2000-10-12 20:19 - 00158208 _____ (LEAD Technologies, Inc.) C:\Windows\system32\Lvdlg12n.dll
2015-02-20 21:42 - 2000-05-02 03:17 - 00212480 _____ (Eastman Kodak) C:\Windows\system32\PCDLIB32.DLL
2015-02-20 21:42 - 2000-04-12 15:28 - 00118784 _____ () C:\Windows\system32\lfkodak.dll
2015-02-20 21:42 - 2000-04-12 15:24 - 00338944 _____ () C:\Windows\system32\lffpx7.dll
2015-02-20 21:42 - 2000-02-10 09:46 - 00745472 _____ (Seagate Software, Inc.) C:\Windows\system32\crpe32_res_de.dll
2015-02-20 21:42 - 2000-02-03 03:16 - 00507904 _____ (Seagate Software) C:\Windows\system32\crviewer.dll
2015-02-20 21:42 - 2000-02-02 00:48 - 00036864 _____ (Seagate Software, Inc) C:\Windows\system32\p3smnde.dll
2015-02-20 21:42 - 2000-02-02 00:48 - 00036864 _____ (Seagate Software Information Management Group, Inc.) C:\Windows\system32\p3sodde.dll
2015-02-20 21:42 - 2000-02-01 12:49 - 00848376 _____ (APEX Software Corporation) C:\Windows\system32\tdbl6.ocx
2015-02-20 21:42 - 2000-02-01 12:49 - 00242144 _____ (Apex Software Corporation) C:\Windows\system32\tdbgpp.dll
2015-02-20 21:42 - 2000-02-01 11:49 - 00106984 _____ (Apex Software Corporation) C:\Windows\system32\xarraydb.ocx
2015-02-20 21:42 - 2000-01-28 08:16 - 05550080 _____ (Seagate Software, Inc.) C:\Windows\system32\craxdrt.dll
2015-02-20 21:42 - 2000-01-28 08:16 - 05337088 _____ (Seagate Software, Inc.) C:\Windows\system32\crpe32.dll
2015-02-20 21:42 - 2000-01-27 04:05 - 00270336 _____ (Seagate Software Information Management Group, Inc.) C:\Windows\system32\p2sodbc.dll
2015-02-20 21:42 - 2000-01-14 04:58 - 00544768 _____ (Seagate Software, Inc.) C:\Windows\system32\exlate32.dll
2015-02-20 21:42 - 2000-01-11 08:10 - 00442368 _____ (Seagate Software, Inc) C:\Windows\system32\cpeaut32.dll
2015-02-20 21:42 - 2000-01-11 00:09 - 00618496 _____ (Seagate Software) C:\Windows\system32\crpaig80.dll
2015-02-20 21:42 - 2000-01-07 01:15 - 00040960 _____ (Seagate Software, Inc) C:\Windows\system32\cdo32.dll
2015-02-20 21:42 - 1999-12-15 00:17 - 00147456 _____ (Seagate Software, Inc) C:\Windows\system32\p2smon.dll
2015-02-20 21:42 - 1999-12-08 02:59 - 00024576 _____ (Seagate Software Information Management Group, Inc.) C:\Windows\system32\p3rdode.dll
2015-02-20 21:42 - 1999-12-08 02:59 - 00024576 _____ (Seagate Software Information Management Group, Inc.) C:\Windows\system32\p3ddode.dll
2015-02-20 21:42 - 1999-12-07 00:31 - 00094208 _____ (Seagate Software Information Management Group, Inc.) C:\Windows\system32\p2sevt.dll
2015-02-20 21:42 - 1999-12-07 00:31 - 00094208 _____ (Seagate Software Information Management Group, Inc.) C:\Windows\system32\p2bdao.dll
2015-02-20 21:42 - 1999-12-07 00:31 - 00061440 _____ (Seagate Software Information Management Group, Inc.) C:\Windows\system32\p2irdao.dll
2015-02-20 21:42 - 1999-12-07 00:31 - 00053248 _____ (Seagate Software Information Management Group, Inc.) C:\Windows\system32\p2ctdao.dll
2015-02-20 21:42 - 1999-12-07 00:31 - 00023040 _____ (Seagate Software Information Management Group, Inc.) C:\Windows\system32\p2bbnd.dll
2015-02-20 21:42 - 1999-12-07 00:31 - 00017920 _____ () C:\Windows\system32\implode.dll
2015-02-20 21:42 - 1999-12-06 11:47 - 00851420 _____ (Seagate Software, Inc.) C:\Windows\system32\crystl32.ocx
2015-02-20 21:42 - 1999-12-01 03:15 - 00004096 _____ (Seagate Software Information Management Group, Inc.) C:\Windows\system32\p3dbdde.dll
2015-02-20 21:42 - 1999-11-15 06:53 - 00036864 _____ (Seagate Software Information Management Group, Inc.) C:\Windows\system32\p3sevde.dll
2015-02-20 21:42 - 1999-11-08 06:15 - 00020480 _____ (Seagate Software Information Management Group, Inc.) C:\Windows\system32\p3tdode.dll
2015-02-20 21:42 - 1999-10-22 07:33 - 00565760 _____ (Microsoft Corporation) C:\Windows\system32\Msvcp50.dll
2015-02-20 21:42 - 1999-06-07 12:59 - 00801464 _____ (APEX Software Corporation) C:\Windows\system32\tdbg6.ocx
2015-02-20 21:42 - 1999-05-07 01:00 - 00414944 _____ (Microsoft Corporation ) C:\Windows\system32\Comct332.ocx
2015-02-20 21:42 - 1999-05-07 01:00 - 00198640 _____ (Microsoft Corporation) C:\Windows\system32\Mci32.ocx
2015-02-20 21:42 - 1999-05-07 01:00 - 00082960 _____ (Microsoft Corporation) C:\Windows\system32\PicClp32.ocx
2015-02-20 21:42 - 1998-10-30 03:02 - 00595968 _____ (KL Group Inc.) C:\Windows\system32\Resizer.dll
2015-02-20 21:42 - 1998-10-30 03:02 - 00187904 _____ (KL Group Inc.) C:\Windows\system32\ResizerPPG.ocx
2015-02-20 21:42 - 1998-10-30 03:02 - 00132608 _____ (KL Group Inc.) C:\Windows\system32\ResizableControl.dll
2015-02-20 21:42 - 1998-10-30 03:02 - 00058880 _____ (KL Group Inc.) C:\Windows\system32\ResizableControlPPG.ocx
2015-02-20 21:42 - 1998-07-06 01:00 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\Mscc2de.dll
2015-02-20 21:42 - 1998-07-06 01:00 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\MSComDE.dll
2015-02-20 21:42 - 1998-06-24 01:00 - 00103744 _____ (Microsoft Corporation) C:\Windows\system32\MSCOMM32.OCX
2015-02-20 21:42 - 1998-06-18 01:00 - 00299008 _____ (Microsoft Corporation) C:\Windows\system32\MSDBRPTR.DLL
2015-02-20 21:42 - 1998-04-24 01:00 - 00005807 _____ () C:\Windows\system32\MSCALDEU.TLB
2015-02-20 21:42 - 1998-04-24 00:00 - 00250128 _____ (Microsoft Corporation) C:\Windows\system32\Mspdox35.dll
2015-02-20 21:42 - 1998-04-24 00:00 - 00250128 _____ (Microsoft Corporation) C:\Windows\system32\Msexcl35.dll
2015-02-20 21:42 - 1998-04-24 00:00 - 00166160 _____ (Microsoft Corporation) C:\Windows\system32\Msltus35.dll
2015-02-20 21:42 - 1998-04-24 00:00 - 00165648 _____ (Microsoft Corporation) C:\Windows\system32\Mstext35.dll
2015-02-20 21:42 - 1997-07-30 12:47 - 00099866 _____ (Microsoft Corporation) C:\Windows\system32\VB5DE.dll
2015-02-20 21:42 - 1997-01-10 21:37 - 00182784 _____ (Microsoft Corporation) C:\Windows\system32\ddao35.dll
2015-02-20 21:41 - 2015-02-20 22:00 - 00000000 ____D () C:\Program Files\Common Files\BAUSET
2015-02-20 21:41 - 1998-06-17 01:00 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\MFC42LOC.DLL
2015-02-20 21:41 - 1997-09-04 09:37 - 03782416 _____ () C:\Windows\system32\mso97.dll
2015-02-20 21:38 - 2013-02-15 17:31 - 00000000 ____D () C:\Users\Norbert\Downloads\mHpl Frei 50
2015-02-19 09:26 - 2015-02-19 09:26 - 00000000 ____D () C:\Users\Norbert\eTeks
2015-02-18 15:07 - 2015-03-07 18:16 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-02-18 15:06 - 2015-02-18 15:07 - 132469808 _____ (AVAST Software) C:\Users\Norbert\Downloads\avast_free_antivirus_setup (1).exe
2015-02-18 15:04 - 2015-02-18 15:05 - 132469808 _____ (AVAST Software) C:\Users\Norbert\Downloads\avast_free_antivirus_setup.exe
2015-02-18 14:46 - 2015-02-18 14:46 - 00000000 ____D () C:\Windows\system32\directx
2015-02-18 14:45 - 2015-02-18 14:47 - 00000000 ____D () C:\Users\Norbert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rigs of Rods 0.38.67
2015-02-18 14:45 - 2015-02-18 14:45 - 00000000 ____D () C:\Users\Norbert\Documents\Rigs of Rods 0.38
2015-02-18 14:44 - 2015-02-18 14:47 - 00000000 ___DC () C:\Program Files\Rigs of Rods 0.38
2015-02-18 14:42 - 2015-02-18 14:43 - 139017086 _____ (www.rigsofrods.com) C:\Users\Norbert\Downloads\RoR-Setup-0.38.67.exe
2015-02-17 06:50 - 2015-02-17 06:50 - 00000000 ____D () C:\Users\Norbert\AppData\Roaming\SuperEasy Software
2015-02-16 13:45 - 2015-02-16 13:45 - 00011919 _____ () C:\Users\Norbert\Documents\Mayerbrugger Masse.xlsx
2015-02-15 20:56 - 2015-02-17 07:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sigel
2015-02-15 11:54 - 2004-12-07 11:11 - 00258352 _____ (Microsoft Corporation) C:\Windows\system32\unicows.dll
2015-02-12 21:24 - 2015-03-09 22:49 - 00577478 _____ () C:\Windows\PFRO.log
2015-02-12 16:34 - 2015-01-23 04:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-12 16:34 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-11 19:47 - 2015-01-15 08:46 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 19:47 - 2015-01-15 08:46 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-11 19:47 - 2015-01-15 08:43 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-11 19:47 - 2015-01-15 08:43 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-11 19:47 - 2015-01-15 08:42 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 19:47 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-11 19:47 - 2015-01-15 08:42 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-11 19:47 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-11 19:47 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-11 19:47 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-11 19:47 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 19:47 - 2015-01-15 05:21 - 00369968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 19:47 - 2015-01-09 02:45 - 02380288 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-11 19:46 - 2015-02-04 03:54 - 00482304 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-11 19:46 - 2015-02-04 03:53 - 00767488 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-11 19:46 - 2015-02-04 03:53 - 00621056 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-11 19:46 - 2015-02-04 03:53 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-11 19:46 - 2015-02-04 03:53 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-11 19:46 - 2015-02-04 03:53 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-02-11 19:46 - 2015-02-04 03:49 - 00886784 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-11 19:46 - 2015-01-28 00:36 - 01167520 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-02-11 19:46 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-02-11 19:46 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 19:46 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 19:45 - 2015-01-14 06:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-11 19:45 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 19:45 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 19:45 - 2015-01-12 03:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-11 19:45 - 2015-01-12 03:21 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-11 19:45 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 19:45 - 2015-01-12 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-11 19:45 - 2015-01-12 03:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-11 19:45 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-11 19:45 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 19:45 - 2015-01-12 03:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-11 19:45 - 2015-01-12 02:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-11 19:45 - 2015-01-12 02:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-11 19:45 - 2015-01-12 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-11 19:45 - 2015-01-12 02:55 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-11 19:45 - 2015-01-12 02:48 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-11 19:45 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 19:45 - 2015-01-12 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-11 19:45 - 2015-01-12 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-11 19:45 - 2015-01-12 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 19:45 - 2015-01-12 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-11 19:45 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 19:45 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 19:45 - 2015-01-12 02:23 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-11 19:45 - 2015-01-12 02:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-11 19:45 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 19:45 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 19:45 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 19:45 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-11 19:45 - 2015-01-10 07:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-11 19:45 - 2015-01-10 07:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-11 19:45 - 2015-01-10 07:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-11 19:45 - 2015-01-10 07:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-11 19:45 - 2015-01-10 07:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-11 19:45 - 2015-01-10 07:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-11 19:45 - 2015-01-10 07:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-11 19:45 - 2014-12-12 06:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-11 19:45 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 19:26 - 2015-03-10 12:00 - 00009548 _____ () C:\Windows\error.log
2015-02-11 19:26 - 2015-03-10 11:59 - 00004312 _____ () C:\Windows\setupact.log
2015-02-11 19:26 - 2015-03-10 11:59 - 00002133 _____ () C:\Windows\errord.log
2015-02-11 19:26 - 2015-02-11 19:26 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-10 14:03 - 2014-07-16 10:24 - 00036664 _____ (TuneUp Software) C:\Windows\system32\TURegOpt.exe
2015-02-10 14:03 - 2014-07-16 10:24 - 00025400 _____ (TuneUp Software) C:\Windows\system32\authuitu.dll
2015-02-10 14:02 - 2015-02-10 14:02 - 00002161 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2014.lnk
2015-02-10 14:02 - 2015-02-10 14:02 - 00000000 ____D () C:\Users\Norbert\AppData\Local\TuneUp Software
2015-02-10 14:02 - 2015-02-10 14:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2014
2015-02-10 14:01 - 2015-02-23 15:02 - 00000000 ___DC () C:\Program Files\TuneUp Utilities 2014
2015-02-10 13:59 - 2015-03-07 10:29 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-10 15:20 - 2011-06-06 21:30 - 400114688 _____ () C:\Users\Norbert\Documents\Outlook.pst
2015-03-10 15:16 - 2010-07-04 20:01 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-10 15:12 - 2014-11-06 19:47 - 00001128 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2427394065-3725693352-322908783-1001UA.job
2015-03-10 14:29 - 2012-04-16 00:40 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-10 12:46 - 2010-05-27 18:32 - 01630572 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-10 12:16 - 2010-07-04 20:01 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-10 12:10 - 2009-07-14 05:34 - 00020992 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-10 12:10 - 2009-07-14 05:34 - 00020992 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-10 12:07 - 2011-02-02 22:46 - 01786293 _____ () C:\Windows\WindowsUpdate.log
2015-03-10 12:00 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-10 11:29 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2015-03-09 22:22 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\NDF
2015-03-08 17:06 - 2014-12-19 13:23 - 00000000 ____D () C:\Users\Norbert\AppData\Roaming\AllDup
2015-03-08 15:53 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-03-08 12:56 - 2010-05-27 18:29 - 00000000 ____D () C:\Users\Norbert
2015-03-07 22:10 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE
2015-03-07 21:04 - 2010-06-01 10:37 - 00000000 ____D () C:\Program Files\Google
2015-03-07 19:20 - 2012-10-03 08:39 - 00000000 ____D () C:\Users\Norbert\AppData\Local\Mozilla
2015-03-07 19:19 - 2013-01-19 21:53 - 00000000 ___DC () C:\Program Files\Mozilla Firefox
2015-03-07 18:16 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\wfp
2015-03-07 18:16 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\registration
2015-03-07 18:08 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2015-03-07 12:44 - 2013-02-16 09:31 - 00000000 ___DC () C:\Program Files\JAM Software
2015-03-07 12:44 - 2013-02-16 09:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TreeSize Free
2015-03-07 12:41 - 2012-05-18 09:04 - 00000000 ____D () C:\Users\Norbert\AppData\Roaming\GHISLER
2015-03-07 12:24 - 2010-08-28 18:58 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-03-07 12:12 - 2014-11-14 18:33 - 00000158 _____ () C:\Windows\Reimage.ini
2015-03-07 11:58 - 2014-09-20 09:51 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR
2015-03-06 22:44 - 2011-01-17 15:26 - 00000000 ___DC () C:\Log
2015-03-06 17:12 - 2014-11-06 19:47 - 00001076 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2427394065-3725693352-322908783-1001Core.job
2015-03-06 16:44 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\AppCompat
2015-03-06 13:34 - 2014-08-05 09:55 - 00000000 ____D () C:\ProgramData\Package Cache
2015-03-06 13:33 - 2013-07-31 11:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-03-06 13:27 - 2014-04-30 20:29 - 00000000 ___HD () C:\ProgramData\CanonIJScan
2015-03-06 13:27 - 2013-04-15 14:36 - 00000000 ____D () C:\Users\Norbert\AppData\Roaming\Spamihilator
2015-03-06 13:25 - 2014-10-30 16:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2015-03-06 13:25 - 2014-10-30 16:43 - 00000000 ___DC () C:\Program Files\Sony
2015-03-06 13:25 - 2014-10-17 16:52 - 00000000 ___DC () C:\Program Files\Sony Mobile
2015-03-06 13:25 - 2014-10-17 16:52 - 00000000 ____D () C:\ProgramData\Sony Mobile
2015-03-06 13:25 - 2013-08-10 20:21 - 00000000 ____D () C:\Users\Norbert\AppData\Roaming\Opera Software
2015-03-06 13:25 - 2012-11-25 22:03 - 00000000 ____D () C:\Users\Norbert\Desktop\Bilder
2015-03-06 13:25 - 2010-05-31 13:59 - 00000000 ____D () C:\Users\Norbert\AppData\Roaming\Ahnenblatt
2015-03-06 13:24 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public
2015-03-06 13:20 - 2014-11-01 07:56 - 00000000 ____D () C:\Users\Norbert\Desktop\Friaul
2015-03-06 13:19 - 2010-03-12 10:21 - 00000000 ____D () C:\Users\Norbert Fohr\AppData\Roaming\IObit
2015-03-06 13:19 - 2009-01-31 19:19 - 00000000 ____D () C:\Users\Norbert Fohr\AppData\Roaming\OpenOffice.org
2015-03-06 13:19 - 2008-12-08 15:50 - 00000000 ____D () C:\Users\Norbert Fohr\AppData\Local\IM
2015-03-06 13:19 - 2007-08-20 17:39 - 00000000 ____D () C:\Users\Norbert Fohr\AppData\Roaming\Mozilla
2015-03-06 13:19 - 2007-08-20 17:39 - 00000000 ____D () C:\Users\Norbert Fohr\AppData\Local\Mozilla
2015-03-06 13:19 - 2007-04-02 21:58 - 00000000 ____D () C:\Users\Norbert Fohr\AppData\Roaming\CyberLink
2015-03-06 13:19 - 2007-03-26 15:30 - 00000000 ____D () C:\Users\Norbert Fohr\AppData\Roaming\Adobe
2015-03-06 13:19 - 2007-03-26 15:30 - 00000000 ____D () C:\Users\Norbert Fohr\AppData\Local\Adobe
2015-03-06 13:19 - 2007-03-26 10:35 - 00000000 ____D () C:\Users\Norbert Fohr\Documents\Privat
2015-03-06 13:19 - 2007-03-26 09:37 - 00000000 ____D () C:\Users\Norbert Fohr\AppData\Local\VirtualStore
2015-03-06 13:19 - 2007-03-26 09:37 - 00000000 ____D () C:\Users\Norbert Fohr
2015-03-06 13:16 - 2013-07-31 11:14 - 00000000 ___DC () C:\Program Files\Avira
2015-03-06 12:46 - 2013-08-10 20:21 - 00000000 ____D () C:\Users\Norbert\AppData\Local\Opera Software
2015-03-06 10:10 - 2013-02-13 21:48 - 00000000 ____D () C:\Users\Norbert\AppData\Roaming\JAM Software
2015-03-03 16:34 - 2013-03-03 13:49 - 00039424 ___SH () C:\Users\Norbert\Thumbs.db
2015-02-27 20:36 - 2014-06-14 11:29 - 00000000 ____D () C:\AdwCleaner
2015-02-27 17:58 - 2009-07-14 05:52 - 00000000 ____D () C:\Windows\Offline Web Pages
2015-02-26 12:22 - 2014-12-20 20:04 - 00000000 ____D () C:\Users\Norbert\Documents\My Digital Editions
2015-02-26 08:36 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\tracing
2015-02-25 21:20 - 2010-05-28 08:39 - 00000000 ____D () C:\Users\Norbert\Desktop\Vermietung
2015-02-25 16:46 - 2010-05-28 08:39 - 00000000 ____D () C:\Users\Norbert\Desktop\Buchhaltung
2015-02-25 12:17 - 2010-05-27 19:39 - 00000000 ____D () C:\Users\Norbert\AppData\Local\Microsoft Help
2015-02-24 21:07 - 2010-05-28 08:47 - 00000000 ____D () C:\Users\Norbert\Documents\Privat
2015-02-24 20:21 - 2010-06-01 10:54 - 00000000 ____D () C:\Users\Norbert\AppData\Local\Google
2015-02-24 17:41 - 2010-08-25 12:27 - 00000000 ____D () C:\Windows\Downloaded Installations
2015-02-24 03:23 - 2010-05-27 18:53 - 00246920 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-02-22 20:54 - 2013-02-12 21:15 - 00005169 _____ () C:\Users\Norbert\Documents\Fixit50388.reg
2015-02-22 20:04 - 2010-05-27 19:39 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-20 21:42 - 2014-05-14 15:29 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2015-02-18 16:48 - 2014-12-02 10:08 - 00000000 ____D () C:\Users\Norbert\Downloads\ihre_telekom_mobilfunk_december_2014 (1)(3)
2015-02-18 14:46 - 2007-04-08 22:20 - 00000000 ____D () C:\Temp
2015-02-15 12:10 - 2012-12-02 14:26 - 00000000 ___DC () C:\Program Files\MyHeritage
2015-02-15 11:56 - 2012-12-02 14:27 - 00000000 ____D () C:\Users\Norbert\Documents\MyHeritage
2015-02-15 11:45 - 2010-05-31 13:59 - 00000000 ____D () C:\Users\Norbert\Documents\Ahnenblatt
2015-02-12 17:13 - 2014-02-03 09:50 - 00710656 ___SH () C:\Users\Norbert\Desktop\Thumbs.db
2015-02-12 08:34 - 2012-12-14 09:33 - 00352736 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-12 08:32 - 2014-12-10 22:30 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-12 08:32 - 2014-05-07 12:28 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-11 21:05 - 2013-08-03 06:56 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-11 20:56 - 2010-06-03 12:15 - 113756392 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-10 15:59 - 2013-02-14 19:03 - 00000000 __SHD () C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2015-02-10 15:59 - 2012-05-13 18:27 - 00000000 __SHD () C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2015-02-10 15:59 - 2011-01-17 16:14 - 00000000 ____D () C:\Users\Norbert\AppData\Local\Downloaded Installations
2015-02-10 15:51 - 2011-01-17 15:35 - 00000000 ____D () C:\ProgramData\TuneUp Software
2015-02-10 14:02 - 2011-01-17 15:36 - 00000000 ____D () C:\Users\Norbert\AppData\Roaming\TuneUp Software
2015-02-10 09:45 - 2009-07-14 05:53 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

==================== Files in the root of some directories =======

2014-04-29 16:25 - 2014-09-04 19:22 - 15000576 _____ (LastPass) C:\Program Files\Common Files\lpuninstall.exe
2012-02-20 11:46 - 2012-02-20 17:00 - 0007730 _____ () C:\Users\Norbert\AppData\Roaming\.freeciv-client-rc-2.3
2014-03-29 16:21 - 2014-04-02 22:45 - 0009933 _____ () C:\Users\Norbert\AppData\Roaming\.freeciv-client-rc-2.4
2014-01-25 15:20 - 2014-01-25 15:20 - 0012963 _____ () C:\Users\Norbert\AppData\Roaming\Kommagetrennte Werte (Windows).CAL
2015-02-27 19:50 - 2015-02-27 20:26 - 0000115 _____ () C:\Users\Norbert\AppData\Roaming\LogFile.txt
2014-11-01 10:38 - 2014-11-01 10:38 - 0012964 _____ () C:\Users\Norbert\AppData\Roaming\Microsoft Excel 97-2003.CAL
2015-03-06 17:08 - 2015-03-06 21:49 - 14454784 _____ () C:\Users\Norbert\AppData\Roaming\Sandra.mdb
2013-12-20 14:41 - 2014-03-30 17:42 - 0000158 _____ () C:\Users\Norbert\AppData\Roaming\WB.CFG
2011-05-12 08:20 - 2011-05-12 08:20 - 0000000 ____H () C:\Users\Norbert\AppData\Local\BIT74C1.tmp
2011-06-15 09:50 - 2011-06-15 09:50 - 0000000 ____H () C:\Users\Norbert\AppData\Local\BITCA02.tmp
2011-01-06 12:24 - 2014-07-20 16:06 - 0013312 _____ () C:\Users\Norbert\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-01-10 17:45 - 2014-01-10 17:45 - 0000036 _____ () C:\Users\Norbert\AppData\Local\housecall.guid.cache
2011-01-13 15:02 - 2011-01-26 18:47 - 0007607 _____ () C:\Users\Norbert\AppData\Local\resmon.resmoncfg
2011-06-15 09:50 - 2011-06-15 09:50 - 0000000 _____ () C:\Users\Norbert\AppData\Local\{0B661C8B-9FC1-4E66-A045-5155F06F1CD8}
2011-06-14 12:34 - 2011-06-14 12:34 - 0000000 _____ () C:\Users\Norbert\AppData\Local\{5DF91D43-A0A6-4FA5-BC23-7A1C844E9BA5}
2011-05-12 08:20 - 2011-05-12 08:20 - 0000000 _____ () C:\Users\Norbert\AppData\Local\{8B72A529-5C34-402D-995A-49875747BF6F}
2011-03-08 11:11 - 2014-05-01 21:08 - 0003857 _____ () C:\ProgramData\hpzinstall.log

Some content of TEMP:
====================
C:\Users\Norbert\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-06 08:53

==================== End Of Log ============================
         

--- --- ---

--- --- ---

--- --- ---

Ich danke Dir sehr für die Hilfe - Schritt 1 bis 4 ist glaube ich erledigt. Ich weiss nicht, ob noch etwas getan werden sollte.

Grüße
Norbert

hallo sunjojo,

habe jetzt erst Dein posting von heute 13 Uhr 06 gelesen.
Ich kann Dir leider keine genauere Auskunft darüber geben - der Sicherheitshinweis von Avira verschwand gleich wieder.

Grüße
Norbert

Hi,

alles klar, die Logfiles sehen soweit ganz gut aus.

Mehrere Antivirenprogramme

Code: Alles auswählenAufklappen

ATTFilter

Avira Desktop
avast! Antivirus
         

Mir ist aufgefallen, dass du mehrere Antivirenprogramme mit jeweils einem Hintergrundwächter laufen hast. Das ist gefährlich, da sich die Virenwächter in die Quere kommen können und dadurch nicht den vollen Schutz bieten. Außerdem wird das System ausgebremst. Entscheide dich für eine Variante und deinstalliere die andere:

Windows XP: Start --> Systemsteuerung --> Kategorieansicht auswählen (falls nicht voreingestellt) --> Software
Windows Vista/7: Start --> Systemsteuerung --> Anzeige (oben-rechts) auf Kategorie stellen (falls nicht voreingestellt) --> Programme deinstallieren (Unterpunkt von Programme)
Windows 8: Suchen --> "Systemsteuerung" in das Suchfeld eingeben --> Systemsteuerung auswählen --> Programme deinstallieren (Unterpunkt von Programme)

Zitat:

derzeit sind die Probleme weg, bis auf die Länge des Internetverbindungsaufbaues. Abstürze gab es vorläufig keine.

Das hört sich doch schonmal gut an. Äußert sich der lange Internetaufbau darin, dass du beim Start des Computers lange warten musst, bis eine Verbindung besteht oder dass du generell lange warten musst, bis z.b. Internetseiten geladen werden. Seid wann besteht das Problem und was hast du bereits probiert, um dies zu lösen?

Hi,
ich habe avast entfernt.
Die Internet Aufbaudauer hat sich inzwischen wesentlich gebessert. Nach Hochfahren des Laptops (wenn der Bildschirm schon komplett ist) dauert es nur mehr ca. 1 Minute, bis die Internetverbindung da ist. Ich nehme an, dass das o.k. ist.
Das ganze hat vor ca. 2 Wochen begonnen (Abstürze, Einfrieren, lange Wartezeiten, langsame Reaktion des Laptops).
Dann habe ich leider auf Anraten einiger Freunde etliches probiert (Reinigungsprogramme, Virenschutzprogramme, etc.), aber es ist nur noch schlechter geworden.
Jetzt scheint alles wieder in Ordnung zu sein!
Habe ich Dir das zu verdanken?
Wenn ja, kann ich Dir nur ein dickes DANKE sagen!
Sollte von meiner Seite noch etwas zu tun sein, werde ich es gerne erledigen.

liebe Grüße
Norbert

Hi,

Zitat:

Die Internet Aufbaudauer hat sich inzwischen wesentlich gebessert. Nach Hochfahren des Laptops (wenn der Bildschirm schon komplett ist) dauert es nur mehr ca. 1 Minute, bis die Internetverbindung da ist. Ich nehme an, dass das o.k. ist.

Jop, ich denke 1 Minute ist auf jeden Fall in Ordnung .

Zitat:

Jetzt scheint alles wieder in Ordnung zu sein!

Dann wären wir fertig.


Cleanup
Falls du Malwarebytes Anti-Malware und den ESET Online Scanner nicht mehr behalten möchtest, kannst du diese über die Systemsteuerung deinstallieren. Ich empfehle dir, mindestens ein Programm zu behalten (näheres in den Tipps).

Windows XP: Start --> Systemsteuerung --> Kategorieansicht auswählen (falls nicht voreingestellt) --> Software
Windows Vista/7: Start --> Systemsteuerung --> Anzeige (oben-rechts) auf Kategorie stellen (falls nicht voreingestellt) --> Programme deinstallieren (Unterpunkt von Programme)
Windows 8: Suchen --> "Systemsteuerung" in das Suchfeld eingeben --> Systemsteuerung auswählen --> Programme deinstallieren (Unterpunkt von Programme)

Die Reihenfolge ist hier entscheidend.

1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
   • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
   • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
   • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
3. Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
   • Schließe alle offenen Programme.
   • Starte die delfix.exe mit einem Doppelklick.
   • Setze vor jede Funktion ein Häkchen.
   • Klicke auf Start.
   • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
   • Starte deinen Rechner abschließend neu.
4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

In deinen Logfiles sehe ich im Moment keine schädlichen Einträge mehr, du bist in meinen Augen Clean. Für die Zukunft habe ich dir Tipps aufgeschrieben, damit du uns in nächster Zeit nicht mehr brauchst .




Tipps - Frequently Asked Questions (FAQ)/Häufig gestellte Fragen

Welcher Antivirenscanner ist der beste?

• Die Antwort auf die Frage ist im Grunde einfach: keiner. Es gibt keinen Antivirenscanner, der immer alle Schädlinge sofort erkennt und dich 100%ig schützt. Alles vom Menschen geschaffene ist fehlerhaft und es ist ratsam, sich nur begrenzt darauf zu verlassen. Das heißt nicht, dass die Verwendung eines Antivirenprogramms keinen Sinn macht, aber es sollte als zusätzliche Hilfe angesehen werden. Die Hauptverantwortung liegt bei dir und deinem Verhalten im Internet selbst.

• Benutze nur einen Antivirenscanner/Hintergrundwächter, niemals zwei oder mehrere. Diese könnten sich gegenseitig blockieren und dir mehr schaden, als helfen. Achte darauf, dass immer die neuesten Updates heruntergeladen werden. Ein veralteter Antivirenscanner ist nutzlos!
  • Ein gutes Antivirenprogramm ist Emsisoft Anti-Malware.

• Außerdem kannst du dein Betriebssystem mit On-Demand Sannern überprüfen. Solche Scanner laufen nicht permanent im Hintergrund, sondern scannen nur "auf Knopfdruck" dein System. Damit holst du dir eine zweite Meinung ein. Gute On-Demand Scanner, die auch wir zur Kontrolle benutzen, sind Malwarebytes Anti Malware und der ESET Online Scanner.
  • Malwarebytes Anti-Malware (Anleitung zur Verwendung) ist eines der besten und zuverlässigsten Programme in der Malwareentfernung. Scanne dein System einmal pro Woche oder einmal in zwei Wochen.
  • Der ESET Online Scanner (Anleitung zur Verwendung) ist kostenlos und scannt dein System und deine Dateien sehr gründlich. Deswegen kann der Scan bei vielen Dateien mehrere Stunden dauern. Scanne dein System nach deinem eigenem Ermessen. Falls schädliche Dateien gefunden werden, handle nicht eigenmächtig!

Aber Updates muss ich immer installieren, oder?

• Die Aktualität von Software ist sehr wichtig und unbedingt notwendig. Veraltete Programme stellen Schwachstellen dar, die sich Angreifer gerne zur Nutze machen. Daher ist es wichtig, immer die neueste Version der jeweiligen Software installiert zu haben. Dies fängt beim Betriebssystem an. Du solltest das neueste Service Pack installiert und automatische Updates eingeschaltet haben.

  Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
  Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  Windows 8: Suchen --> "Systemsteuerung" in das Suchfeld eingeben --> Systemsteuerung auswählen --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren

• Häufig werden Sicherheitslücken von älteren Java Versionen, dem Flash-Player und PDF-Reader ausgenutzt. Du kannst hier überprüfen, ob diese häufig missbrauchte Software aktuell ist: PluginCheck

• Außerdem empfehle ich dir den http://www.trojaner-board.de/83959-s...tml#post510373. Dieser überprüft, ob du veraltete Software auf deinem Rechner verwendest und kann sie in manchen Fällen automatisch updaten.

Ok, muss ich auf etwas achten, wenn ich im Internet surfe?

• Mit dem richtigen Verhalten im Internet fängt der Schutz vor Infektionen an. Es gibt inzwischen viele virtuelle Betrugsversuche oder Tricks zum Täuschen, sowie im echten Leben. Um sich dort zu schützen, hast du bestimmte Angewohnheiten. Diese können auf das Surfverhalten übertragen werden. Zur Verdeutlichung stelle ich dir einen kleinen Vergleich zum Leben her:
  
  

  Verhalten im Leben	Verhalten im Internet
  Du überprüfst vorher die Läden, in denen du einkaufst.	Klicke nicht auf alle Seiten/Werbungen/PopUps, weil diese bunt sind oder tolle Preise versprechen.
  Du achtest auf die Qualität, wenn du Produkte kaufst.	Lade dir Programme nur von original Herstellerseiten herunter und nicht von Softonic oder ähnlichem. Diese birgen häufig die Gefahr, sich zusätzlich Adware herunterzuladen.
  Du öffnest keine Briefe oder Pakete ohne zu gucken, von wem diese sind.	Öffne nur Anhänge von Emails, wenn der Absender bekannt ist. Überprüfe, ob zum Beispiel eine Rechnung im Anhang wirklich von der Firma versendet wurde. Häufig werden gefälschte Emails mit schädlichem Anhang verschickt!

  
  Handle mit Bedacht und überlege zuerst, bevor du etwas anklickst, herunterlädst oder öffnest!

• Vermeide das Besuchen von pornographischen, Pokerspiel oder weiteren dubiosen Webseiten. Diese birgen ein besonders großes Infektionsrisiko.

Welche Programme sollte ich nicht verwenden?

• Wenn du neue Software installierst, besteht häufig die Auswahl, eine weitere Toolbar (oder ähnliches) zu installieren. Entferne generell den Haken bei optionalen Zusatzprogrammen. Diese verlangsamen in der Regel deinen Browser und können ein erhöhtes Infektionsrisiko bedeuten.

• Registry Cleaner versprechen meist einen großen Performancegewinn, wenn verwaiste Einträge in der Regsitry entfernt werden. Dieser angebliche Gewinn ist kaum bis gar nicht bemerkbar. Außerdem wird häufig verschwiegen, dass falsche Änderungen der Registry zu schwerwiegenden Folgen führen können. Deswegen sollte so wenig wie möglich an der Registry verändert werden. Zerstörst du die Registry, zerstörst du Windows!

• Filesharing oder Peer-to-Peer Programme ermöglichen es, Dateien mit anderen Nutzern auszutauschen. Es ist möglich, dass du dir eine infizierte Datei herunterlädst (auch versteckt in angeblich legalen Versionen von bekannten Programmen). Du kannst niemals wissen, woher diese stammen. Daher sollte diese Art von Software mit äußerster Vorsicht oder gar nicht benutzt werden.
  • Lade dir vor allem keine Cracks (illegale Version einer Software) herunter. Das ist rechtlich nicht erlaubt und du kannst dafür bestraft werden. Außerdem ist bei solcher Software das Infektionsrisiko am höchsten, da Cracks sehr häufig versteckte Malware enthalten.

Gibt es noch weitere Tipps, um mich zu schützen?

• Achte auf die Endung von Dateien, die dir zugesendet wurden. Häufig versuchen Malwareschreiber mit Tricks wie Rechnung.pdf.exe dich zu täuschen. Wenn die Dateiendung ausgeblendet wird, bleibt Rechnung.pdf übrig, was den Anschein einer normalen PDF-Datei macht. Lass dir daher bekannte Dateiendung anzeigen (Anleitung: http://www.trojaner-board.de/59624-a...-sichtbar.html)

• Surfe mit einem Konto mit eingeschränkten Rechten. Durch Administratorrechte kann Malware ohne Probleme zahlreiche Änderungen am System vornehmen, zum Beispiel Sicherheitseinstellungen verändern oder auf Systemdateien zugreifen.
• Verwende nicht immer das gleiche Passwort. Falls dein Passwort durch entsprechende Malware herausgefunden wird, könnte auf alle Konten von dir zugegriffen werden.

• Lege in regelmäßigen Abständen Backups (Was sind Backups?) von deinem System an. Dadurch ist ein Datenverlust durch Malware oder Hardwareschäden verkraftbar und es ist vergleichsweise einfach, den Rechner auf den Stand des letzten Backups zu bringen. Damit du deine Daten nicht manuell sichern musst, gibt es Backup-Programme wie Paragon Backup & Recovery.

• Deaktiviere das Autorun-Feature von Windows. Dies ermöglicht, dass zum Beispiel CDs, DVDs oder Programme auf USB-Sticks alleine starten. Häufig nutzen Malwareschreiber genau diese Funktion aus. In solchen Fällen befindet sich Malware auf dem USB-Stick und wird automatisch beim Anschließen an den Computer ausgeführt. Um das zu verhinden, deaktiviere die Autorun-Funktion: http://www.trojaner-board.de/83238-a...sschalten.html.

Wenn dich das Thema Computersicherheit interessiert und du noch mehr Tipps und Tricks zum Schutz deines Rechners haben willst, ist der Emsisoft Blog genau richtig für dich .


Wenn du die Arbeit des Trojaner-Boards unterstützen möchtest, kannst du gerne spenden .

Ich wünsche dir eine schöne und malwarefreie Zeit .

hi,

ich habe alles nach Deinen Anregungen befolgt und das Virenprogramm Emsisoft Anti-Malware heruntergeladen (und Avira deinstalliert). Mein Wartungsprogramm erkennt aber scheinbar dieses Anti-Virenprogramm nicht, denn es fordert mich immer wieder auf, online nach einem zu suche. Ich habe aber mit Emsisoft das System gescannt. Dabei ist folgendes herausgekommen:

Emsisoft Anti-Malware - Version 9.0
Letztes Update: 12.03.2015 12:05:56
Benutzerkonto: Norbert-PC\Norbert

Scan-Einstellungen:

Scan Methode: Smart Scan
Objekte: Rootkits, Speicher, Traces, C:\Windows\, C:\Program Files\

PUPs-Erkennung: An
Archiv-Scan: Aus
ADS Scan: An
Dateitypen-Filter: Aus
Erweitertes Caching: An
Direkter Festplattenzugriff: Aus

Scan-Beginn: 12.03.2015 12:08:30
C:\ProgramData\apn gefunden: Application.AppInstall (A)
C:\Users\Norbert\AppData\Roaming\drivercure gefunden: Application.AppInstall (A)
C:\Users\Norbert\AppData\Roaming\getrighttogo gefunden: Application.AppInstall (A)
C:\Users\Norbert\AppData\Roaming\speedmaxpc gefunden: Application.AppInstall (A)
C:\Users\Norbert\AppData\Local\iac gefunden: Application.AppInstall (A)
C:\Windows\Reimage.ini gefunden: Application.AdImage (A)
Key: HKEY_USERS\S-1-5-21-2427394065-3725693352-322908783-1001\SOFTWARE\ASCENTIVE gefunden: Application.Win32.SpyStrike (A)
Key: HKEY_USERS\S-1-5-21-2427394065-3725693352-322908783-1001\SOFTWARE\CONDUIT gefunden: Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CONDUIT gefunden: Application.InstallAd (A)
Key: HKEY_USERS\S-1-5-21-2427394065-3725693352-322908783-1001\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F} gefunden: Application.Win32.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96} gefunden: Application.AdReg (A)
Key: HKEY_USERS\S-1-5-21-2427394065-3725693352-322908783-1001\SOFTWARE\SPEEDMAXPC gefunden: Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\SPEEDMAXPC gefunden: Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\REIMAGE gefunden: Application.AdImage (A)
Key: HKEY_USERS\S-1-5-21-2427394065-3725693352-322908783-1001\SOFTWARE\REIMAGE gefunden: Application.AdImage (A)
C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll gefunden: Adware.Linkury.N (B)

Gescannt 179812
Gefunden 16

Scan-Ende: 12.03.2015 13:57:07
Scan-Zeit: 1:48:37

Soll ich diese 16 in Quarantäne verschieben?

Ansonsten nochmals herzlichsten Dank
Nofo

Hi,

Zitat:

ich habe alles nach Deinen Anregungen befolgt und das Virenprogramm Emsisoft Anti-Malware heruntergeladen (und Avira deinstalliert). Mein Wartungsprogramm erkennt aber scheinbar dieses Anti-Virenprogramm nicht, denn es fordert mich immer wieder auf, online nach einem zu suche.

Das Problem hatte ich auch. Hast du mal den Rechner neugestartet? Bei mir wurde Emsisoft Anti-Malware danach erkannt.

Zitat:

Ich habe aber mit Emsisoft das System gescannt. Dabei ist folgendes herausgekommen:

Ja, kannst du machen. Das sind alles Reste, die bei unserem Löschvorgang übrig geblieben sind, weil diese in keinen Logfiles angezeigt wurden. Die Ordner/Dateien/Registrykeys richten, da sie keinen Startpunkt haben, auch keinen Schaden mehr an.

Hast du sonst noch Fragen?

Hi,
danke für die vielen Tipps, ich werde sie gerne befolgen.

Gestern ist mir Outlook Express 2007 2x für ca. 10 Minuten eingefroren, sonst läuft alles wieder prima!
Heute läuft alles bisher klaglos. Zumindest fast: wenn ich hier oder auch in Word schreibe, kommen manchmal Buchstabenblöcke oder Worte erst mit Verzögerung. Ist das normal? Bisher ist mir das nicht aufgefallen.
Grüße
Norbert

Hi,

Zitat:

Heute läuft alles bisher klaglos. Zumindest fast: wenn ich hier oder auch in Word schreibe, kommen manchmal Buchstabenblöcke oder Worte erst mit Verzögerung. Ist das normal? Bisher ist mir das nicht aufgefallen.

Ja, das ist normal und kann manchmal auftreten .

Hallo nofo,

schön, dass wir dir helfen konnten .

Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht, damit erhalte ich keine Benachrichtungen über neue Antworten in diesem Thread. Solltest Du das Thema erneut brauchen, schicke mir bitte eine private Nachricht.

Jeder Andere bitte hier klicken und einen eigenen Thread erstellen.