Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Wie werde ich die wizebar in Firefox wieder los?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 12.03.2015, 21:37   #1
frankpaul
 
Wie werde ich die wizebar in Firefox wieder los? - Standard

Wie werde ich die wizebar in Firefox wieder los?



Hallo,
ich habe mir irgendwie eine wizebar eingefangen, die jedesmal aufpopt, wenn ich Firefox starte.
Da ich aktuell nicht installiert habe, ist es mir völlig schleierhaft, wie ich mir das eingefangen habe. Mir ist jedoch aufgefallen, dass mein Laptop, das ich gestern Abend nicht heruntergefahren habe, sondern nur den Bildschirm heruntergeklappt habe, nachts plötzlich ansprang und erst durch öffnen und erneutes zuklappen des Bildschirms wieder in den Ruhemodus ging.
ich habe gegoogelt und an einigen Stellen gelesen, dass ich in Firefox die addons kontrollieren soll.- Da komme ich aber gar nicht hin, da nach 2 Sekunden die Bildschirm blass wird und die wizebar öffnet.
Ich habe Firefox deinstalliert und neu installiert (Firefox restaurieren), aber ohne Erfolg.
Ich habe AdwCleaner gestartet, hier ist die log file:AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v4.112 - Bericht erstellt 12/03/2015 um 21:21:52
# Aktualisiert 09/03/2015 von Xplode
# Datenbank : 2015-03-05.1 [Server]
# Betriebssystem : Windows 7 Professional Service Pack 1 (x86)
# Benutzername : Frank Fietz - FRANKFIETZ-PC
# Gestarted von : C:\Users\Frank Fietz\Desktop\AdwCleaner_4.112.exe
# Option : Suchlauf

***** [ Dienste ] *****

Dienst Gefunden : APNMCP

***** [ Dateien / Ordner ] *****

Datei Gefunden : C:\Users\Frank Fietz\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cjpglkicenollcignonpgiafdgfeehoj_0.localstorage
Datei Gefunden : C:\Users\Frank Fietz\AppData\Roaming\Mozilla\Firefox\Profiles\yjp2khet.default\Extensions\{5ebdca98-43b3-45bb-87e0-716029fb42ab}.xpi
Datei Gefunden : C:\Users\Frank Fietz\AppData\Roaming\Mozilla\Firefox\Profiles\yjp2khet.default\searchplugins\search.xml
Datei Gefunden : C:\Users\Frank Fietz\AppData\Roaming\Mozilla\Firefox\Profiles\yjp2khet.default\user.js
Ordner Gefunden : C:\Program Files\AskPartnerNetwork
Ordner Gefunden : C:\Program Files\Uniblue
Ordner Gefunden : C:\ProgramData\apn
Ordner Gefunden : C:\ProgramData\AskPartnerNetwork
Ordner Gefunden : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
Ordner Gefunden : C:\SoftwareUpdater
Ordner Gefunden : C:\Users\Admin\AppData\Local\AskPartnerNetwork
Ordner Gefunden : C:\Users\Büro\AppData\Local\AskPartnerNetwork
Ordner Gefunden : C:\Users\Büro\AppData\LocalLow\pdfforge
Ordner Gefunden : C:\Users\Büro\AppData\LocalLow\Search Settings
Ordner Gefunden : C:\Users\Büro\Desktop\Delta
Ordner Gefunden : C:\Users\Frank Fietz\AppData\Local\AskPartnerNetwork
Ordner Gefunden : C:\Users\Frank Fietz\AppData\Local\DownloadGuide
Ordner Gefunden : C:\Users\Frank Fietz\AppData\Local\OpenCandy
Ordner Gefunden : C:\Users\Frank Fietz\AppData\Roaming\Mozilla\Firefox\Profiles\yjp2khet.default\Extensions\{5ebdca98-43b3-45bb-87e0-716029fb42ab}.xpi
Ordner Gefunden : C:\Users\Frank Fietz\AppData\Roaming\Mozilla\Firefox\Profiles\yjp2khet.default\Extensions\ffxtlbr@searchya.com
Ordner Gefunden : C:\Users\Frank Fietz\AppData\Roaming\Uniblue
Ordner Gefunden : C:\Users\FRANKF~1\AppData\Local\Temp\apn

***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Daten Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
Schlüssel Gefunden : HKCU\Software\AskPartnerNetwork
Schlüssel Gefunden : HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{41564952-412D-5637-00A7-7A786E7484D7}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{41564952-412D-5637-00A7-7A786E7484D7}
Schlüssel Gefunden : HKCU\Software\searchya.com
Schlüssel Gefunden : HKLM\SOFTWARE\AskPartnerNetwork
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{1973277F-87B0-4EA3-9ED2-470A91D284CF}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{41564952-412D-5637-00A7-7A786E7484D7}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{44CBC005-6243-4502-8A02-3A096A282664}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{80703783-E415-4EE3-AB60-D36981C5A6F1}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{D8278076-BC68-4484-9233-6E7F1628B56C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{F297534D-7B06-459D-BC19-2DD8EF69297B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{80703783-E415-4EE3-AB60-D36981C5A6F1}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{9945959C-AAD8-4312-8B57-2DE11927E770}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{EEA63863-87BC-4DCA-A5B5-EB97E3B04806}
Schlüssel Gefunden : HKLM\SOFTWARE\covus freemium gmbh
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaacalgebmfelllfiaoknifldpngjh
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.apn.native_messaging_host_aaaaacalgebmfelllfiaoknifldpngjh
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{30F5AB16-9F1E-4E99-93F2-ECB9ABB0EC12}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{41564952-412D-5637-00A7-7A786E7484D7}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}
Schlüssel Gefunden : HKLM\SOFTWARE\Uniblue
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Main [Backup.old.Start Page]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{41564952-412D-5637-00A7-7A786E7484D7}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnTbMon]

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17689


-\\ Mozilla Firefox v36.0.1 (x86 de)

[yjp2khet.default] - Zeile Gefunden : user_pref("extensions.enabledAddons", "ffxtlbr%40searchya.com:1.5.1,%7B5ebdca98-43b3-45bb-87e0-716029fb42ab%7D:9.5.3,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:35.0.1");
[yjp2khet.default] - Zeile Gefunden : user_pref("extensions.searchya.aflt", "foxtab");
[yjp2khet.default] - Zeile Gefunden : user_pref("extensions.searchya.autoRvrt", false);
[yjp2khet.default] - Zeile Gefunden : user_pref("extensions.searchya.cntry", "DE");
[yjp2khet.default] - Zeile Gefunden : user_pref("extensions.searchya.dfltLng", "");
[yjp2khet.default] - Zeile Gefunden : user_pref("extensions.searchya.dfltSrch", true);
[yjp2khet.default] - Zeile Gefunden : user_pref("extensions.searchya.dnsErr", true);
[yjp2khet.default] - Zeile Gefunden : user_pref("extensions.searchya.envrmnt", "production");
[yjp2khet.default] - Zeile Gefunden : user_pref("extensions.searchya.excTlbr", false);
[yjp2khet.default] - Zeile Gefunden : user_pref("extensions.searchya.hdrMd5", "35DF7325170BEEE367CDF021AB922424");
[yjp2khet.default] - Zeile Gefunden : user_pref("extensions.searchya.hmpg", true);
[yjp2khet.default] - Zeile Gefunden : user_pref("extensions.searchya.hmpgUrl", "hxxp://www.searchya.com/?s=0&a=foxtab&chnl=ft-100&cd=2XzuyEtN2Y1L1Qzu0CyEyEyCtCzy0E0Ezy0BtB0BtCyB0EyEtN0D0Tzu0CtBtCtBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1152074174"[...]
[yjp2khet.default] - Zeile Gefunden : user_pref("extensions.searchya.id", "C44619EE9B2B17E4");
[yjp2khet.default] - Zeile Gefunden : user_pref("extensions.searchya.instlDay", "15551");
[yjp2khet.default] - Zeile Gefunden : user_pref("extensions.searchya.instlRef", "ft-100");
[yjp2khet.default] - Zeile Gefunden : user_pref("extensions.searchya.isdcmntcmplt", true);
[yjp2khet.default] - Zeile Gefunden : user_pref("extensions.searchya.lastVrsnTs", "1.5.25.020:56:14");
[yjp2khet.default] - Zeile Gefunden : user_pref("extensions.searchya.mntrFFxVrsn", "15.0");
[yjp2khet.default] - Zeile Gefunden : user_pref("extensions.searchya.mntrvrsn", "1.3.0");
[yjp2khet.default] - Zeile Gefunden : user_pref("extensions.searchya.newTab", true);
[yjp2khet.default] - Zeile Gefunden : user_pref("extensions.searchya.newTabUrl", "hxxp://www.searchya.com/?s=2&a=foxtab&chnl=ft-100&cd=2XzuyEtN2Y1L1Qzu0CyEyEyCtCzy0E0Ezy0BtB0BtCyB0EyEtN0D0Tzu0CtBtCtBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=115207417[...]
[yjp2khet.default] - Zeile Gefunden : user_pref("extensions.searchya.pnu_base", "{\"newVrsn\":\"65\",\"lastVrsn\":\"65\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"showSilent\":\"true\",\"msgTs\":0,\"lstMsgTs\":\"0\"}");
[yjp2khet.default] - Zeile Gefunden : user_pref("extensions.searchya.prdct", "searchya");
[yjp2khet.default] - Zeile Gefunden : user_pref("extensions.searchya.propectorlck", 82235039);
[yjp2khet.default] - Zeile Gefunden : user_pref("extensions.searchya.prtkds", 0);
[yjp2khet.default] - Zeile Gefunden : user_pref("extensions.searchya.prtkhmpg", 0);
[yjp2khet.default] - Zeile Gefunden : user_pref("extensions.searchya.prtnrId", "searchya");
[yjp2khet.default] - Zeile Gefunden : user_pref("extensions.searchya.sg", "none");
[yjp2khet.default] - Zeile Gefunden : user_pref("extensions.searchya.smplGrp", "none");
[yjp2khet.default] - Zeile Gefunden : user_pref("extensions.searchya.srchPrvdr", "Search");
[yjp2khet.default] - Zeile Gefunden : user_pref("extensions.searchya.tlbrId", "base");
[yjp2khet.default] - Zeile Gefunden : user_pref("extensions.searchya.tlbrSrchUrl", "hxxp://www.searchya.com/?s=3&a=foxtab&chnl=ft-100&cd=2XzuyEtN2Y1L1Qzu0CyEyEyCtCzy0E0Ezy0BtB0BtCyB0EyEtN0D0Tzu0CtBtCtBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1152074[...]
[yjp2khet.default] - Zeile Gefunden : user_pref("extensions.searchya.vrsn", "1.5.25.0");
[yjp2khet.default] - Zeile Gefunden : user_pref("extensions.searchya.vrsnTs", "1.5.25.020:56:14");
[yjp2khet.default] - Zeile Gefunden : user_pref("extensions.searchya.vrsni", "1.5.25.0");
[yjp2khet.default] - Zeile Gefunden : user_pref("extensions.searchya_i.newTab", true);
[yjp2khet.default] - Zeile Gefunden : user_pref("extensions.searchya_i.smplGrp", "none");
[yjp2khet.default] - Zeile Gefunden : user_pref("extensions.searchya_i.vrsnTs", "1.5.25.020:56:14");
[yjp2khet.default] - Zeile Gefunden : user_pref("extensions.xpiState", "{\"app-profile\":{\"ffxtlbr@searchya.com\":{\"d\":\"C:\\\\Users\\\\Frank Fietz\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\yjp2khet.default\\\\extensio[...]

-\\ Google Chrome v

*************************

AdwCleaner[R0].txt - [10710 Bytes] - [12/03/2015 21:21:52]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [10770 Bytes] ##########
         
--- --- ---




Ich muss noch sagen, dass ich ein absolut Ahnungsloser bin. Insofern bitte bei Empfehlungen und Fragen so tun, als ob man es mit einem Säugling zu tun hätte

Ich bitte um Hilfe und bedanke mich schon einmal vorab !

Frank

Alt 12.03.2015, 21:40   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Wie werde ich die wizebar in Firefox wieder los? - Standard

Wie werde ich die wizebar in Firefox wieder los?



Hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 12.03.2015, 23:08   #3
frankpaul
 
Wie werde ich die wizebar in Firefox wieder los? - Standard

Wie werde ich die wizebar in Firefox wieder los?



Hallo,
hier die FRST.txt:
FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by Frank Fietz (administrator) on FRANKFIETZ-PC on 12-03-2015 23:04:15
Running from C:\Users\Frank Fietz\Desktop
Loaded Profiles: Frank Fietz & Büro & Admin (Available profiles: Frank Fietz & Büro & Admin)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_41f81f5ce017c35c\stacsv.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchService.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(DigitalPersona, Inc.) C:\Program Files\DigitalPersona\Bin\DpHostW.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_41f81f5ce017c35c\AEstSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
(Apple Computer, Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
() C:\Program Files\STMicroelectronics\Accelerometer\InstallFilterService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
() C:\Program Files\STMicroelectronics\Accelerometer\FF_Protection.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Creative Technology Ltd) C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(DigitalPersona, Inc.) C:\Program Files\DigitalPersona\Bin\DpAgent.exe
(Microsoft) C:\dell\DBRM\Reminder\DbrmTrayicon.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
(Nikon Corporation) C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(APN) C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Acresso Software Inc.) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
() C:\Program Files\STMicroelectronics\Accelerometer\FF_Protection.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Creative Technology Ltd) C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(DigitalPersona, Inc.) C:\Program Files\DigitalPersona\Bin\DpAgent.exe
(Microsoft) C:\dell\DBRM\Reminder\DbrmTrayicon.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(APN) C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPNetworkCommunicator.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_16_0_0_305_ActiveX.exe
() C:\Users\Frank Fietz\Desktop\AdwCleaner_4.112.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1602856 2010-01-07] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [495708 2010-01-05] (IDT, Inc.)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NVHotkey] => rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3853080 2009-12-18] (Dell Inc.)
HKLM\...\Run: [FreeFallProtection] => C:\Program Files\STMicroelectronics\Accelerometer\FF_Protection.exe [2384896 2009-07-22] ()
HKLM\...\Run: [PDVDDXSrv] => C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2009-12-29] (CyberLink Corp.)
HKLM\...\Run: [Dell Webcam Central] => C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd)
HKLM\...\Run: [DpAgent] => C:\Program Files\DigitalPersona\Bin\dpagent.exe [842816 2009-05-12] (DigitalPersona, Inc.)
HKLM\...\Run: [DBRMTray] => C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe [203776 2009-11-12] (Microsoft)
HKLM\...\Run: [NWEReboot] => [X]
HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [620152 2006-10-22] (Adobe Systems Inc.)
HKLM\...\Run: [Nikon Message Center 2] => C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe [570880 2013-12-27] (Nikon Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [SwitchBoard] => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS6ServiceManager] => C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [703280 2015-03-11] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [ApnTBMon] => C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1934744 2015-01-27] (APN)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [127792 2015-02-12] (Avira Operations GmbH & Co. KG)
HKLM\...\RunOnce: [DBRMTray] => C:\Dell\DBRM\Reminder\TrayApp.exe [7168 2010-02-04] (Microsoft)
HKU\S-1-5-21-3583340597-3711195315-3280567221-1000\...\Run: [msnmsgr] => C:\Program Files\Windows Live\Messenger\msnmsgr.exe [3883840 2009-07-26] (Microsoft Corporation)
HKU\S-1-5-21-3583340597-3711195315-3280567221-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3583340597-3711195315-3280567221-1000\...\Run: [HP Photosmart 5520 series (NET)] => C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe [1837672 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-3583340597-3711195315-3280567221-1000\...\MountPoints2: {9404f231-7b01-11df-b51e-c44619ee9b2b} - "F:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-3583340597-3711195315-3280567221-1000\...\MountPoints2: {abff56d5-7aae-11df-a400-a4badbcc28cf} - "E:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-3583340597-3711195315-3280567221-1000\...\MountPoints2: {faf7b043-70cc-11df-bd02-806e6f6e6963} - D:\setup.exe
HKU\S-1-5-21-3583340597-3711195315-3280567221-1003\...\MountPoints2: {faf7b043-70cc-11df-bd02-806e6f6e6963} - D:\loomes.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2013-03-20] (Microsoft Corporation)
Lsa: [Notification Packages] scecli DPPWDFLT
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat - Schnellstart.lnk
ShortcutTarget: Adobe Acrobat - Schnellstart.lnk -> C:\Windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
ShortcutTarget: Adobe Reader Synchronizer.lnk -> C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3583340597-3711195315-3280567221-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKU\S-1-5-21-3583340597-3711195315-3280567221-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USSMB/8
HKU\S-1-5-21-3583340597-3711195315-3280567221-1000\Software\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = hxxp://g.uk.msn.com/USSMB/8
HKU\S-1-5-21-3583340597-3711195315-3280567221-1003\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3583340597-3711195315-3280567221-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USSMB/8
HKU\S-1-5-21-3583340597-3711195315-3280567221-1004\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {30F5AB16-9F1E-4E99-93F2-ECB9ABB0EC12} URL = hxxp://www.searchya.com/?q={searchTerms}&s=1&a=foxtab&chnl=ft-100&cd=2XzuyEtN2Y1L1Qzu0CyEyEyCtCzy0E0Ezy0BtB0BtCyB0EyEtN0D0Tzu0CtBtCtBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1152074174
SearchScopes: HKLM -> Backup.Old.DefaultScope {95ABE1F7-5A46-45DA-991F-33A173BAE842}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {30F5AB16-9F1E-4E99-93F2-ECB9ABB0EC12} URL = hxxp://www.searchya.com/?q={searchTerms}&s=1&a=foxtab&chnl=ft-100&cd=2XzuyEtN2Y1L1Qzu0CyEyEyCtCzy0E0Ezy0BtB0BtCyB0EyEtN0D0Tzu0CtBtCtBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1152074174
SearchScopes: HKLM -> {95ABE1F7-5A46-45DA-991F-33A173BAE842} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDS&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3583340597-3711195315-3280567221-1000 -> DefaultScope {95ABE1F7-5A46-45DA-991F-33A173BAE842} URL = 
SearchScopes: HKU\S-1-5-21-3583340597-3711195315-3280567221-1000 -> Backup.Old.DefaultScope {95ABE1F7-5A46-45DA-991F-33A173BAE842}
SearchScopes: HKU\S-1-5-21-3583340597-3711195315-3280567221-1000 -> {30F5AB16-9F1E-4E99-93F2-ECB9ABB0EC12} URL = 
SearchScopes: HKU\S-1-5-21-3583340597-3711195315-3280567221-1000 -> {95ABE1F7-5A46-45DA-991F-33A173BAE842} URL = 
SearchScopes: HKU\S-1-5-21-3583340597-3711195315-3280567221-1003 -> DefaultScope {7C2B5568-686E-4B38-A2DB-925C15EC1081} URL = hxxp://www.google.de/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3583340597-3711195315-3280567221-1003 -> {7C2B5568-686E-4B38-A2DB-925C15EC1081} URL = hxxp://www.google.de/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3583340597-3711195315-3280567221-1003 -> {95ABE1F7-5A46-45DA-991F-33A173BAE842} URL = 
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO: DigitalPersona Fingerprint Software Extension -> {395610AE-C624-4f58-B89E-23733EA00F9A} -> C:\Program Files\DigitalPersona\Bin\DpOtsPluginIe8.dll [2009-05-12] (DigitalPersona, Inc.)
BHO: Avira SearchFree Toolbar -> {41564952-412D-5637-00A7-7A786E7484D7} -> C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll [2015-01-27] (APN LLC.)
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2012-12-07] (Oracle Corporation)
BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22] (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2012-12-07] (Oracle Corporation)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22] (Adobe Systems Incorporated)
Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll [2015-01-27] (APN LLC.)
Toolbar: HKLM - Free PDF Perfect - {EFC2B9BE-AB2B-47F1-A47D-9EB28E58C917} - C:\Program Files\Freemium\Free PDF Perfect\ieagent32.dll [2013-08-14] (soft Xpansion)
Toolbar: HKU\S-1-5-21-3583340597-3711195315-3280567221-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKU\S-1-5-21-3583340597-3711195315-3280567221-1000 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-3583340597-3711195315-3280567221-1003 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-3583340597-3711195315-3280567221-1003 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-11-28] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Winsock: Catalog5 06 C:\Program Files\Bonjour\mdnsNSP.dll [94208] (Apple Computer, Inc.)
Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 20 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Tcpip\Parameters: [DhcpNameServer] 80.69.100.102 192.168.0.1
Tcpip\..\Interfaces\{85FC32D2-AC82-4B23-9895-F4110319D42E}: [NameServer] 192.168.254.254

FireFox:
========
FF ProfilePath: C:\Users\Frank Fietz\AppData\Roaming\Mozilla\Firefox\Profiles\yjp2khet.default
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-06] ()
FF Plugin: @java.com/DTPlugin,version=10.9.2 -> C:\Windows\system32\npDeployJava1.dll [2012-12-07] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.9.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2012-12-07] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin: @soft-xpansion/npsxpdf -> C:\Program Files\Common Files\Freemium\np-sxpdf.dll [2013-08-14] (soft-Xpansion)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-05-23] (Wacom)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-05-08] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3583340597-3711195315-3280567221-1000: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-05-23] (Wacom)
FF user.js: detected! => C:\Users\Frank Fietz\AppData\Roaming\Mozilla\Firefox\Profiles\yjp2khet.default\user.js [2012-07-30]
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL [2007-03-22] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-05-08] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Frank Fietz\AppData\Roaming\Mozilla\Firefox\Profiles\yjp2khet.default\searchplugins\Search.xml [2012-07-30]
FF Extension: searchya.com - C:\Users\Frank Fietz\AppData\Roaming\Mozilla\Firefox\Profiles\yjp2khet.default\Extensions\ffxtlbr@searchya.com [2012-07-30]
FF Extension: Ghostery - C:\Users\Frank Fietz\AppData\Roaming\Mozilla\Firefox\Profiles\yjp2khet.default\Extensions\firefox@ghostery.com.xpi [2014-02-08]
FF Extension: Avira SearchFree Toolbar plus Web Protection - C:\Users\Frank Fietz\AppData\Roaming\Mozilla\Firefox\Profiles\yjp2khet.default\Extensions\toolbar_AVIRA-V7@apn.ask.com.xpi [2013-07-26]
FF Extension: SearchYa NewTab - C:\Users\Frank Fietz\AppData\Roaming\Mozilla\Firefox\Profiles\yjp2khet.default\Extensions\{5ebdca98-43b3-45bb-87e0-716029fb42ab}.xpi [2013-10-09]
FF HKLM\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files\DigitalPersona\Bin\FirefoxExt
FF Extension: DigitalPersona Extension - C:\Program Files\DigitalPersona\Bin\FirefoxExt [2010-06-06]
FF HKLM\...\Firefox\Extensions: [{B45418F9-6406-4828-9D1A-35313FB1E2D6}] - C:\ProgramData\Freemium\Free PDF Perfect\Data\fftb
FF Extension: Free PDF Perfect - C:\ProgramData\Freemium\Free PDF Perfect\Data\fftb [2013-08-14]
FF HKLM\...\Thunderbird\Extensions: [{B45418F9-6406-4828-9D1A-35313FB1E2D6}] - C:\ProgramData\Freemium\Free PDF Perfect\Data\fftb
FF HKU\S-1-5-21-3583340597-3711195315-3280567221-1000\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files\DigitalPersona\Bin\firefoxext
FF HKU\S-1-5-21-3583340597-3711195315-3280567221-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
FF HKU\S-1-5-21-3583340597-3711195315-3280567221-1003\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files\DigitalPersona\Bin\firefoxext
FF HKU\S-1-5-21-3583340597-3711195315-3280567221-1004\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files\DigitalPersona\Bin\firefoxext
FF HKU\S-1-5-21-3583340597-3711195315-3280567221-1004\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi

Chrome: 
=======
CHR Profile: C:\Users\Frank Fietz\AppData\Local\Google\Chrome\User Data\Default
CHR HKLM\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx [2015-02-05]
CHR HKLM\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [cjpglkicenollcignonpgiafdgfeehoj] - C:\Users\FRANKF~1\AppData\Local\speeddial.crx [2012-07-30]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3583340597-3711195315-3280567221-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [cjpglkicenollcignonpgiafdgfeehoj] - C:\Users\FRANKF~1\AppData\Local\speeddial.crx [2012-07-30]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [432888 2015-03-11] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [432888 2015-03-11] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [992504 2015-03-11] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [177560 2015-01-27] (APN LLC.)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [184056 2015-02-12] (Avira Operations GmbH & Co. KG)
R2 Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed]
R2 DpHost; C:\Program Files\DigitalPersona\Bin\DpHostW.exe [322624 2009-05-12] (DigitalPersona, Inc.) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 InstallFilterService; C:\Program Files\STMicroelectronics\Accelerometer\InstallFilterService.exe [60928 2009-11-30] () [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_41f81f5ce017c35c\STacSV.exe [229458 2010-01-05] (IDT, Inc.)
S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 SXDS10; C:\Program Files\Common Files\soft Xpansion\sxds10.exe [234096 2013-08-14] (soft Xpansion)
R2 TabletServiceWacom; C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe [7470496 2012-08-02] (Wacom Technology, Corp.)
R2 TouchServiceWacom; C:\Program Files\Tablet\Wacom\Wacom_TouchService.exe [481696 2012-08-02] (Wacom Technology, Corp.)
R2 vcsFPService; C:\Windows\system32\vcsFPService.exe [1656112 2009-07-13] (Validity Sensors, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 Acceler; C:\Windows\System32\DRIVERS\Acceler.sys [41648 2009-12-02] (ST Microelectronics)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105864 2015-03-11] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2015-03-11] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-27] (Avira Operations GmbH & Co. KG)
S3 hidkmdf; C:\Windows\System32\DRIVERS\hidkmdf.sys [11680 2012-06-21] (Windows (R) Win 7 DDK provider)
R2 risdpcie; C:\Windows\System32\DRIVERS\risdpe86.sys [49152 2009-06-30] (REDC)
R2 rixdpcie; C:\Windows\System32\DRIVERS\rixdpe86.sys [38400 2009-07-04] (REDC)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-08-11] (Avira GmbH)
S3 WacHidRouter; C:\Windows\System32\DRIVERS\wachidrouter.sys [57760 2012-06-21] (Wacom Technology)
S3 wacomrouterfilter; C:\Windows\System32\DRIVERS\wacomrouterfilter.sys [13688 2012-05-22] (Wacom Technology)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-12 23:04 - 2015-03-12 23:05 - 00028186 _____ () C:\Users\Frank Fietz\Desktop\FRST.txt
2015-03-12 23:04 - 2015-03-12 23:04 - 00000000 ____D () C:\FRST
2015-03-12 23:03 - 2015-03-12 23:03 - 01135104 _____ (Farbar) C:\Users\Frank Fietz\Desktop\FRST.exe
2015-03-12 22:52 - 2015-03-12 22:52 - 00017517 _____ () C:\Users\Frank Fietz\Desktop\get-mirror-server.htm
2015-03-12 21:21 - 2015-03-12 21:23 - 00000000 ____D () C:\AdwCleaner
2015-03-12 21:20 - 2015-03-12 21:21 - 02171392 _____ () C:\Users\Frank Fietz\Desktop\AdwCleaner_4.112.exe
2015-03-12 21:11 - 2015-03-12 21:11 - 00001123 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-03-12 21:11 - 2015-03-12 21:11 - 00001111 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-03-12 21:11 - 2015-03-12 21:11 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-03-12 21:05 - 2015-03-12 21:05 - 00243528 _____ () C:\Users\Frank Fietz\Downloads\Firefox Setup Stub 36.0.1.exe
2015-03-12 20:57 - 2015-03-12 20:57 - 40824144 _____ () C:\Users\Admin\Downloads\Firefox_Setup_36.0.1.exe
2015-03-11 14:57 - 2015-02-26 04:11 - 02381312 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-11 14:57 - 2015-02-24 03:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-11 14:57 - 2015-02-21 01:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-11 14:57 - 2015-02-21 01:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-11 14:57 - 2015-02-21 01:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-11 14:57 - 2015-02-21 01:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-11 14:57 - 2015-02-21 00:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-11 14:57 - 2015-02-20 03:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-11 14:57 - 2015-02-20 03:22 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-11 14:57 - 2015-02-20 03:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-11 14:57 - 2015-02-20 03:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-11 14:57 - 2015-02-20 03:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-11 14:57 - 2015-02-20 03:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-11 14:57 - 2015-02-20 03:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-11 14:57 - 2015-02-20 03:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-11 14:57 - 2015-02-20 03:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-11 14:57 - 2015-02-20 02:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-11 14:57 - 2015-02-20 02:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-11 14:57 - 2015-02-20 02:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-11 14:57 - 2015-02-20 02:56 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-11 14:57 - 2015-02-20 02:50 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-11 14:57 - 2015-02-20 02:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-11 14:57 - 2015-02-20 02:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-11 14:57 - 2015-02-20 02:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-11 14:57 - 2015-02-20 02:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-11 14:57 - 2015-02-20 02:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-11 14:57 - 2015-02-20 02:24 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-11 14:57 - 2015-02-20 02:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-11 14:57 - 2015-02-20 02:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-11 14:57 - 2015-02-20 01:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-11 14:57 - 2015-02-20 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-11 14:57 - 2015-02-13 06:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-11 14:57 - 2015-02-03 04:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-11 14:57 - 2015-01-17 03:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-11 14:56 - 2015-03-06 06:15 - 00137656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-11 14:56 - 2015-03-06 06:15 - 00067512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-11 14:56 - 2015-03-06 06:10 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-11 14:56 - 2015-03-06 06:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-11 14:56 - 2015-03-06 06:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-11 14:56 - 2015-03-06 06:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-11 14:56 - 2015-03-06 06:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-11 14:56 - 2015-03-06 06:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-11 14:56 - 2015-03-06 06:10 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-11 14:56 - 2015-03-06 06:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-11 14:56 - 2015-03-06 06:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-11 14:56 - 2015-03-06 06:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-11 14:56 - 2015-03-06 06:10 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-11 14:56 - 2015-03-06 06:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-11 14:56 - 2015-03-06 06:09 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-11 14:56 - 2015-03-06 06:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-11 14:56 - 2015-03-06 06:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-11 14:56 - 2015-03-06 06:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-11 14:56 - 2015-02-20 05:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-11 14:56 - 2015-02-20 05:13 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-11 14:56 - 2015-02-20 05:13 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-11 14:56 - 2015-02-20 05:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-11 14:56 - 2015-02-20 04:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-11 14:56 - 2015-02-04 03:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-11 14:56 - 2015-02-03 04:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-03-11 14:56 - 2015-02-03 04:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-11 14:56 - 2015-02-03 04:16 - 00078784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-11 14:56 - 2015-02-03 04:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-11 14:56 - 2015-02-03 04:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-11 14:56 - 2015-02-03 04:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-11 14:56 - 2015-02-03 04:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-11 14:56 - 2015-02-03 04:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-11 14:56 - 2015-02-03 04:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-11 14:56 - 2015-02-03 04:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-11 14:56 - 2015-02-03 04:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-11 14:56 - 2015-02-03 04:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-11 14:56 - 2015-02-03 04:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-11 14:56 - 2015-02-03 04:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-11 14:56 - 2015-02-03 04:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-11 14:56 - 2015-02-03 04:12 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-11 14:56 - 2015-02-03 04:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-11 14:56 - 2015-02-03 04:00 - 00593920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-11 14:56 - 2015-01-31 00:56 - 00370488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-11 14:56 - 2014-06-28 01:21 - 00455752 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-03-11 14:55 - 2015-02-03 04:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-11 14:55 - 2015-02-03 04:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-11 14:55 - 2015-02-03 04:12 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-11 14:55 - 2015-02-03 04:12 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-11 14:55 - 2015-02-03 04:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-11 14:55 - 2015-02-03 04:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-11 14:55 - 2015-02-03 04:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-11 14:55 - 2015-02-03 04:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-11 14:55 - 2015-02-03 04:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-11 14:55 - 2015-02-03 04:12 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-11 14:55 - 2015-02-03 04:11 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-11 14:55 - 2015-02-03 04:11 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-11 14:55 - 2015-02-03 04:11 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-11 14:55 - 2014-10-31 23:22 - 00521384 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-11 14:55 - 2014-06-28 01:21 - 00409272 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-03-11 14:29 - 2015-02-03 04:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-11 14:29 - 2015-02-03 04:12 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-11 14:29 - 2015-02-03 04:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-11 14:29 - 2015-02-03 04:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-11 14:29 - 2015-02-03 04:12 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-11 14:29 - 2015-02-03 04:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-11 14:29 - 2015-02-03 04:12 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-11 14:29 - 2015-02-03 04:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-11 14:29 - 2015-02-03 04:12 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-11 14:29 - 2015-02-03 04:12 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-11 14:29 - 2015-02-03 04:12 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-11 14:29 - 2015-02-03 04:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-03-11 14:29 - 2015-02-03 04:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-03-11 14:29 - 2015-02-03 04:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-03-11 14:29 - 2015-02-03 04:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-11 14:29 - 2015-02-03 04:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-11 14:29 - 2015-02-03 04:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-11 14:29 - 2015-02-03 04:11 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-11 14:29 - 2015-02-03 04:11 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-11 14:29 - 2015-02-03 04:11 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-11 14:29 - 2015-02-03 04:10 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-11 14:29 - 2015-02-03 04:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-11 14:29 - 2015-02-03 04:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-11 14:29 - 2015-02-03 03:26 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-02-25 03:02 - 2015-01-09 00:44 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-02-18 20:51 - 2015-03-12 07:07 - 00000000 ____D () C:\Windows\rescache
2015-02-16 21:57 - 2015-02-16 22:00 - 00000022 _____ () C:\Users\Frank Fietz\Downloads\Details.zip
2015-02-11 03:12 - 2014-10-04 02:42 - 03221504 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-02-11 03:12 - 2014-10-04 02:42 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2015-02-11 03:11 - 2015-02-04 03:54 - 00482304 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-11 03:11 - 2015-02-04 03:53 - 00767488 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-11 03:11 - 2015-02-04 03:53 - 00621056 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-11 03:11 - 2015-02-04 03:53 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-11 03:11 - 2015-02-04 03:53 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-11 03:11 - 2015-02-04 03:53 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-02-11 03:11 - 2015-02-04 03:49 - 00886784 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-11 03:11 - 2015-01-28 00:36 - 01167520 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-02-11 03:11 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 03:09 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-10 20:53 - 2015-01-09 03:48 - 00635904 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-02-10 20:53 - 2015-01-09 03:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-02-10 20:53 - 2015-01-09 03:48 - 00027136 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-02-10 12:42 - 2015-02-10 12:42 - 00000000 ____D () C:\Users\Admin\AppData\Local\Nemetschek_Allplan_GmbH
2015-02-10 12:36 - 2015-02-10 12:36 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Nemetschek

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-12 23:00 - 2009-07-14 05:55 - 01345804 _____ () C:\Windows\WindowsUpdate.log
2015-03-12 22:38 - 2012-05-25 23:25 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-12 22:06 - 2015-01-16 10:06 - 00000402 _____ () C:\Windows\Tasks\Allplan AutoUpdate 2011.job
2015-03-12 21:16 - 2011-05-21 14:36 - 00000000 ____D () C:\Users\Frank Fietz\Tracing
2015-03-12 21:15 - 2009-07-14 05:34 - 00025424 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-12 21:15 - 2009-07-14 05:34 - 00025424 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-12 21:11 - 2015-01-26 21:26 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-03-12 21:07 - 2010-06-05 19:06 - 00242376 _____ () C:\Windows\PFRO.log
2015-03-12 21:07 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-12 21:07 - 2009-07-14 05:39 - 00117852 _____ () C:\Windows\setupact.log
2015-03-12 20:03 - 2015-01-16 10:06 - 00000658 _____ () C:\Windows\Tasks\WebContent AutoUpdate 2011.job
2015-03-12 03:33 - 2009-07-14 05:33 - 04004056 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-12 03:29 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE
2015-03-12 03:13 - 2015-01-09 12:59 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-12 03:05 - 2015-01-09 12:58 - 119837696 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-12 03:01 - 2010-06-17 19:17 - 00000000 ____D () C:\Users\Frank Fietz\AppData\Local\Adobe
2015-03-11 14:08 - 2013-08-11 08:29 - 00037896 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-03-11 14:08 - 2013-08-11 08:27 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-03-11 14:08 - 2013-08-11 08:27 - 00105864 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-03-09 09:32 - 2010-06-17 19:17 - 00000000 ____D () C:\Users\Frank Fietz\Desktop\EFH Harnackstraße 40
2015-03-05 21:23 - 2013-08-14 19:38 - 00000000 ____D () C:\ProgramData\Package Cache
2015-03-05 21:22 - 2013-08-11 08:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-03-05 21:22 - 2013-08-11 08:27 - 00000000 ____D () C:\Program Files\Avira
2015-02-28 13:47 - 2011-10-14 20:41 - 00000020 ____H () C:\ProgramData\PKP_DLet.DAT
2015-02-24 21:21 - 2011-10-21 17:01 - 00000020 ____H () C:\ProgramData\PKP_DLbx.DAT
2015-02-24 03:23 - 2010-08-15 13:58 - 00246920 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-02-12 19:32 - 2014-12-10 03:19 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-12 19:32 - 2014-05-01 02:02 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-12 19:32 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\tracing

==================== Files in the root of some directories =======

2015-01-26 12:49 - 2015-01-26 12:49 - 0007218 _____ () C:\Users\Frank Fietz\AppData\Roaming\ContactSheetII.log
2010-06-18 23:45 - 2012-02-06 21:36 - 0000000 _____ () C:\Users\Frank Fietz\AppData\Roaming\Dictionaries
2011-10-14 20:41 - 2011-10-14 20:41 - 0000268 ___RH () C:\Users\Frank Fietz\AppData\Roaming\Displays
2011-10-14 20:41 - 2011-10-14 20:41 - 0000268 ___RH () C:\Users\Frank Fietz\AppData\Roaming\Distortion
2011-10-14 20:41 - 2011-10-14 20:41 - 0000268 ___RH () C:\Users\Frank Fietz\AppData\Roaming\Documentation
2012-08-10 17:41 - 2012-12-14 22:10 - 0000268 ___RH () C:\Users\Frank Fietz\AppData\Roaming\Equalizer
2011-10-21 17:06 - 2011-10-21 17:06 - 0000268 ___RH () C:\Users\Frank Fietz\AppData\Roaming\Jazz Kit
2015-01-26 12:49 - 2015-01-26 12:49 - 0000725 _____ () C:\Users\Frank Fietz\AppData\Roaming\Kontaktabzug II.xml
2012-09-26 20:44 - 2012-12-20 21:58 - 0001456 _____ () C:\Users\Frank Fietz\AppData\Local\Adobe Für Web speichern 13.0 Prefs
2012-07-30 19:56 - 2012-07-30 19:56 - 0384835 _____ () C:\Users\Frank Fietz\AppData\Local\speeddial.crx
2015-01-17 22:44 - 2015-01-17 22:44 - 0000057 _____ () C:\ProgramData\Ament.ini
2014-09-03 20:01 - 2014-09-03 20:01 - 0000000 _____ () C:\ProgramData\CustomDataViews
2014-09-03 20:01 - 2014-09-03 20:01 - 0000000 _____ () C:\ProgramData\Digital Light
2011-10-14 20:41 - 2011-10-14 20:41 - 0000268 ___RH () C:\ProgramData\Drum Kits
2011-10-14 20:41 - 2011-10-14 20:41 - 0000268 ___RH () C:\ProgramData\Drums
2011-10-14 20:41 - 2011-10-14 20:41 - 0000268 ___RH () C:\ProgramData\Dynamic Library
2011-10-14 20:41 - 2012-12-14 22:10 - 0000268 ___RH () C:\ProgramData\External Build System
2011-10-14 20:41 - 2011-10-14 20:41 - 0000012 ___RH () C:\ProgramData\Filesystems
2011-10-14 20:41 - 2011-10-14 20:41 - 0000012 ___RH () C:\ProgramData\Filters
2012-08-10 17:41 - 2012-12-14 22:10 - 0000012 ___RH () C:\ProgramData\Guitars
2011-10-21 17:06 - 2011-10-21 17:06 - 0000268 ___RH () C:\ProgramData\Keychains
2011-10-21 17:01 - 2015-02-24 21:21 - 0000020 ____H () C:\ProgramData\PKP_DLbx.DAT
2011-10-21 17:08 - 2014-09-03 20:01 - 0000000 ____H () C:\ProgramData\PKP_DLdu.DAT
2010-06-18 23:45 - 2012-02-06 21:36 - 0000000 ____H () C:\ProgramData\PKP_DLdw.DAT
2012-08-10 17:41 - 2012-12-14 22:10 - 0000020 ____H () C:\ProgramData\PKP_DLeo.DAT
2011-10-14 20:41 - 2014-08-17 20:04 - 0000020 ____H () C:\ProgramData\PKP_DLes.DAT
2011-10-14 20:41 - 2015-02-28 13:47 - 0000020 ____H () C:\ProgramData\PKP_DLet.DAT
2011-10-14 20:41 - 2011-10-14 20:41 - 0000020 ____H () C:\ProgramData\PKP_DLev.DAT
2011-10-21 17:06 - 2011-10-21 17:06 - 0000012 ___RH () C:\ProgramData\Spacious

Some content of TEMP:
====================
C:\Users\Admin\AppData\Local\Temp\avgnt.exe
C:\Users\Büro\AppData\Local\Temp\AskSLib.dll
C:\Users\Büro\AppData\Local\Temp\avgnt.exe
C:\Users\Frank Fietz\AppData\Local\Temp\AskSLib.dll
C:\Users\Frank Fietz\AppData\Local\Temp\atl80.dll
C:\Users\Frank Fietz\AppData\Local\Temp\avgnt.exe
C:\Users\Frank Fietz\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\Frank Fietz\AppData\Local\Temp\mfc80.dll
C:\Users\Frank Fietz\AppData\Local\Temp\mfc80u.dll
C:\Users\Frank Fietz\AppData\Local\Temp\mfcm80.dll
C:\Users\Frank Fietz\AppData\Local\Temp\mfcm80u.dll
C:\Users\Frank Fietz\AppData\Local\Temp\msvcm80.dll
C:\Users\Frank Fietz\AppData\Local\Temp\msvcp80.dll
C:\Users\Frank Fietz\AppData\Local\Temp\msvcr80.dll
C:\Users\Frank Fietz\AppData\Local\Temp\ose00000.exe
C:\Users\Frank Fietz\AppData\Local\Temp\ose00001.exe
C:\Users\Frank Fietz\AppData\Local\Temp\ose00002.exe
C:\Users\Frank Fietz\AppData\Local\Temp\ose00003.exe
C:\Users\Frank Fietz\AppData\Local\Temp\Quarantine.exe
C:\Users\Frank Fietz\AppData\Local\Temp\Setup-Wacom.exe
C:\Users\Frank Fietz\AppData\Local\Temp\sqlite3.dll
C:\Users\Frank Fietz\AppData\Local\Temp\TmDbg32.dll
C:\Users\Frank Fietz\AppData\Local\Temp\UninstManager.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-12 04:14

==================== End Of Log ============================
         
--- --- ---



und hier die Addition.txt:FRST Additions Logfile:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-03-2015
Ran by Frank Fietz at 2015-03-12 23:05:30
Running from C:\Users\Frank Fietz\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Accelerometer (HKLM\...\{87434D51-51DB-4109-B68F-A829ECDCF380}) (Version: 1.06.08.33 - STMicroelectronics)
Adobe Acrobat 8 Professional - English, Français, Deutsch (HKLM\...\Adobe Acrobat 8 Professional - English, Français, Deutsch) (Version: 8.0.0 - Adobe Systems)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Photoshop CS3 (HKLM\...\Adobe_5f143314a5d434c8511097393d17397) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Avira (HKLM\...\{d9ed6dcf-6bfc-4fbb-802e-81dd5b767d6e}) (Version: 1.1.32.25147 - Avira Operations & Co. KG)
Avira (Version: 1.1.32.25147 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 15.0.8.650 - Avira)
Avira SearchFree Toolbar (HKLM\...\{41564952-412D-5637-00A7-A758B70C1500}) (Version: 12.21.0.3946 - APN, LLC)
Avira SearchFree Toolbar (HKLM\...\{41564952-412D-5637-00A7-A758B70C1801}) (Version: 12.24.1.234 - APN, LLC)
Biet-O-Matic v2.14.12 (HKLM\...\Biet-O-Matic v2.14.12) (Version: 2.14.12 - BOM Development Team)
Capture NX 2 (HKLM\...\Capture NX 2) (Version: 2.3.4 - NIKON CORPORATION)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.3.7.2423 - CDBurnerXP)
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Dell Backup and Recovery Manager (HKLM\...\{AC474F86-9A17-4BCB-8B15-11ABFD5B7F95}) (Version: 1.2.3 - Dell Inc.)
Dell Edoc Viewer (HKLM\...\{3138EAD3-700B-4A10-B617-B3F8096EE30D}) (Version: 1.0.0 - Dell Inc)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 15.0.2.0 - Synaptics Incorporated)
Dell Webcam Central (HKLM\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd)
DigitalPersona Personal 4.01 (HKLM\...\{3D8AE086-030F-4EF4-B705-63F8130B043E}) (Version: 4.01.3765 - DigitalPersona, Inc.)
dm-Fotowelt (HKLM\...\dm-Fotowelt) (Version: 5.1.7 - CEWE Stiftung u Co. KGaA)
DW WLAN Card (HKLM\...\DW WLAN Card) (Version: 5.60.18.34 - Dell Inc.)
File Uploader (HKLM\...\{237CD223-1B9D-47E8-A76C-E478B83CCEA2}) (Version: 1.2.5 - Nikon)
FORMA "StandAlone-Version" (HKLM\...\{2CCC9712-D015-40E7-BBC3-E061FB135F8F}) (Version: 5.00.0000 - SJ Software GmbH)
fotokasten comfort 5.0 (HKLM\...\fotokasten comfort_is1) (Version:  - )
Free Pdf Perfect Prereq (HKLM\...\{dc0b7acb-e3f1-4bdb-8672-340890b4891b}) (Version: 1.1.0.70 - Covus Freemium GmbH)
Free Pdf Perfect Prereq (Version: 1.1.0.70 - Covus Freemium GmbH) Hidden
Freemium Free PDF Perfect (HKLM\...\{88265079-D6F4-4292-86BE-D2053E80BFE4}) (Version: 1.0 - Freemium)
General Runtime Files for Allplan 2011 Release (Version: 1.3.0.0 - Nemetschek Allplan GmbH) Hidden
HP Photosmart 5520 series - Grundlegende Software für das Gerät (HKLM\...\{88EFC235-396D-4A12-96AE-48C3451A0F79}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Update (HKLM\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
Intel(R) Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Ipswitch WS_FTP Pro Uninstall (HKLM\...\WS_FTPPro) (Version:  - )
Java 7 Update 9 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217009FF}) (Version: 7.0.90 - Oracle)
Java(TM) 6 Update 18 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216018FF}) (Version: 6.0.180 - Sun Microsystems, Inc.)
Junk Mail filter update (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Live! Cam Avatar Creator (HKLM\...\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}) (Version: 4.6.3009.1 - Creative Technology Ltd)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft .NET Framework 1.1 (HKLM\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 1.1 German Language Pack (HKLM\...\{E78BFA60-5393-4C38-82AB-E8019E464EB4}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Report Viewer Redistributable 2008 (KB971119) (HKLM\...\Microsoft Report Viewer Redistributable 2008 (KB971119)) (Version:  - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{39D0E034-1042-4905-BECB-5502909FCB7C}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 36.0.1 (x86 de) (HKLM\...\Mozilla Firefox 36.0.1 (x86 de)) (Version: 36.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 36.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nemetschek Allplan 2006 (HKLM\...\{53BEDB3B-BDBF-452F-B8B3-F698F03927DB}) (Version: 2006.0 - )
Nemetschek Allplan 2011 (HKLM\...\{DF71C8D1-9258-4504-89AF-BA80748CC0D2}) (Version: 2011.0 - Nemetschek Allplan GmbH)
Nemetschek SoftLock 2006 (HKLM\...\{7262D0C8-41CC-4F75-8383-A6C7C61D7FC6}) (Version: 1.00.0000 - )
Nikon Message Center (HKLM\...\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}) (Version: 0.92.000 - Nikon)
Nikon Message Center 2 (HKLM\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.1.1 - Nikon)
Nikon Movie Editor (HKLM\...\{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}) (Version: 2.9.2 - Nikon)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.57.35 - NVIDIA Corporation)
ORCA AVA (HKLM\...\ORCA AVA) (Version:  - )
PDF Settings CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
PDF Settings CS6 (Version: 11.0 - Adobe Systems Incorporated) Hidden
Picture Control Utility (HKLM\...\{87441A59-5E64-4096-A170-14EFE67200C3}) (Version: 1.4.7 - Nikon)
Picture Control Utility 2 (HKLM\...\{4946D03F-421F-480D-96C9-D6CF90640D33}) (Version: 2.0.0 - Nikon)
PowerDVD DX (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.3.6029 - CyberLink Corp.)
QuickSet32 (HKLM\...\{C4972073-2BFE-475D-8441-564EA97DA161}) (Version: 1.3.2 - Dell Inc.)
Roxio Creator DE 10.3 (HKLM\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.3 - Roxio)
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SyncBack (HKLM\...\SyncBack_is1) (Version:  - 2BrightSparks)
Uniblue RegistryBooster (HKLM\...\{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1) (Version:  - Uniblue Systems Ltd)
Validity Sensors DDK (HKLM\...\{62A20ECA-920E-4052-BF77-88C78DD20FAA}) (Version: 3.1.366 - Validity Sensors, Inc.)
ViewNX 2 (HKLM\...\{E64C137C-D0B7-467A-B47F-460AAB30F0A3}) (Version: 2.10.0 - Nikon)
Wacom Tablett (HKLM\...\Wacom Tablet Driver) (Version: 6.3.3-4 - Wacom Technology Corp.)
WebTablet FB Plugin 32 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.2 - Wacom Technology Corp.)
WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.900 - Broadcom Corporation)
Windows Live Anmelde-Assistent (HKLM\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live-Uploadtool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows-Treiberpaket - Leaf Imaging Ltd. Image  (02/11/2010 ) (HKLM\...\A35BD68D4A1B3E191138E3C9AA417190A9468F7E) (Version: 02/11/2010  - Leaf Imaging Ltd.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3583340597-3711195315-3280567221-1000_Classes\CLSID\{00B7E0AB-817A-44AD-A04B-D1148D524136}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3583340597-3711195315-3280567221-1000_Classes\CLSID\{092dfa86-5807-5a94-bf3b-5a53ba9e5308}\InprocServer32 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
CustomCLSID: HKU\S-1-5-21-3583340597-3711195315-3280567221-1000_Classes\CLSID\{7C6E29BC-8B8B-4C3D-859E-AF6CD158BE0F}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3583340597-3711195315-3280567221-1000_Classes\CLSID\{88D969C0-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3583340597-3711195315-3280567221-1000_Classes\CLSID\{88D969C1-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3583340597-3711195315-3280567221-1000_Classes\CLSID\{88D969C2-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3583340597-3711195315-3280567221-1000_Classes\CLSID\{88D969C3-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3583340597-3711195315-3280567221-1000_Classes\CLSID\{88D969C4-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3583340597-3711195315-3280567221-1000_Classes\CLSID\{88D969C5-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3583340597-3711195315-3280567221-1000_Classes\CLSID\{88D969C6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3583340597-3711195315-3280567221-1000_Classes\CLSID\{88D969C8-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3583340597-3711195315-3280567221-1000_Classes\CLSID\{88D969C9-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3583340597-3711195315-3280567221-1000_Classes\CLSID\{88D969CA-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3583340597-3711195315-3280567221-1000_Classes\CLSID\{88D969D6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3583340597-3711195315-3280567221-1004_Classes\CLSID\{00B7E0AB-817A-44AD-A04B-D1148D524136}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3583340597-3711195315-3280567221-1004_Classes\CLSID\{092dfa86-5807-5a94-bf3b-5a53ba9e5308}\InprocServer32 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
CustomCLSID: HKU\S-1-5-21-3583340597-3711195315-3280567221-1004_Classes\CLSID\{7C6E29BC-8B8B-4C3D-859E-AF6CD158BE0F}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3583340597-3711195315-3280567221-1004_Classes\CLSID\{88D969C0-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3583340597-3711195315-3280567221-1004_Classes\CLSID\{88D969C1-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3583340597-3711195315-3280567221-1004_Classes\CLSID\{88D969C2-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3583340597-3711195315-3280567221-1004_Classes\CLSID\{88D969C3-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3583340597-3711195315-3280567221-1004_Classes\CLSID\{88D969C4-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3583340597-3711195315-3280567221-1004_Classes\CLSID\{88D969C5-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3583340597-3711195315-3280567221-1004_Classes\CLSID\{88D969C6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3583340597-3711195315-3280567221-1004_Classes\CLSID\{88D969C8-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3583340597-3711195315-3280567221-1004_Classes\CLSID\{88D969C9-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3583340597-3711195315-3280567221-1004_Classes\CLSID\{88D969CA-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3583340597-3711195315-3280567221-1004_Classes\CLSID\{88D969D6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)

==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0EC5E0AF-5171-4552-AC4C-B40FD290392E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-06] (Adobe Systems Incorporated)
Task: {28E3E120-F708-4D51-BB28-E0444E50EC7F} - System32\Tasks\AdobeAAMUpdater-1.0-FrankFietz-PC-Frank Fietz => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04] (Adobe Systems Incorporated)
Task: {3BF32D5F-901C-4797-8CEC-295ADA3405BE} - System32\Tasks\{85A37ED8-A04D-4F32-A77A-32A434CD18EC} => pcalua.exe -a "D:\Adobe Photoshop CS3\APSCS3_Extended_Patch\Step1cache.exe" -d "D:\Adobe Photoshop CS3\APSCS3_Extended_Patch"
Task: {6CDF68DD-224A-4120-9594-37709B761CE6} - System32\Tasks\Allplan AutoUpdate 2011 => C:\Program Files\Nemetschek\Allplan_2011\prg\LaunchAllplanAutoUpdate.exe [2010-10-15] (Nemetschek Allplan GmbH)
Task: {B2E5ADF3-20AD-4AD1-8220-E5B38462E25B} - System32\Tasks\{57185403-A297-4D3F-85A5-B6B7E8C9879C} => pcalua.exe -a D:\SETUP.EXE -d D:\
Task: {D5BA2945-F4B6-4D43-90F0-63BCEBF26BA2} - System32\Tasks\{CB7D25BE-35EA-42E7-A88B-6F670588F21B} => pcalua.exe -a "C:\Program Files\ORCA AVA\AVASTART.EXE"
Task: {F99186F4-3BD5-4E09-9ACD-3867FD228120} - System32\Tasks\WebContent AutoUpdate 2011 => C:\Program Files\Nemetschek\Allplan_2011\prg\NemDownloadHandler.exe [2010-10-15] (Nemetschek Allplan GmbH)
Task: {FD50F21D-51DF-4B60-9B7C-A23E9830A6E6} - System32\Tasks\{45E1E124-B5A7-4898-867E-396BA7C5FDE3} => pcalua.exe -a D:\Installationsanleitung.EXE -d D:\

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Allplan AutoUpdate 2011.job => C:\Program Files\Nemetschek\Allplan_2011\prg\LaunchAllplanAutoUpdate.exe
Task: C:\Windows\Tasks\WebContent AutoUpdate 2011.job => C:\Program Files\Nemetschek\Allplan_2011\prg\NemDownloadHandler.exe…/f C:\Daten\Nemetschek\Allplan_2011\Std\AllplanUpdate.inf /one http:/autoupdate.allplan.com/Updates/Allplan/MyPlan/WebContent.upd

==================== Loaded Modules (whitelisted) ==============

2010-06-06 02:15 - 2009-11-30 04:41 - 00060928 _____ () C:\Program Files\STMicroelectronics\Accelerometer\InstallFilterService.exe
2012-09-18 19:18 - 2012-08-02 12:41 - 00963488 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll
1999-07-23 07:59 - 1999-07-23 07:59 - 00036864 _____ () C:\Program Files\WS_FTP Pro\ftpstub.dll
1999-11-11 14:26 - 1999-11-11 14:26 - 00040960 _____ () C:\Program Files\WS_FTP Pro\nsftpch.dll
2010-06-06 02:15 - 2009-07-22 13:52 - 02384896 _____ () C:\Program Files\STMicroelectronics\Accelerometer\FF_Protection.exe
2009-10-20 15:12 - 2009-10-20 15:12 - 00132384 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2015-03-12 21:20 - 2015-03-12 21:21 - 02171392 _____ () C:\Users\Frank Fietz\Desktop\AdwCleaner_4.112.exe

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3583340597-3711195315-3280567221-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Frank Fietz\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-3583340597-3711195315-3280567221-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\Büro\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-3583340597-3711195315-3280567221-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 80.69.100.102 - 192.168.0.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Admin (S-1-5-21-3583340597-3711195315-3280567221-1004 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-3583340597-3711195315-3280567221-500 - Administrator - Disabled)
ASPNET (S-1-5-21-3583340597-3711195315-3280567221-1002 - Limited - Enabled)
Büro (S-1-5-21-3583340597-3711195315-3280567221-1003 - Limited - Enabled) => C:\Users\Büro
Frank Fietz (S-1-5-21-3583340597-3711195315-3280567221-1000 - Administrator - Enabled) => C:\Users\Frank Fietz
Gast (S-1-5-21-3583340597-3711195315-3280567221-501 - Limited - Disabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/12/2015 09:47:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: NkMC2.exe, Version: 2.1.1.3000, Zeitstempel: 0x52bd0b7c
Name des fehlerhaften Moduls: btmmhook.dll, Version: 6.2.1.900, Zeitstempel: 0x4adddff1
Ausnahmecode: 0x40000015
Fehleroffset: 0x00011958
ID des fehlerhaften Prozesses: 0x758
Startzeit der fehlerhaften Anwendung: 0xNkMC2.exe0
Pfad der fehlerhaften Anwendung: NkMC2.exe1
Pfad des fehlerhaften Moduls: NkMC2.exe2
Berichtskennung: NkMC2.exe3

Error: (03/12/2015 09:16:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: DllHost.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc6b7
Name des fehlerhaften Moduls: pdf32.dll, Version: 8.9.0.5, Zeitstempel: 0x50e53381
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0025e27f
ID des fehlerhaften Prozesses: 0x308
Startzeit der fehlerhaften Anwendung: 0xDllHost.exe0
Pfad der fehlerhaften Anwendung: DllHost.exe1
Pfad des fehlerhaften Moduls: DllHost.exe2
Berichtskennung: DllHost.exe3

Error: (03/12/2015 08:48:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: DllHost.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc6b7
Name des fehlerhaften Moduls: pdf32.dll, Version: 8.9.0.5, Zeitstempel: 0x50e53381
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0025e27f
ID des fehlerhaften Prozesses: 0x14e8
Startzeit der fehlerhaften Anwendung: 0xDllHost.exe0
Pfad der fehlerhaften Anwendung: DllHost.exe1
Pfad des fehlerhaften Moduls: DllHost.exe2
Berichtskennung: DllHost.exe3

Error: (03/12/2015 08:05:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: NkMC2.exe, Version: 2.1.1.3000, Zeitstempel: 0x52bd0b7c
Name des fehlerhaften Moduls: btmmhook.dll, Version: 6.2.1.900, Zeitstempel: 0x4adddff1
Ausnahmecode: 0x40000015
Fehleroffset: 0x00011958
ID des fehlerhaften Prozesses: 0x127c
Startzeit der fehlerhaften Anwendung: 0xNkMC2.exe0
Pfad der fehlerhaften Anwendung: NkMC2.exe1
Pfad des fehlerhaften Moduls: NkMC2.exe2
Berichtskennung: NkMC2.exe3

Error: (03/12/2015 07:04:53 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: DllHost.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc6b7
Name des fehlerhaften Moduls: pdf32.dll, Version: 8.9.0.5, Zeitstempel: 0x50e53381
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0025e27f
ID des fehlerhaften Prozesses: 0x1478
Startzeit der fehlerhaften Anwendung: 0xDllHost.exe0
Pfad der fehlerhaften Anwendung: DllHost.exe1
Pfad des fehlerhaften Moduls: DllHost.exe2
Berichtskennung: DllHost.exe3

Error: (03/12/2015 04:16:43 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (03/09/2015 09:16:14 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Allplan_2011.exe, Version 16.252.2841.1110 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: d2c

Startzeit: 01d05269194aaae6

Endzeit: 2527

Anwendungspfad: C:\Program Files\Nemetschek\Allplan_2011\Prg\Allplan_2011.exe

Berichts-ID: 448faf8a-c634-11e4-a574-c44619ee9b2b

Error: (03/02/2015 00:10:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: WINWORD.EXE, Version: 11.0.8411.0, Zeitstempel: 0x532a603f
Name des fehlerhaften Moduls: msoagent32.dll, Version: 8.0.3.4, Zeitstempel: 0x50e54333
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000662d9
ID des fehlerhaften Prozesses: 0x37c
Startzeit der fehlerhaften Anwendung: 0xWINWORD.EXE0
Pfad der fehlerhaften Anwendung: WINWORD.EXE1
Pfad des fehlerhaften Moduls: WINWORD.EXE2
Berichtskennung: WINWORD.EXE3

Error: (03/01/2015 05:47:27 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (02/27/2015 11:26:02 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".


System errors:
=============
Error: (03/12/2015 10:27:58 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (03/12/2015 08:57:16 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (03/12/2015 08:57:16 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (03/12/2015 08:52:22 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (03/12/2015 08:52:22 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (03/12/2015 08:03:41 PM) (Source: BTHUSB) (EventID: 17) (User: )
Description: Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen und wird nicht verwendet. Der Treiber wurde entladen.

Error: (03/12/2015 07:04:07 AM) (Source: BTHUSB) (EventID: 17) (User: )
Description: Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen und wird nicht verwendet. Der Treiber wurde entladen.

Error: (03/12/2015 03:39:12 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Schedule erreicht.

Error: (03/12/2015 03:39:12 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst eventlog erreicht.

Error: (03/12/2015 03:38:42 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst eventlog erreicht.


Microsoft Office Sessions:
=========================
Error: (03/12/2015 09:47:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: NkMC2.exe2.1.1.300052bd0b7cbtmmhook.dll6.2.1.9004adddff1400000150001195875801d05d016a4fc8d3C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exeC:\Program Files\WIDCOMM\Bluetooth Software\btmmhook.dllf1d4bef9-c8f8-11e4-b189-c44619ee9b2b

Error: (03/12/2015 09:16:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: DllHost.exe6.1.7600.163854a5bc6b7pdf32.dll8.9.0.550e53381c00000050025e27f30801d05d016efd1cfdC:\Windows\system32\DllHost.exeC:\Program Files\Freemium\Free PDF Perfect\pdf32.dllb41c5619-c8f4-11e4-b189-c44619ee9b2b

Error: (03/12/2015 08:48:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: DllHost.exe6.1.7600.163854a5bc6b7pdf32.dll8.9.0.550e53381c00000050025e27f14e801d05cfd7ac32070C:\Windows\system32\DllHost.exeC:\Program Files\Freemium\Free PDF Perfect\pdf32.dllbbc17692-c8f0-11e4-9efe-a4badbcc28cf

Error: (03/12/2015 08:05:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: NkMC2.exe2.1.1.300052bd0b7cbtmmhook.dll6.2.1.9004adddff14000001500011958127c01d05c8a6841f851C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exeC:\Program Files\WIDCOMM\Bluetooth Software\btmmhook.dllbcf28c81-c8ea-11e4-9efe-a4badbcc28cf

Error: (03/12/2015 07:04:53 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: DllHost.exe6.1.7600.163854a5bc6b7pdf32.dll8.9.0.550e53381c00000050025e27f147801d05c8a696de5b4C:\Windows\system32\DllHost.exeC:\Program Files\Freemium\Free PDF Perfect\pdf32.dllb28f0fe6-c87d-11e4-9efe-a4badbcc28cf

Error: (03/12/2015 04:16:43 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\HP\HP Photosmart 5520 series\DriverStore\Pipeline\amd64\hpinkinsB111.exe

Error: (03/09/2015 09:16:14 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Allplan_2011.exe16.252.2841.1110d2c01d05269194aaae62527C:\Program Files\Nemetschek\Allplan_2011\Prg\Allplan_2011.exe448faf8a-c634-11e4-a574-c44619ee9b2b

Error: (03/02/2015 00:10:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: WINWORD.EXE11.0.8411.0532a603fmsoagent32.dll8.0.3.450e54333c0000005000662d937c01d054d9792732a8C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXEC:\Program Files\Freemium\Free PDF Perfect\msoagent32.dllb99454d9-c0cc-11e4-a574-c44619ee9b2b

Error: (03/01/2015 05:47:27 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\HP\HP Photosmart 5520 series\DriverStore\Pipeline\amd64\hpinkinsB111.exe

Error: (02/27/2015 11:26:02 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\HP\HP Photosmart 5520 series\DriverStore\Pipeline\amd64\hpinkinsB111.exe


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5 CPU M 520 @ 2.40GHz
Percentage of memory in use: 45%
Total physical RAM: 3062.61 MB
Available physical RAM: 1672.01 MB
Total Pagefile: 6123.5 MB
Available Pagefile: 3960.6 MB
Total Virtual: 2047.88 MB
Available Virtual: 1889.75 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:451.07 GB) (Free:8.85 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 3876DA77)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=451.1 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
--- --- ---
__________________

Alt 13.03.2015, 12:35   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Wie werde ich die wizebar in Firefox wieder los? - Standard

Wie werde ich die wizebar in Firefox wieder los?



AdwCleaner nochmal, Funde auch löschen lassen.

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.



Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 14.03.2015, 13:44   #5
frankpaul
 
Wie werde ich die wizebar in Firefox wieder los? - Standard

Wie werde ich die wizebar in Firefox wieder los?



Hallo,

hier die JRT.txt:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.3 (03.01.2015:1)
OS: Windows 7 Professional x86
Ran by Frank Fietz on 14.03.2015 at 13:34:46,20
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted: [File] C:\Users\Frank Fietz\AppData\Roaming\mozilla\firefox\profiles\yjp2khet.default\extensions\toolbar_avira-v7@apn.ask.com.xpi
Emptied folder: C:\Users\Frank Fietz\AppData\Roaming\mozilla\firefox\profiles\yjp2khet.default\minidumps [367 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 14.03.2015 at 13:37:16,10
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




und die mbam.txt:

Malwarebytes Anti-Malware
Malwarebytes | Free Anti-Malware & Internet Security Software

Scan Date: 14.03.2015
Scan Time: 13:00:18
Logfile: mbam.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.03.14.02
Rootkit Database: v2015.02.25.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Frank Fietz

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 423912
Time Elapsed: 24 min, 59 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)




FRST.log folgt.

Gruß

Hier noch die FRST.log:
FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by Frank Fietz (administrator) on FRANKFIETZ-PC on 14-03-2015 13:41:59
Running from C:\Users\Frank Fietz\Desktop
Loaded Profiles: Frank Fietz &  (Available profiles: Frank Fietz & Büro & Admin)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_41f81f5ce017c35c\stacsv.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchService.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(DigitalPersona, Inc.) C:\Program Files\DigitalPersona\Bin\DpHostW.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_41f81f5ce017c35c\AEstSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Computer, Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
() C:\Program Files\STMicroelectronics\Accelerometer\InstallFilterService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
() C:\Program Files\STMicroelectronics\Accelerometer\FF_Protection.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Creative Technology Ltd) C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(DigitalPersona, Inc.) C:\Program Files\DigitalPersona\Bin\DpAgent.exe
(Microsoft) C:\dell\DBRM\Reminder\DbrmTrayicon.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
(Nikon Corporation) C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Acresso Software Inc.) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPNetworkCommunicator.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Thisisu) C:\Users\Frank Fietz\Desktop\JRT.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1602856 2010-01-07] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [495708 2010-01-05] (IDT, Inc.)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NVHotkey] => rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3853080 2009-12-18] (Dell Inc.)
HKLM\...\Run: [FreeFallProtection] => C:\Program Files\STMicroelectronics\Accelerometer\FF_Protection.exe [2384896 2009-07-22] ()
HKLM\...\Run: [PDVDDXSrv] => C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2009-12-29] (CyberLink Corp.)
HKLM\...\Run: [Dell Webcam Central] => C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd)
HKLM\...\Run: [DpAgent] => C:\Program Files\DigitalPersona\Bin\dpagent.exe [842816 2009-05-12] (DigitalPersona, Inc.)
HKLM\...\Run: [DBRMTray] => C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe [203776 2009-11-12] (Microsoft)
HKLM\...\Run: [NWEReboot] => [X]
HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [620152 2006-10-22] (Adobe Systems Inc.)
HKLM\...\Run: [Nikon Message Center 2] => C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe [570880 2013-12-27] (Nikon Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [SwitchBoard] => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS6ServiceManager] => C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [703280 2015-03-11] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [127792 2015-02-12] (Avira Operations GmbH & Co. KG)
HKLM\...\RunOnce: [DBRMTray] => C:\Dell\DBRM\Reminder\TrayApp.exe [7168 2010-02-04] (Microsoft)
HKU\S-1-5-21-3583340597-3711195315-3280567221-1000\...\Run: [msnmsgr] => C:\Program Files\Windows Live\Messenger\msnmsgr.exe [3883840 2009-07-26] (Microsoft Corporation)
HKU\S-1-5-21-3583340597-3711195315-3280567221-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3583340597-3711195315-3280567221-1000\...\Run: [HP Photosmart 5520 series (NET)] => C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe [1837672 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-3583340597-3711195315-3280567221-1000\...\MountPoints2: {9404f231-7b01-11df-b51e-c44619ee9b2b} - "F:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-3583340597-3711195315-3280567221-1000\...\MountPoints2: {abff56d5-7aae-11df-a400-a4badbcc28cf} - "E:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-3583340597-3711195315-3280567221-1000\...\MountPoints2: {faf7b043-70cc-11df-bd02-806e6f6e6963} - D:\setup.exe
HKU\S-1-5-21-3583340597-3711195315-3280567221-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\MountPoints2: {faf7b043-70cc-11df-bd02-806e6f6e6963} - D:\loomes.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2013-03-20] (Microsoft Corporation)
Lsa: [Notification Packages] scecli DPPWDFLT
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat - Schnellstart.lnk
ShortcutTarget: Adobe Acrobat - Schnellstart.lnk -> C:\Windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
ShortcutTarget: Adobe Reader Synchronizer.lnk -> C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3583340597-3711195315-3280567221-1000\Software\Microsoft\Internet Explorer\Main,Start Page = Google
HKU\S-1-5-21-3583340597-3711195315-3280567221-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USSMB/8
HKU\S-1-5-21-3583340597-3711195315-3280567221-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3583340597-3711195315-3280567221-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USSMB/8
SearchScopes: HKLM -> Backup.Old.DefaultScope {95ABE1F7-5A46-45DA-991F-33A173BAE842}
SearchScopes: HKLM -> {95ABE1F7-5A46-45DA-991F-33A173BAE842} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDS&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3583340597-3711195315-3280567221-1000 -> Backup.Old.DefaultScope {95ABE1F7-5A46-45DA-991F-33A173BAE842}
SearchScopes: HKU\S-1-5-21-3583340597-3711195315-3280567221-1000 -> {30F5AB16-9F1E-4E99-93F2-ECB9ABB0EC12} URL = 
SearchScopes: HKU\S-1-5-21-3583340597-3711195315-3280567221-1000 -> {95ABE1F7-5A46-45DA-991F-33A173BAE842} URL = 
SearchScopes: HKU\S-1-5-21-3583340597-3711195315-3280567221-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3583340597-3711195315-3280567221-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> {7C2B5568-686E-4B38-A2DB-925C15EC1081} URL = hxxp://www.google.de/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3583340597-3711195315-3280567221-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> {95ABE1F7-5A46-45DA-991F-33A173BAE842} URL = 
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO: DigitalPersona Fingerprint Software Extension -> {395610AE-C624-4f58-B89E-23733EA00F9A} -> C:\Program Files\DigitalPersona\Bin\DpOtsPluginIe8.dll [2009-05-12] (DigitalPersona, Inc.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2012-12-07] (Oracle Corporation)
BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22] (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2012-12-07] (Oracle Corporation)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22] (Adobe Systems Incorporated)
Toolbar: HKLM - Free PDF Perfect - {EFC2B9BE-AB2B-47F1-A47D-9EB28E58C917} - C:\Program Files\Freemium\Free PDF Perfect\ieagent32.dll [2013-08-14] (soft Xpansion)
Toolbar: HKU\S-1-5-21-3583340597-3711195315-3280567221-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKU\S-1-5-21-3583340597-3711195315-3280567221-1000 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-3583340597-3711195315-3280567221-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-3583340597-3711195315-3280567221-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-11-28] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Winsock: Catalog5 06 C:\Program Files\Bonjour\mdnsNSP.dll [94208] (Apple Computer, Inc.)
Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 20 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Tcpip\Parameters: [DhcpNameServer] 80.69.100.102 192.168.0.1
Tcpip\..\Interfaces\{85FC32D2-AC82-4B23-9895-F4110319D42E}: [NameServer] 192.168.254.254

FireFox:
========
FF ProfilePath: C:\Users\Frank Fietz\AppData\Roaming\Mozilla\Firefox\Profiles\yjp2khet.default
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-06] ()
FF Plugin: @java.com/DTPlugin,version=10.9.2 -> C:\Windows\system32\npDeployJava1.dll [2012-12-07] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.9.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2012-12-07] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin: @soft-xpansion/npsxpdf -> C:\Program Files\Common Files\Freemium\np-sxpdf.dll [2013-08-14] (soft-Xpansion)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-05-23] (Wacom)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-05-08] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3583340597-3711195315-3280567221-1000: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-05-23] (Wacom)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL [2007-03-22] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-05-08] (Adobe Systems Inc.)
FF Extension: Ghostery - C:\Users\Frank Fietz\AppData\Roaming\Mozilla\Firefox\Profiles\yjp2khet.default\Extensions\firefox@ghostery.com.xpi [2014-02-08]
FF HKLM\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files\DigitalPersona\Bin\FirefoxExt
FF Extension: DigitalPersona Extension - C:\Program Files\DigitalPersona\Bin\FirefoxExt [2010-06-06]
FF HKLM\...\Firefox\Extensions: [{B45418F9-6406-4828-9D1A-35313FB1E2D6}] - C:\ProgramData\Freemium\Free PDF Perfect\Data\fftb
FF Extension: Free PDF Perfect - C:\ProgramData\Freemium\Free PDF Perfect\Data\fftb [2013-08-14]
FF HKLM\...\Thunderbird\Extensions: [{B45418F9-6406-4828-9D1A-35313FB1E2D6}] - C:\ProgramData\Freemium\Free PDF Perfect\Data\fftb
FF HKU\S-1-5-21-3583340597-3711195315-3280567221-1000\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files\DigitalPersona\Bin\firefoxext
FF HKU\S-1-5-21-3583340597-3711195315-3280567221-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
FF HKU\S-1-5-21-3583340597-3711195315-3280567221-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files\DigitalPersona\Bin\firefoxext
FF Extension: No Name - C:\Users\Frank Fietz\AppData\Roaming\Mozilla\Firefox\Profiles\yjp2khet.default\extensions\ffxtlbr@searchya.com [Not Found]
FF Extension: No Name - C:\Users\Frank Fietz\AppData\Roaming\Mozilla\Firefox\Profiles\yjp2khet.default\extensions\{5ebdca98-43b3-45bb-87e0-716029fb42ab}.xpi [Not Found]

Chrome: 
=======
CHR Profile: C:\Users\Frank Fietz\AppData\Local\Google\Chrome\User Data\Default
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [432888 2015-03-11] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [432888 2015-03-11] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [992504 2015-03-11] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [184056 2015-02-12] (Avira Operations GmbH & Co. KG)
R2 Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed]
R2 DpHost; C:\Program Files\DigitalPersona\Bin\DpHostW.exe [322624 2009-05-12] (DigitalPersona, Inc.) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 InstallFilterService; C:\Program Files\STMicroelectronics\Accelerometer\InstallFilterService.exe [60928 2009-11-30] () [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_41f81f5ce017c35c\STacSV.exe [229458 2010-01-05] (IDT, Inc.)
S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 SXDS10; C:\Program Files\Common Files\soft Xpansion\sxds10.exe [234096 2013-08-14] (soft Xpansion)
R2 TabletServiceWacom; C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe [7470496 2012-08-02] (Wacom Technology, Corp.)
R2 TouchServiceWacom; C:\Program Files\Tablet\Wacom\Wacom_TouchService.exe [481696 2012-08-02] (Wacom Technology, Corp.)
R2 vcsFPService; C:\Windows\system32\vcsFPService.exe [1656112 2009-07-13] (Validity Sensors, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 Acceler; C:\Windows\System32\DRIVERS\Acceler.sys [41648 2009-12-02] (ST Microelectronics)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105864 2015-03-11] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2015-03-11] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-27] (Avira Operations GmbH & Co. KG)
S3 hidkmdf; C:\Windows\System32\DRIVERS\hidkmdf.sys [11680 2012-06-21] (Windows (R) Win 7 DDK provider)
R2 risdpcie; C:\Windows\System32\DRIVERS\risdpe86.sys [49152 2009-06-30] (REDC)
R2 rixdpcie; C:\Windows\System32\DRIVERS\rixdpe86.sys [38400 2009-07-04] (REDC)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-08-11] (Avira GmbH)
S3 WacHidRouter; C:\Windows\System32\DRIVERS\wachidrouter.sys [57760 2012-06-21] (Wacom Technology)
S3 wacomrouterfilter; C:\Windows\System32\DRIVERS\wacomrouterfilter.sys [13688 2012-05-22] (Wacom Technology)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-14 13:37 - 2015-03-14 13:37 - 00001214 _____ () C:\Users\Frank Fietz\Desktop\JRT.txt
2015-03-14 13:34 - 2015-03-14 13:34 - 01388333 _____ (Thisisu) C:\Users\Frank Fietz\Desktop\JRT.exe
2015-03-14 13:27 - 2015-03-14 13:27 - 00001062 _____ () C:\Users\Frank Fietz\Desktop\mbam.txt
2015-03-14 12:58 - 2015-03-14 12:58 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-14 12:57 - 2015-03-14 12:57 - 00001066 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-03-14 12:57 - 2015-03-14 12:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-03-14 12:57 - 2015-03-14 12:57 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-14 12:57 - 2015-03-14 12:57 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2015-03-14 12:57 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-14 12:57 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-14 12:57 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-14 12:55 - 2015-03-14 12:56 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Frank Fietz\Downloads\mbam-setup-2.0.4.1028.exe
2015-03-12 23:05 - 2015-03-12 23:06 - 00034265 _____ () C:\Users\Frank Fietz\Desktop\Addition.txt
2015-03-12 23:04 - 2015-03-14 13:42 - 00000000 ____D () C:\FRST
2015-03-12 23:04 - 2015-03-14 13:41 - 00023643 _____ () C:\Users\Frank Fietz\Desktop\FRST.txt
2015-03-12 23:03 - 2015-03-12 23:03 - 01135104 _____ (Farbar) C:\Users\Frank Fietz\Desktop\FRST.exe
2015-03-12 22:52 - 2015-03-12 22:52 - 00017517 _____ () C:\Users\Frank Fietz\Desktop\get-mirror-server.htm
2015-03-12 21:21 - 2015-03-14 12:51 - 00000000 ____D () C:\AdwCleaner
2015-03-12 21:20 - 2015-03-12 21:21 - 02171392 _____ () C:\Users\Frank Fietz\Desktop\AdwCleaner_4.112.exe
2015-03-12 21:11 - 2015-03-12 21:11 - 00001123 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-03-12 21:11 - 2015-03-12 21:11 - 00001111 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-03-12 21:11 - 2015-03-12 21:11 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-03-12 21:05 - 2015-03-12 21:05 - 00243528 _____ () C:\Users\Frank Fietz\Downloads\Firefox Setup Stub 36.0.1.exe
2015-03-12 20:57 - 2015-03-12 20:57 - 40824144 _____ () C:\Users\Admin\Downloads\Firefox_Setup_36.0.1.exe
2015-03-11 14:57 - 2015-02-26 04:11 - 02381312 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-11 14:57 - 2015-02-24 03:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-11 14:57 - 2015-02-21 01:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-11 14:57 - 2015-02-21 01:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-11 14:57 - 2015-02-21 01:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-11 14:57 - 2015-02-21 01:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-11 14:57 - 2015-02-21 00:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-11 14:57 - 2015-02-20 03:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-11 14:57 - 2015-02-20 03:22 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-11 14:57 - 2015-02-20 03:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-11 14:57 - 2015-02-20 03:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-11 14:57 - 2015-02-20 03:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-11 14:57 - 2015-02-20 03:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-11 14:57 - 2015-02-20 03:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-11 14:57 - 2015-02-20 03:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-11 14:57 - 2015-02-20 03:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-11 14:57 - 2015-02-20 02:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-11 14:57 - 2015-02-20 02:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-11 14:57 - 2015-02-20 02:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-11 14:57 - 2015-02-20 02:56 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-11 14:57 - 2015-02-20 02:50 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-11 14:57 - 2015-02-20 02:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-11 14:57 - 2015-02-20 02:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-11 14:57 - 2015-02-20 02:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-11 14:57 - 2015-02-20 02:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-11 14:57 - 2015-02-20 02:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-11 14:57 - 2015-02-20 02:24 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-11 14:57 - 2015-02-20 02:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-11 14:57 - 2015-02-20 02:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-11 14:57 - 2015-02-20 01:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-11 14:57 - 2015-02-20 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-11 14:57 - 2015-02-13 06:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-11 14:57 - 2015-02-03 04:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-11 14:57 - 2015-01-17 03:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-11 14:56 - 2015-03-06 06:15 - 00137656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-11 14:56 - 2015-03-06 06:15 - 00067512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-11 14:56 - 2015-03-06 06:10 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-11 14:56 - 2015-03-06 06:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-11 14:56 - 2015-03-06 06:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-11 14:56 - 2015-03-06 06:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-11 14:56 - 2015-03-06 06:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-11 14:56 - 2015-03-06 06:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-11 14:56 - 2015-03-06 06:10 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-11 14:56 - 2015-03-06 06:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-11 14:56 - 2015-03-06 06:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-11 14:56 - 2015-03-06 06:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-11 14:56 - 2015-03-06 06:10 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-11 14:56 - 2015-03-06 06:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-11 14:56 - 2015-03-06 06:09 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-11 14:56 - 2015-03-06 06:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-11 14:56 - 2015-03-06 06:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-11 14:56 - 2015-03-06 06:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-11 14:56 - 2015-02-20 05:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-11 14:56 - 2015-02-20 05:13 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-11 14:56 - 2015-02-20 05:13 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-11 14:56 - 2015-02-20 05:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-11 14:56 - 2015-02-20 04:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-11 14:56 - 2015-02-04 03:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-11 14:56 - 2015-02-03 04:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-03-11 14:56 - 2015-02-03 04:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-11 14:56 - 2015-02-03 04:16 - 00078784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-11 14:56 - 2015-02-03 04:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-11 14:56 - 2015-02-03 04:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-11 14:56 - 2015-02-03 04:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-11 14:56 - 2015-02-03 04:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-11 14:56 - 2015-02-03 04:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-11 14:56 - 2015-02-03 04:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-11 14:56 - 2015-02-03 04:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-11 14:56 - 2015-02-03 04:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-11 14:56 - 2015-02-03 04:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-11 14:56 - 2015-02-03 04:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-11 14:56 - 2015-02-03 04:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-11 14:56 - 2015-02-03 04:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-11 14:56 - 2015-02-03 04:12 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-11 14:56 - 2015-02-03 04:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-11 14:56 - 2015-02-03 04:00 - 00593920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-11 14:56 - 2015-01-31 00:56 - 00370488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-11 14:56 - 2014-06-28 01:21 - 00455752 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-03-11 14:55 - 2015-02-03 04:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-11 14:55 - 2015-02-03 04:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-11 14:55 - 2015-02-03 04:12 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-11 14:55 - 2015-02-03 04:12 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-11 14:55 - 2015-02-03 04:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-11 14:55 - 2015-02-03 04:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-11 14:55 - 2015-02-03 04:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-11 14:55 - 2015-02-03 04:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-11 14:55 - 2015-02-03 04:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-11 14:55 - 2015-02-03 04:12 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-11 14:55 - 2015-02-03 04:11 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-11 14:55 - 2015-02-03 04:11 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-11 14:55 - 2015-02-03 04:11 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-11 14:55 - 2014-10-31 23:22 - 00521384 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-11 14:55 - 2014-06-28 01:21 - 00409272 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-03-11 14:29 - 2015-02-03 04:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-11 14:29 - 2015-02-03 04:12 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-11 14:29 - 2015-02-03 04:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-11 14:29 - 2015-02-03 04:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-11 14:29 - 2015-02-03 04:12 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-11 14:29 - 2015-02-03 04:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-11 14:29 - 2015-02-03 04:12 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-11 14:29 - 2015-02-03 04:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-11 14:29 - 2015-02-03 04:12 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-11 14:29 - 2015-02-03 04:12 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-11 14:29 - 2015-02-03 04:12 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-11 14:29 - 2015-02-03 04:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-03-11 14:29 - 2015-02-03 04:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-03-11 14:29 - 2015-02-03 04:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-03-11 14:29 - 2015-02-03 04:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-11 14:29 - 2015-02-03 04:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-11 14:29 - 2015-02-03 04:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-11 14:29 - 2015-02-03 04:11 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-11 14:29 - 2015-02-03 04:11 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-11 14:29 - 2015-02-03 04:11 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-11 14:29 - 2015-02-03 04:10 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-11 14:29 - 2015-02-03 04:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-11 14:29 - 2015-02-03 04:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-11 14:29 - 2015-02-03 03:26 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-02-25 03:02 - 2015-01-09 00:44 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-02-18 20:51 - 2015-03-12 07:07 - 00000000 ____D () C:\Windows\rescache
2015-02-16 21:57 - 2015-02-16 22:00 - 00000022 _____ () C:\Users\Frank Fietz\Downloads\Details.zip

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-14 13:38 - 2012-05-25 23:25 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-14 13:37 - 2009-07-14 05:34 - 00025424 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-14 13:37 - 2009-07-14 05:34 - 00025424 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-14 13:31 - 2011-05-21 14:36 - 00000000 ____D () C:\Users\Frank Fietz\Tracing
2015-03-14 13:29 - 2010-06-05 19:06 - 00243492 _____ () C:\Windows\PFRO.log
2015-03-14 13:29 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-14 13:29 - 2009-07-14 05:39 - 00117964 _____ () C:\Windows\setupact.log
2015-03-14 13:28 - 2009-07-14 05:55 - 01423616 _____ () C:\Windows\WindowsUpdate.log
2015-03-14 13:27 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\tracing
2015-03-14 13:06 - 2015-01-16 10:06 - 00000402 _____ () C:\Windows\Tasks\Allplan AutoUpdate 2011.job
2015-03-14 12:59 - 2015-01-16 10:06 - 00000658 _____ () C:\Windows\Tasks\WebContent AutoUpdate 2011.job
2015-03-13 06:53 - 2010-06-17 19:17 - 00000000 ____D () C:\Users\Frank Fietz\AppData\Local\Adobe
2015-03-12 21:11 - 2015-01-26 21:26 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-03-12 03:33 - 2009-07-14 05:33 - 04004056 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-12 03:29 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE
2015-03-12 03:13 - 2015-01-09 12:59 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-12 03:05 - 2015-01-09 12:58 - 119837696 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-11 14:08 - 2013-08-11 08:29 - 00037896 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-03-11 14:08 - 2013-08-11 08:27 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-03-11 14:08 - 2013-08-11 08:27 - 00105864 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-03-09 09:32 - 2010-06-17 19:17 - 00000000 ____D () C:\Users\Frank Fietz\Desktop\EFH Harnackstraße 40
2015-03-05 21:23 - 2013-08-14 19:38 - 00000000 ____D () C:\ProgramData\Package Cache
2015-03-05 21:22 - 2013-08-11 08:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-03-05 21:22 - 2013-08-11 08:27 - 00000000 ____D () C:\Program Files\Avira
2015-02-28 13:47 - 2011-10-14 20:41 - 00000020 ____H () C:\ProgramData\PKP_DLet.DAT
2015-02-24 21:21 - 2011-10-21 17:01 - 00000020 ____H () C:\ProgramData\PKP_DLbx.DAT
2015-02-24 03:23 - 2010-08-15 13:58 - 00246920 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-02-12 19:32 - 2014-12-10 03:19 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-12 19:32 - 2014-05-01 02:02 - 00000000 ___SD () C:\Windows\system32\CompatTel

==================== Files in the root of some directories =======

2015-01-26 12:49 - 2015-01-26 12:49 - 0007218 _____ () C:\Users\Frank Fietz\AppData\Roaming\ContactSheetII.log
2010-06-18 23:45 - 2012-02-06 21:36 - 0000000 _____ () C:\Users\Frank Fietz\AppData\Roaming\Dictionaries
2011-10-14 20:41 - 2011-10-14 20:41 - 0000268 ___RH () C:\Users\Frank Fietz\AppData\Roaming\Displays
2011-10-14 20:41 - 2011-10-14 20:41 - 0000268 ___RH () C:\Users\Frank Fietz\AppData\Roaming\Distortion
2011-10-14 20:41 - 2011-10-14 20:41 - 0000268 ___RH () C:\Users\Frank Fietz\AppData\Roaming\Documentation
2012-08-10 17:41 - 2012-12-14 22:10 - 0000268 ___RH () C:\Users\Frank Fietz\AppData\Roaming\Equalizer
2011-10-21 17:06 - 2011-10-21 17:06 - 0000268 ___RH () C:\Users\Frank Fietz\AppData\Roaming\Jazz Kit
2015-01-26 12:49 - 2015-01-26 12:49 - 0000725 _____ () C:\Users\Frank Fietz\AppData\Roaming\Kontaktabzug II.xml
2012-09-26 20:44 - 2012-12-20 21:58 - 0001456 _____ () C:\Users\Frank Fietz\AppData\Local\Adobe Für Web speichern 13.0 Prefs
2012-07-30 19:56 - 2012-07-30 19:56 - 0384835 _____ () C:\Users\Frank Fietz\AppData\Local\speeddial.crx
2015-01-17 22:44 - 2015-01-17 22:44 - 0000057 _____ () C:\ProgramData\Ament.ini
2014-09-03 20:01 - 2014-09-03 20:01 - 0000000 _____ () C:\ProgramData\CustomDataViews
2014-09-03 20:01 - 2014-09-03 20:01 - 0000000 _____ () C:\ProgramData\Digital Light
2011-10-14 20:41 - 2011-10-14 20:41 - 0000268 ___RH () C:\ProgramData\Drum Kits
2011-10-14 20:41 - 2011-10-14 20:41 - 0000268 ___RH () C:\ProgramData\Drums
2011-10-14 20:41 - 2011-10-14 20:41 - 0000268 ___RH () C:\ProgramData\Dynamic Library
2011-10-14 20:41 - 2012-12-14 22:10 - 0000268 ___RH () C:\ProgramData\External Build System
2011-10-14 20:41 - 2011-10-14 20:41 - 0000012 ___RH () C:\ProgramData\Filesystems
2011-10-14 20:41 - 2011-10-14 20:41 - 0000012 ___RH () C:\ProgramData\Filters
2012-08-10 17:41 - 2012-12-14 22:10 - 0000012 ___RH () C:\ProgramData\Guitars
2011-10-21 17:06 - 2011-10-21 17:06 - 0000268 ___RH () C:\ProgramData\Keychains
2011-10-21 17:01 - 2015-02-24 21:21 - 0000020 ____H () C:\ProgramData\PKP_DLbx.DAT
2011-10-21 17:08 - 2014-09-03 20:01 - 0000000 ____H () C:\ProgramData\PKP_DLdu.DAT
2010-06-18 23:45 - 2012-02-06 21:36 - 0000000 ____H () C:\ProgramData\PKP_DLdw.DAT
2012-08-10 17:41 - 2012-12-14 22:10 - 0000020 ____H () C:\ProgramData\PKP_DLeo.DAT
2011-10-14 20:41 - 2014-08-17 20:04 - 0000020 ____H () C:\ProgramData\PKP_DLes.DAT
2011-10-14 20:41 - 2015-02-28 13:47 - 0000020 ____H () C:\ProgramData\PKP_DLet.DAT
2011-10-14 20:41 - 2011-10-14 20:41 - 0000020 ____H () C:\ProgramData\PKP_DLev.DAT
2011-10-21 17:06 - 2011-10-21 17:06 - 0000012 ___RH () C:\ProgramData\Spacious

Some content of TEMP:
====================
C:\Users\Admin\AppData\Local\Temp\avgnt.exe
C:\Users\Büro\AppData\Local\Temp\AskSLib.dll
C:\Users\Büro\AppData\Local\Temp\avgnt.exe
C:\Users\Frank Fietz\AppData\Local\Temp\AskSLib.dll
C:\Users\Frank Fietz\AppData\Local\Temp\atl80.dll
C:\Users\Frank Fietz\AppData\Local\Temp\avgnt.exe
C:\Users\Frank Fietz\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\Frank Fietz\AppData\Local\Temp\mfc80.dll
C:\Users\Frank Fietz\AppData\Local\Temp\mfc80u.dll
C:\Users\Frank Fietz\AppData\Local\Temp\mfcm80.dll
C:\Users\Frank Fietz\AppData\Local\Temp\mfcm80u.dll
C:\Users\Frank Fietz\AppData\Local\Temp\msvcm80.dll
C:\Users\Frank Fietz\AppData\Local\Temp\msvcp80.dll
C:\Users\Frank Fietz\AppData\Local\Temp\msvcr80.dll
C:\Users\Frank Fietz\AppData\Local\Temp\ose00000.exe
C:\Users\Frank Fietz\AppData\Local\Temp\ose00001.exe
C:\Users\Frank Fietz\AppData\Local\Temp\ose00002.exe
C:\Users\Frank Fietz\AppData\Local\Temp\ose00003.exe
C:\Users\Frank Fietz\AppData\Local\Temp\Quarantine.exe
C:\Users\Frank Fietz\AppData\Local\Temp\Setup-Wacom.exe
C:\Users\Frank Fietz\AppData\Local\Temp\sqlite3.dll
C:\Users\Frank Fietz\AppData\Local\Temp\TmDbg32.dll
C:\Users\Frank Fietz\AppData\Local\Temp\UninstManager.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-12 04:14

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Alt 14.03.2015, 18:07   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Wie werde ich die wizebar in Firefox wieder los? - Standard

Wie werde ich die wizebar in Firefox wieder los?




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
--> Wie werde ich die wizebar in Firefox wieder los?

Alt 15.03.2015, 17:49   #7
frankpaul
 
Wie werde ich die wizebar in Firefox wieder los? - Standard

Wie werde ich die wizebar in Firefox wieder los?



Hallo,

die wizebar ist schon weg.- schonmal großes Dankeschön dafür.

Muss ich die neuen Schritte auch noch machen ?

Gruß, Frank

Alt 16.03.2015, 08:42   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Wie werde ich die wizebar in Firefox wieder los? - Standard

Wie werde ich die wizebar in Firefox wieder los?



als Kontrollscans, ja
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 16.03.2015, 21:52   #9
frankpaul
 
Wie werde ich die wizebar in Firefox wieder los? - Standard

Wie werde ich die wizebar in Firefox wieder los?



Jetzt muss ich mal eine ganz doofe Frage stellen:
Wie/ Wo deaktiviere ich mein AVIRA und meine Firewall (Windows) ?

ich weiß;- peinlich

Alt 17.03.2015, 10:05   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Wie werde ich die wizebar in Firefox wieder los? - Standard

Wie werde ich die wizebar in Firefox wieder los?



Firewall kann an bleiben. Avira Rechtsklick auf den Schirm
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Wie werde ich die wizebar in Firefox wieder los?
appdata, bericht, bildschirm, browser, dateien, desktop, explorer, file, firefox, frage, google, helper, internet, internet explorer, laptop, log, log file, microsoft, mozilla, ordner, roaming, sekunden, server, temp, windows, wizebar firefox




Ähnliche Themen: Wie werde ich die wizebar in Firefox wieder los?


  1. Spyhunter - wie werde ich ihn wieder los
    Log-Analyse und Auswertung - 03.06.2015 (19)
  2. sm.de - Wie werde ich das wieder los?
    Lob, Kritik und Wünsche - 06.05.2015 (1)
  3. sm.de - wie werde ich das wieder los?
    Plagegeister aller Art und deren Bekämpfung - 05.05.2015 (36)
  4. wie werde ich dreamsupport.us wieder los?
    Plagegeister aller Art und deren Bekämpfung - 05.08.2014 (7)
  5. Wie werde ich Download Protect 2.2.4 (Add on bei Firefox) wieder los?
    Plagegeister aller Art und deren Bekämpfung - 17.07.2014 (13)
  6. SoftwareUpdater.UI.exe --- wie werde ich es wieder los?
    Plagegeister aller Art und deren Bekämpfung - 29.08.2013 (7)
  7. Wie werde ich Iminent wieder los?
    Plagegeister aller Art und deren Bekämpfung - 24.08.2013 (27)
  8. SoftwareUpdater.ui.exe? wie werde ich das wieder los?
    Plagegeister aller Art und deren Bekämpfung - 24.07.2013 (13)
  9. Wizebar, PUP.Blabbers
    Plagegeister aller Art und deren Bekämpfung - 22.02.2013 (7)
  10. Bundespolizei-Trojaner,Wizebar Popup, Phising Alarm
    Plagegeister aller Art und deren Bekämpfung - 25.11.2012 (14)
  11. Popup von Wizebar bei jedem Firefoxstart
    Plagegeister aller Art und deren Bekämpfung - 18.10.2012 (14)
  12. Wie werde ich GVU Trojaner wieder los???
    Plagegeister aller Art und deren Bekämpfung - 05.10.2012 (2)
  13. Akm-Virus! Wie werde ich den wieder los?
    Log-Analyse und Auswertung - 07.09.2012 (5)
  14. Wie werde ich den wieder los ?
    Log-Analyse und Auswertung - 03.09.2008 (27)
  15. Wie werde ich den da ->BDS/Agent.bxt, wieder los??
    Plagegeister aller Art und deren Bekämpfung - 05.10.2007 (4)
  16. Trojaner? Wie werde ich das wieder los?
    Plagegeister aller Art und deren Bekämpfung - 04.10.2007 (6)
  17. Wie werde ich den Müll wieder los?
    Plagegeister aller Art und deren Bekämpfung - 18.02.2006 (1)

Zum Thema Wie werde ich die wizebar in Firefox wieder los? - Hallo, ich habe mir irgendwie eine wizebar eingefangen, die jedesmal aufpopt, wenn ich Firefox starte. Da ich aktuell nicht installiert habe, ist es mir völlig schleierhaft, wie ich mir das - Wie werde ich die wizebar in Firefox wieder los?...
Archiv
Du betrachtest: Wie werde ich die wizebar in Firefox wieder los? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.