Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Chrome Virus "gighmmpiobklfepjocnamgkkbiglidom"

Chrome Virus "gighmmpiobklfepjocnamgkkbiglidom"


Log-Analyse und Auswertung: Chrome Virus "gighmmpiobklfepjocnamgkkbiglidom"

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 26.04.2015, 12:12   #1
BanRi
 
Chrome Virus "gighmmpiobklfepjocnamgkkbiglidom" - Standard

Chrome Virus "gighmmpiobklfepjocnamgkkbiglidom"


Hallo zusammen,

und zwar wende ich mich an euch da ich mir vermutlich einen Virus eingefangen habe.
(Ich nenne es jetzt einfach mal Virus! ob es einer ist weiß ich natürlich nicht)
ADWcleaner meldet immer folgendes, was sich leider auch nicht löschen lässt.

Code:
ATTFilter
# AdwCleaner v4.202 - Bericht erstellt 26/04/2015 um 13:08:30
# Aktualisiert 23/04/2015 von Xplode
# Datenbank : 2015-04-23.2 [Server]
# Betriebssystem : Windows 8.1 Pro  (x64)
# Benutzername : s - HOME
# Gestarted von : C:\Users\s\Desktop\adwcleaner_4.202.exe
# Option : Suchlauf

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Datei Gefunden : C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flliilndjeohchalpbbcdekjklbdgfkk
Datei Gefunden : C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gighmmpiobklfepjocnamgkkbiglidom_0.localstorage
Datei Gefunden : C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gighmmpiobklfepjocnamgkkbiglidom_0.localstorage-journal
Datei Gefunden : C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
Datei Gefunden : C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal
Ordner Gefunden : C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom

***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Mozilla Firefox v


-\\ Google Chrome v42.0.2311.90

[C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Gefunden [Extension] : gighmmpiobklfepjocnamgkkbiglidom

*************************

AdwCleaner[R0].txt - [3641 Bytes] - [16/04/2015 21:04:57]
AdwCleaner[R10].txt - [2120 Bytes] - [21/04/2015 08:54:42]
AdwCleaner[R11].txt - [2753 Bytes] - [25/04/2015 12:03:57]
AdwCleaner[R12].txt - [2872 Bytes] - [26/04/2015 12:37:42]
AdwCleaner[R13].txt - [2932 Bytes] - [26/04/2015 12:49:13]
AdwCleaner[R14].txt - [1908 Bytes] - [26/04/2015 13:08:30]
AdwCleaner[R1].txt - [1133 Bytes] - [16/04/2015 21:07:43]
AdwCleaner[R2].txt - [1017 Bytes] - [16/04/2015 21:10:27]
AdwCleaner[R3].txt - [2097 Bytes] - [19/04/2015 22:29:57]
AdwCleaner[R4].txt - [1793 Bytes] - [19/04/2015 22:32:34]
AdwCleaner[R5].txt - [1665 Bytes] - [19/04/2015 22:35:12]
AdwCleaner[R6].txt - [1725 Bytes] - [19/04/2015 23:29:26]
AdwCleaner[R7].txt - [2088 Bytes] - [19/04/2015 23:31:20]
AdwCleaner[R8].txt - [2133 Bytes] - [20/04/2015 10:26:30]
AdwCleaner[R9].txt - [1801 Bytes] - [20/04/2015 13:58:09]
AdwCleaner[S0].txt - [3370 Bytes] - [16/04/2015 21:05:53]
AdwCleaner[S1].txt - [1193 Bytes] - [16/04/2015 21:08:43]
AdwCleaner[S2].txt - [2156 Bytes] - [19/04/2015 22:30:58]
AdwCleaner[S3].txt - [1852 Bytes] - [19/04/2015 22:33:56]
AdwCleaner[S4].txt - [1784 Bytes] - [19/04/2015 23:30:09]
AdwCleaner[S5].txt - [2192 Bytes] - [20/04/2015 10:27:31]
AdwCleaner[S6].txt - [2811 Bytes] - [25/04/2015 12:05:04]

########## EOF - C:\AdwCleaner\AdwCleaner[R14].txt - [2912 Bytes] ##########
Ich hoffe ihr könnt mir helfen?

Viele Grüße

Alt 26.04.2015, 12:27   #2
M-K-D-B
/// TB-Ausbilder
 
Chrome Virus "gighmmpiobklfepjocnamgkkbiglidom" - Standard

Chrome Virus "gighmmpiobklfepjocnamgkkbiglidom"





Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.


Bitte beachte folgende Hinweise:
  • Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.
  • Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
  • Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo. Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
  • Während der Bereinigung bitte nichts installieren oder deinstallieren, außer ich bitte dich darum!
  • Bitte beachten: Download bei filepony.de: So ladet Ihr unsere Tools richtig!
  • Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!


Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:
So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke aauf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Danke für deine Mitarbeit!




Zur ersten Analyse bitte FRST ausführen:

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________
Alt 26.04.2015, 12:39   #3
BanRi
 
Chrome Virus "gighmmpiobklfepjocnamgkkbiglidom" - Standard

Chrome Virus "gighmmpiobklfepjocnamgkkbiglidom"


vielen Dank für die schnelle Antwort.
Hier der Log

FRST.txt

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-04-2015
Ran by s (administrator) on HOME on 26-04-2015 13:29:31
Running from C:\Users\s\Desktop
Loaded Profiles: s &  (Available profiles: s & DefaultAppPool)
Platform: Windows 8.1 Pro (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\inetinfo.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\System32\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\mqtgsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(ROCCAT GmbH Co., Ltd.) C:\Program Files (x86)\ROCCAT\Roccat Talk\Roccat Talk.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(ROCCAT GmbH) C:\Program Files (x86)\ROCCAT\Kone XTD Mouse\KoneXTDMonitor.exe
() C:\Program Files (x86)\Avanquest\PDF Experte 9 Ultimate\vspdfprsrv.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [8290584 2013-08-01] (Logitech Inc.)
HKLM\...\Run: [MsmqIntCert] => "C:\WINDOWS\System32\regsvr32.exe" /s "C:\WINDOWS\System32\mqrt.dll"
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2673296 2015-03-28] (NVIDIA Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [726320 2015-03-31] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [RoccatKoneXTD] => C:\Program Files (x86)\ROCCAT\Kone XTD Mouse\KoneXTDMonitor.EXE [552960 2013-10-25] (ROCCAT GmbH)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [vspdfprsrv.exe] => C:\Program Files (x86)\Avanquest\PDF Experte 9 Ultimate\vspdfprsrv.exe [7012352 2013-05-15] ()
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [AviraSpeedup] => "C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup_internetsecuritysuite.exe" -autorun
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [AviraSpeedup] => "C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup_internetsecuritysuite.exe" -autorun
HKU\S-1-5-21-3594826973-1388458410-1933748121-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [26232152 2015-02-19] (Google)
HKU\S-1-5-21-3594826973-1388458410-1933748121-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3594826973-1388458410-1933748121-1001\...\Run: [SansaDispatch] => C:\Users\s\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe [1465616 2015-01-23] (SanDisk Corporation)
HKU\S-1-5-21-3594826973-1388458410-1933748121-1001\...\RunOnce: [Adobe Speed Launcher] => 1430043865
HKU\S-1-5-21-3594826973-1388458410-1933748121-1001\...\MountPoints2: {89c02c83-e392-11e4-bf71-d72739493a21} - "F:\setup.exe" 
HKU\S-1-5-21-3594826973-1388458410-1933748121-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [26232152 2015-02-19] (Google)
HKU\S-1-5-21-3594826973-1388458410-1933748121-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3594826973-1388458410-1933748121-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [SansaDispatch] => C:\Users\s\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe [1465616 2015-01-23] (SanDisk Corporation)
HKU\S-1-5-21-3594826973-1388458410-1933748121-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {89c02c83-e392-11e4-bf71-d72739493a21} - "F:\setup.exe" 
HKU\S-1-5-21-3594826973-1388458410-1933748121-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [26232152 2015-02-19] (Google)
HKU\S-1-5-21-3594826973-1388458410-1933748121-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3594826973-1388458410-1933748121-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [SansaDispatch] => C:\Users\s\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe [1465616 2015-01-23] (SanDisk Corporation)
HKU\S-1-5-21-3594826973-1388458410-1933748121-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\RunOnce: [Adobe Speed Launcher] => 1430043865
HKU\S-1-5-21-3594826973-1388458410-1933748121-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\MountPoints2: {89c02c83-e392-11e4-bf71-d72739493a21} - "F:\setup.exe" 
HKU\S-1-5-18\...\Run: [AviraSpeedup] => "C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup_internetsecuritysuite.exe" -autorun
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodecPackUpdateChecker.lnk [2014-01-28]
ShortcutTarget: CodecPackUpdateChecker.lnk -> C:\Windows\SysWOW64\C2MP\UpdateChecker.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Roccat Talk.lnk [2014-02-05]
ShortcutTarget: Roccat Talk.lnk -> C:\Windows\Installer\{605D671E-1D1E-4840-84D9-BFACE17F160D}\NewShortcut1_38373BA15BEE4DD08E16D3720C304537.exe (Flexera Software LLC)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-3594826973-1388458410-1933748121-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
HKU\S-1-5-21-3594826973-1388458410-1933748121-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
HKU\S-1-5-21-3594826973-1388458410-1933748121-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
URLSearchHook: [S-1-5-21-3594826973-1388458410-1933748121-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0] ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: [S-1-5-21-3594826973-1388458410-1933748121-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1] ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: [S-1-5-21-3594826973-1388458410-1933748121-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0] ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: [S-1-5-21-3594826973-1388458410-1933748121-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1] ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: [S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0] ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: [S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1] ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3594826973-1388458410-1933748121-1001 -> {0985724C-C257-4A78-B6B3-2B1B179EFC01} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=888596&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3594826973-1388458410-1933748121-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {0985724C-C257-4A78-B6B3-2B1B179EFC01} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=888596&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3594826973-1388458410-1933748121-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> {0985724C-C257-4A78-B6B3-2B1B179EFC01} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=888596&p={searchTerms}
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{1333E452-9BD6-4ADF-9D62-07859AC12D3A}: [NameServer] 192.168.5.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\s\AppData\Roaming\Mozilla\Firefox\Profiles\pTMlo6Wx.default
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2014-12-03] (EA Digital Illusions CE AB)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-25] (Wacom)
FF Plugin: adobe.com/AdobeExManDetect -> D:\Adobe\Adobe CS6\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll [2013-12-02] (Adobe Systems)
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2014-12-03] (EA Digital Illusions CE AB)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-03-13] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-03-13] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2012-12-25] (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeExManDetect -> D:\Adobe\Adobe CS6\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [2013-12-02] (Adobe Systems)
FF Plugin HKU\S-1-5-21-3594826973-1388458410-1933748121-1001: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-25] (Wacom)
FF Plugin HKU\S-1-5-21-3594826973-1388458410-1933748121-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-25] (Wacom)
FF Plugin HKU\S-1-5-21-3594826973-1388458410-1933748121-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-25] (Wacom)
FF Extension: Avira Browser Safety - C:\Users\s\AppData\Roaming\Mozilla\Firefox\Profiles\pTMlo6Wx.default\Extensions\abs@avira.com [2014-12-03]

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.de/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\s\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (ProxFlow) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek [2014-05-31]
CHR Extension: (Google Docs) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-22]
CHR Extension: (Google Drive) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-22]
CHR Extension: (YouTube) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-22]
CHR Extension: (Google Search) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-22]
CHR Extension: (Google Analytics Opt-out Add-on (by Google)) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\fllaojicojecljbmefodhfapmkghcbnh [2014-05-31]
CHR Extension: (Snip-Me - Amazon-Preisalarm) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggbcajkaanddkocabpldmeomjdlgjpag [2014-05-31]
CHR Extension: (BetaFish Adblocker) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-04-25]
CHR Extension: (Bookmark Manager) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-15]
CHR Extension: (Pixlr Express) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\hojmjpdlmjopaeginhldhiokeidchjid [2014-05-31]
CHR Extension: (Online PDF Tools) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\jddfpnmfhodaljeelokfceepbeapgbdn [2014-05-31]
CHR Extension: (Custom Google™ Background) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\jepibmfmhopgkplegmkjgifmhabbjadg [2015-03-07]
CHR Extension: (komoot) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbgbaicglaiooophhbkpkdhpglkbhohb [2014-05-31]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-14]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-04]
CHR Extension: (Hangouts) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2015-03-07]
CHR Extension: (Google Wallet) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-22]
CHR Extension: (Gmail) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-22]
CHR HKU\S-1-5-21-3594826973-1388458410-1933748121-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3594826973-1388458410-1933748121-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3594826973-1388458410-1933748121-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome - Chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
S4 AdobeActiveFileMonitor11.0; D:\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171600 2012-09-17] (Adobe Systems Incorporated)
R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [815920 2015-03-23] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-03-23] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-03-23] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1004280 2015-03-31] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152144 2015-03-28] (NVIDIA Corporation)
R2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [16896 2013-10-31] (Microsoft Corporation)
R2 MSMQ; C:\Windows\system32\mqsvc.exe [25600 2013-10-31] (Microsoft Corporation)
R2 MSMQTriggers; C:\Windows\system32\mqtgsvc.exe [168448 2013-10-31] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1878672 2015-03-28] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [22995600 2015-03-28] (NVIDIA Corporation)
S3 Origin Client Service; D:\Origin\OriginClientService.exe [1930608 2015-03-26] (Electronic Arts)
R2 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [76152 2015-01-06] ()
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2015-01-06] ()
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-07-02] (Microsoft Corporation)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [546304 2013-10-31] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [598808 2013-05-02] (Wacom Technology, Corp.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-03-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132120 2015-03-05] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-10-10] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43576 2015-03-05] (Avira Operations GmbH & Co. KG)
S3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30352 2015-04-15] (Disc Soft Ltd)
S3 LGSHidFilt; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
R3 MQAC; C:\Windows\System32\drivers\mqac.sys [173568 2013-10-31] (Microsoft Corporation)
R3 MTsensor; C:\Windows\system32\DRIVERS\ASACPI.sys [17280 2013-05-17] ()
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-03-28] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-10] (Corel Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-03-18] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-26 13:29 - 2015-04-26 13:29 - 00030378 _____ () C:\Users\s\Desktop\FRST.txt
2015-04-26 13:29 - 2015-04-26 13:29 - 00000000 ____D () C:\FRST
2015-04-26 13:28 - 2015-04-26 13:28 - 02099712 _____ (Farbar) C:\Users\s\Desktop\FRST64.exe
2015-04-26 13:16 - 2015-04-26 13:16 - 222895146 _____ () C:\Users\s\Downloads\[Pure-Ani.me]Dungeon ni Deai o Motomeru no wa Machigatte Iru Darou ka 04 Ger Sub.mp4
2015-04-25 12:03 - 2015-04-25 12:03 - 02224640 _____ () C:\Users\s\Desktop\adwcleaner_4.202.exe
2015-04-25 10:21 - 2015-04-24 21:25 - 316191928 _____ () C:\Users\s\Downloads\ac.720p.e14.mkv
2015-04-23 14:15 - 2015-04-22 21:28 - 304467827 _____ () C:\Users\s\Downloads\triagex.720p.e03.mkv
2015-04-23 14:15 - 2015-04-17 17:08 - 294389571 _____ () C:\Users\s\Downloads\triagex.720p.e02.mp4
2015-04-23 14:15 - 2015-04-17 16:43 - 289795797 _____ () C:\Users\s\Downloads\triagex.720p.e01.mp4
2015-04-23 13:47 - 2015-04-18 20:17 - 583081914 _____ () C:\Users\s\Downloads\plastic.1080p.e03.mkv
2015-04-23 12:06 - 2015-04-12 21:17 - 548958249 _____ () C:\Users\s\Downloads\plastic.1080p.e02.mkv
2015-04-23 11:26 - 2015-04-11 20:18 - 553148423 _____ () C:\Users\s\Downloads\plastic.1080p.e01.mkv
2015-04-22 14:53 - 2015-04-22 14:53 - 00000000 ____D () C:\Users\s\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader
2015-04-22 09:36 - 2015-03-03 15:17 - 00295552 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-04-22 09:34 - 2015-04-22 09:34 - 00000000 ____D () C:\Users\s\AppData\Local\AviraSpeedup
2015-04-21 18:03 - 2015-04-20 12:04 - 1589627016 _____ () C:\Users\s\Downloads\Gam.of.Thones.S05E02.Ger.Sub.72p.HDTV.x264-iND.mkv
2015-04-21 09:05 - 2015-04-13 16:11 - 1268349959 _____ () C:\Users\s\Downloads\Gam.of.Thones.S05E01.Ger.Sub.72p.HDTV.x264-iND.mkv
2015-04-20 15:57 - 2015-04-20 11:06 - 281810169 _____ () C:\Users\s\Downloads\[NKDE-Subs] Highschool DxD BoRN - 03 Ger Sub v2.mp4
2015-04-20 15:43 - 2015-04-20 16:00 - 00000000 ____D () C:\Temp
2015-04-19 22:48 - 2015-04-19 22:48 - 02347384 _____ (ESET) C:\Users\s\Desktop\esetsmartinstaller_deu.exe
2015-04-19 21:57 - 2015-04-20 14:28 - 00000000 ____D () C:\Users\s\AppData\Roaming\ImgBurn
2015-04-19 21:54 - 2015-04-19 21:54 - 00001893 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
2015-04-19 21:54 - 2015-04-19 21:54 - 00001881 _____ () C:\Users\Public\Desktop\ImgBurn.lnk
2015-04-19 21:54 - 2015-04-19 21:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
2015-04-19 21:54 - 2015-04-19 21:54 - 00000000 ____D () C:\Program Files (x86)\ImgBurn
2015-04-19 20:41 - 2015-04-19 20:48 - 226869908 _____ () C:\Users\s\Downloads\[Pure-Ani.me]Yahari Ore no Seishun Love Comedy wa Machigatteiru. Zoku 03 Ger Sub.mp4
2015-04-16 21:04 - 2015-04-26 13:09 - 00000000 ____D () C:\AdwCleaner
2015-04-16 07:57 - 2015-01-06 05:01 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndproxy.sys
2015-04-16 07:57 - 2015-01-06 04:59 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
2015-04-16 07:57 - 2015-01-06 03:12 - 00185856 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascfg.dll
2015-04-16 07:57 - 2015-01-06 03:02 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rascfg.dll
2015-04-15 22:53 - 2015-04-20 10:35 - 00000000 ____D () C:\Program Files\RC Desk Pilot
2015-04-15 22:22 - 2015-04-15 22:24 - 00000000 ____D () C:\Users\s\AppData\Roaming\DAEMON Tools Lite
2015-04-15 22:22 - 2015-04-15 22:23 - 00030352 _____ (Disc Soft Ltd) C:\WINDOWS\system32\Drivers\dtlitescsibus.sys
2015-04-15 22:21 - 2015-04-15 22:22 - 00000000 ____D () C:\ProgramData\DAEMON Tools Lite
2015-04-15 21:21 - 2015-04-16 21:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Flug-Model-Simulator
2015-04-15 12:16 - 2015-04-15 12:16 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2015-04-15 08:21 - 2015-03-23 23:59 - 07476032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-04-15 08:21 - 2015-03-23 23:59 - 01733952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-04-15 08:21 - 2015-03-23 23:59 - 00360480 _____ (Microsoft Corporation) C:\WINDOWS\system32\sechost.dll
2015-04-15 08:21 - 2015-03-23 23:58 - 01498872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-04-15 08:21 - 2015-03-23 23:45 - 00257216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sechost.dll
2015-04-15 08:21 - 2015-03-23 00:45 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-04-15 08:21 - 2015-03-23 00:09 - 01111552 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-04-15 08:21 - 2015-03-23 00:09 - 00957440 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-04-15 08:21 - 2015-03-23 00:09 - 00769024 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-04-15 08:21 - 2015-03-23 00:09 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-04-15 08:21 - 2015-03-23 00:09 - 00419328 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-04-15 08:21 - 2015-03-23 00:09 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-04-15 08:21 - 2015-03-20 06:12 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2015-04-15 08:21 - 2015-03-20 06:10 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-04-15 08:21 - 2015-03-20 06:10 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-04-15 08:21 - 2015-03-20 05:17 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\tracerpt.exe
2015-04-15 08:21 - 2015-03-20 04:41 - 00369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tracerpt.exe
2015-04-15 08:21 - 2015-03-20 04:40 - 00950784 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2015-04-15 08:21 - 2015-03-20 04:16 - 00749568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2015-04-15 08:21 - 2015-03-14 10:54 - 00133256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-04-15 08:21 - 2015-03-14 03:56 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2015-04-15 08:21 - 2015-03-14 03:56 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-04-15 08:21 - 2015-03-14 03:51 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wu.upgrade.ps.dll
2015-04-15 08:21 - 2015-03-14 03:37 - 00267264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2015-04-15 08:21 - 2015-03-14 03:14 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2015-04-15 08:21 - 2015-03-14 02:22 - 03678720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-04-15 08:21 - 2015-03-14 02:12 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-04-15 08:21 - 2015-03-14 02:12 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-04-15 08:21 - 2015-03-14 02:09 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2015-04-15 08:21 - 2015-03-14 02:08 - 00408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-04-15 08:21 - 2015-03-14 02:08 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-04-15 08:21 - 2015-03-14 02:06 - 02373632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-04-15 08:21 - 2015-03-14 02:06 - 00891392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-04-15 08:21 - 2015-03-14 02:02 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-04-15 08:21 - 2015-03-14 02:02 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-04-15 08:21 - 2015-03-14 01:59 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-04-15 08:21 - 2015-03-14 01:59 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-04-15 08:21 - 2015-03-13 06:32 - 24980480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-04-15 08:21 - 2015-03-13 06:08 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-04-15 08:21 - 2015-03-13 06:07 - 02886144 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-04-15 08:21 - 2015-03-13 05:53 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-04-15 08:21 - 2015-03-13 05:50 - 06025216 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-04-15 08:21 - 2015-03-13 05:42 - 19695616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-04-15 08:21 - 2015-03-13 05:28 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-04-15 08:21 - 2015-03-13 05:26 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-04-15 08:21 - 2015-03-13 05:22 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-04-15 08:21 - 2015-03-13 05:17 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-04-15 08:21 - 2015-03-13 05:16 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-04-15 08:21 - 2015-03-13 05:08 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-04-15 08:21 - 2015-03-13 05:07 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-04-15 08:21 - 2015-03-13 05:00 - 14397440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-04-15 08:21 - 2015-03-13 04:58 - 00259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2015-04-15 08:21 - 2015-03-13 04:50 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-04-15 08:21 - 2015-03-13 04:49 - 04305408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-04-15 08:21 - 2015-03-13 04:45 - 02358784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-04-15 08:21 - 2015-03-13 04:44 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-04-15 08:21 - 2015-03-13 04:37 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll
2015-04-15 08:21 - 2015-03-13 04:34 - 12825600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-04-15 08:21 - 2015-03-13 04:33 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-04-15 08:21 - 2015-03-13 04:22 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-04-15 08:21 - 2015-03-13 04:20 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-04-15 08:21 - 2015-03-13 04:16 - 01311232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-04-15 08:21 - 2015-03-13 04:14 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-04-15 08:21 - 2015-03-04 12:25 - 00377152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2015-04-15 08:21 - 2015-03-04 05:04 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\clfsw32.dll
2015-04-15 08:21 - 2015-03-04 04:19 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clfsw32.dll
2015-04-15 08:21 - 2015-02-24 10:32 - 00991552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2015-04-15 08:21 - 2015-02-21 01:49 - 00780800 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll
2015-04-15 08:21 - 2014-12-03 01:09 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2015-04-13 09:05 - 2015-04-13 09:05 - 00000295 _____ () C:\Users\s\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Papierkorb.lnk
2015-04-12 23:31 - 2015-04-12 17:33 - 240146699 _____ () C:\Users\s\Downloads\[NKDE-Subs] Highschool DxD BoRN - 02 Ger Sub.mp4
2015-04-12 23:01 - 2015-04-12 23:03 - 226734825 _____ () C:\Users\s\Downloads\[Pure-Ani.me]Yahari Ore no Seishun Love Comedy wa Machigatteiru. Zoku 02 Ger Sub.mp4
2015-04-08 23:43 - 2015-04-08 23:45 - 205841953 _____ () C:\Users\s\Downloads\[Pure-Anime.biz] Ao Haru Ride 13 OVA Ger Sub.mp4
2015-04-07 00:12 - 2015-04-07 00:12 - 00000000 ____D () C:\ProgramData\MULTIFlight
2015-04-07 00:12 - 2015-04-07 00:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MULTIFlight
2015-04-07 00:12 - 2015-04-07 00:12 - 00000000 ____D () C:\Program Files (x86)\MULTIFlight
2015-04-05 23:16 - 2015-04-05 23:20 - 484123746 _____ () C:\Users\s\Downloads\Gotam.S01E12.Ger.Dub.WHD.XviD-EDE.avi
2015-04-04 15:03 - 2015-04-04 15:03 - 00000000 ___SD () C:\WINDOWS\SysWOW64\GWX
2015-04-04 15:03 - 2015-04-04 15:03 - 00000000 ___SD () C:\WINDOWS\system32\GWX
2015-04-01 19:04 - 2015-04-01 19:04 - 00018321 _____ () C:\WINDOWS\DirectX.log
2015-03-30 21:34 - 2015-03-30 21:35 - 00000000 ____D () C:\Users\s\Documents\Heroes of the Storm
2015-03-30 20:26 - 2015-04-01 12:48 - 00000000 ____D () C:\Users\s\AppData\Local\Battle.net
2015-03-30 20:26 - 2015-03-30 21:34 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment
2015-03-30 20:26 - 2015-03-30 20:27 - 00000000 ____D () C:\Users\s\AppData\Roaming\Battle.net
2015-03-30 20:26 - 2015-03-30 20:26 - 00000000 ____D () C:\Users\s\AppData\Local\Blizzard Entertainment
2015-03-30 20:24 - 2015-03-30 20:24 - 00000000 ____D () C:\ProgramData\Battle.net
2015-03-29 15:45 - 2015-03-29 15:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\u-blox
2015-03-29 15:45 - 2015-03-29 15:45 - 00000000 ____D () C:\Program Files (x86)\u-blox
2015-03-28 09:36 - 2015-03-28 09:36 - 16761570 _____ () C:\Users\s\Downloads\Projekt IAV.zip
2015-03-27 12:18 - 2015-04-07 10:02 - 00017608 _____ () C:\WINDOWS\DPINST.LOG
2015-03-27 12:18 - 2015-03-27 12:18 - 00001019 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Arduino.lnk
2015-03-27 12:18 - 2015-03-27 12:18 - 00001007 _____ () C:\Users\Public\Desktop\Arduino.lnk
2015-03-27 12:18 - 2015-03-27 12:18 - 00000000 ____D () C:\Users\s\Documents\Arduino
2015-03-27 12:18 - 2015-03-27 12:18 - 00000000 ____D () C:\Users\s\AppData\Roaming\Arduino15
2015-03-27 12:18 - 2015-03-27 12:18 - 00000000 ____D () C:\Users\s\.jssc
2015-03-27 12:17 - 2015-03-27 12:18 - 00000000 ____D () C:\Program Files (x86)\Arduino
2015-03-27 10:46 - 2015-03-27 10:46 - 00000000 ____D () C:\Users\s\AppData\Roaming\NVIDIA
2015-03-27 10:28 - 2015-04-25 20:33 - 00007631 _____ () C:\WINDOWS\setupact.log
2015-03-27 10:28 - 2015-04-19 22:31 - 00219646 _____ () C:\WINDOWS\PFRO.log
2015-03-27 10:28 - 2015-03-27 10:28 - 00000000 _____ () C:\WINDOWS\setuperr.log

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-26 13:29 - 2013-10-22 11:40 - 00001128 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-26 13:25 - 2014-05-06 00:40 - 01632804 _____ () C:\WINDOWS\WindowsUpdate.log
2015-04-26 13:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-04-26 12:55 - 2015-03-24 17:55 - 00000929 _____ () C:\WINDOWS\Tasks\EPSON XP-322 323 325 Series Update {A4B7AC65-10C9-43CF-B46E-D9311A9A1A5B}.job
2015-04-26 12:54 - 2015-01-02 23:12 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-04-26 12:27 - 2012-08-21 21:20 - 00000000 ____D () C:\Users\s\Downloads\05_Arbeit
2015-04-26 08:40 - 2015-03-04 17:58 - 00000000 ____D () C:\Program Files (x86)\Mission Planner
2015-04-26 08:17 - 2014-01-27 21:35 - 00000000 ___RD () C:\Users\s\Downloads\GoogleDrive
2015-04-26 08:16 - 2013-10-22 11:40 - 00001124 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-26 08:16 - 2013-10-21 19:43 - 00000000 ___DO () C:\Users\s\SkyDrive
2015-04-25 18:36 - 2015-03-01 22:02 - 00000000 ____D () C:\Users\s\apmplanner2
2015-04-25 18:34 - 2014-01-16 19:14 - 00000284 _____ () C:\WINDOWS\Tasks\AutoKMS.job
2015-04-25 12:11 - 2013-09-30 06:14 - 01871602 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-04-25 12:11 - 2013-09-30 05:56 - 00804408 _____ () C:\WINDOWS\system32\perfh007.dat
2015-04-25 12:11 - 2013-09-30 05:56 - 00170296 _____ () C:\WINDOWS\system32\perfc007.dat
2015-04-25 12:07 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\inetsrv
2015-04-25 12:05 - 2015-03-24 11:32 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-04-25 12:05 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-04-25 12:05 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-04-22 18:38 - 2014-04-27 07:43 - 00000000 ____D () C:\Users\DefaultAppPool
2015-04-22 18:29 - 2013-10-21 17:16 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3594826973-1388458410-1933748121-1001
2015-04-22 14:56 - 2013-03-03 08:40 - 00000000 ____D () C:\Users\s\Downloads\07_JDownloader
2015-04-22 14:53 - 2013-10-31 15:17 - 00000000 ____D () C:\Program Files (x86)\JDownloader
2015-04-22 09:36 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-04-22 09:32 - 2013-10-24 10:16 - 00000000 ____D () C:\Users\s\AppData\Local\Adobe
2015-04-19 20:01 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-04-17 07:23 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-04-16 22:36 - 2013-10-22 12:06 - 00000000 ____D () C:\Users\s\AppData\Roaming\vlc
2015-04-16 21:05 - 2013-12-01 18:16 - 00000000 ____D () C:\Users\s\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-04-16 21:05 - 2013-10-22 11:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-04-16 21:05 - 2013-10-21 19:42 - 00000999 _____ () C:\Users\s\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-04-16 13:04 - 2013-10-21 19:35 - 00000000 ____D () C:\Users\s
2015-04-16 12:29 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-04-16 08:13 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppCompat
2015-04-16 07:55 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\Cursors
2015-04-15 22:19 - 2014-11-10 18:46 - 00000041 ___SH () C:\ProgramData\.zreglib
2015-04-15 12:16 - 2014-12-03 09:44 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2015-04-15 09:59 - 2014-01-16 19:00 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-15 09:59 - 2013-10-21 17:49 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-04-15 09:55 - 2013-10-21 17:49 - 128913832 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-04-14 01:24 - 2013-08-22 17:38 - 00792056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-04-14 01:24 - 2013-08-22 17:38 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-12 13:33 - 2014-02-05 14:32 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-04-10 07:23 - 2014-05-23 08:14 - 00000000 ____D () C:\ProgramData\Package Cache
2015-04-10 07:23 - 2013-10-21 17:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-04-10 07:23 - 2013-10-21 17:14 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-04-07 10:01 - 2015-03-01 22:02 - 00000000 ____D () C:\Users\s\mapscache
2015-04-01 23:49 - 2014-12-31 19:56 - 00000000 ____D () C:\ProgramData\Origin
2015-03-29 15:32 - 2015-03-04 23:38 - 00000149 _____ () C:\Users\s\Documents\diagnostic.ubx
2015-03-29 12:29 - 2015-03-24 17:54 - 00000000 ____D () C:\ProgramData\EPSON
2015-03-28 11:11 - 2014-05-02 13:37 - 00000000 ____D () C:\Users\s\AppData\Roaming\PhotoScape
2015-03-28 05:44 - 2014-07-29 18:37 - 01316000 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2015-03-28 05:44 - 2013-11-09 00:46 - 01316000 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2015-03-28 05:43 - 2014-07-29 18:37 - 01756424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2015-03-28 05:43 - 2013-11-09 00:46 - 01570672 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll

==================== Files in the root of some directories =======

2015-01-13 01:04 - 2015-01-13 22:55 - 0000600 _____ () C:\Users\s\AppData\Roaming\winscp.rnd
2014-10-01 20:15 - 2014-10-01 20:15 - 0004096 ____H () C:\Users\s\AppData\Local\keyfile3.drm
2015-01-13 01:00 - 2015-03-12 13:53 - 0000600 _____ () C:\Users\s\AppData\Local\PUTTY.RND
2014-06-13 16:47 - 2015-03-25 08:22 - 0007597 _____ () C:\Users\s\AppData\Local\Resmon.ResmonCfg
2014-11-10 18:46 - 2015-04-15 22:19 - 0000041 ___SH () C:\ProgramData\.zreglib
1999-07-07 02:00 - 1999-07-07 02:00 - 0000006 __RSH () C:\ProgramData\DE280AC2-0786-4476-96E5-D6E6370396FE

Some content of TEMP:
====================
C:\Users\s\AppData\Local\Temp\avgnt.exe
C:\Users\s\AppData\Local\Temp\i4jdel0.exe
C:\Users\s\AppData\Local\Temp\proxy_vole6848895154067636924.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-23 09:59

==================== End Of Log ============================
--- --- ---



Addition.txt
FRST Additions Logfile:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-04-2015
Ran by s at 2015-04-26 13:30:02
Running from C:\Users\s\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3594826973-1388458410-1933748121-500 - Administrator - Disabled)
Gast (S-1-5-21-3594826973-1388458410-1933748121-501 - Limited - Disabled)
s (S-1-5-21-3594826973-1388458410-1933748121-1001 - Administrator - Enabled) => C:\Users\s

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AAVUpdateManager (HKLM-x32\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Photoshop Elements 11 (HKLM-x32\...\Adobe Photoshop Elements 11) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Arduino (HKLM-x32\...\Arduino) (Version: 1.6.1 - Arduino LLC)
Avira (HKLM-x32\...\{b5675cc4-ab8b-4945-8c1d-4c5479556d6a}) (Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.9.504 - Avira Operations GmbH & Co. KG)
Battlefield: Bad Company™ 2 (HKLM-x32\...\{3AC8457C-0385-4BEA-A959-E095F05D6D67}) (Version: 1.0.1.0 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.6.2 - EA Digital Illusions CE AB)
DNDownloader version 1.2 (HKLM-x32\...\DNDownloader_is1) (Version: 1.2 - )
Druckerdeinstallation für EPSON XP-322 323 325 Series (HKLM\...\EPSON XP-322 323 325 Series) (Version:  - SEIKO EPSON Corporation)
Elements 11 Organizer (x32 Version: 11.0 - Ihr Firmenname) Hidden
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EXPERTool v8.9 (HKLM-x32\...\{551D9481-9487-4D0C-9A1D-6BC3E7B6D991}_is1) (Version: 8.9.7.3 - Gainward Co. Ltd.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.90 - Google Inc.)
Google Drive (HKLM-x32\...\{6C36881B-0E51-4231-9D02-BF2149664D34}) (Version: 1.20.8672.3137 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Helium (HKLM-x32\...\{9A781940-AC41-4D5E-8E1E-76A04B916FB9}) (Version: 1.0.0 - ClockworkMod)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Logitech Gaming Software 8.50 (HKLM\...\Logitech Gaming Software) (Version: 8.50.281 - Logitech Inc.)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Media Player Codec Pack 4.3.0 (HKLM-x32\...\Media Player - Codec Pack) (Version: 4.3.0 - Media Player Codec Pack)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mission Planner (HKLM-x32\...\{2C6E91C8-8B1B-479F-9BBD-545AF60F09E0}) (Version: 1.3.19 - Michael Oborne)
MULTIFlight (HKLM-x32\...\MULTIFlight) (Version:  - Multiplex Modellsport GmbH & Co.KG)
NARUTO SHIPPUDEN: Ultimate Ninja STORM 3 Full Burst (HKLM-x32\...\Steam App 234670) (Version:  - CyberConnect 2)
NVIDIA 3D Vision Controller-Treiber 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 347.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.88 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.4.1.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.1.21 - NVIDIA Corporation)
NVIDIA Grafiktreiber 347.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.88 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
OpenOffice 4.1.1 Language Pack (German) (HKLM-x32\...\{68AF7AB8-E018-40D9-B703-0129274FDBAE}) (Version: 4.11.9775 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.5.3.636 - Electronic Arts, Inc.)
PDF Experte 9 Ultimate (HKLM-x32\...\{FC279721-37A6-4777-AFD8-7A56681EBA14}) (Version:  - )
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PDF24 Creator 6.9.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
PL-2303 USB-to-Serial (HKLM-x32\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.10.0 - Prolific Technology INC)
PSE11 STI Installer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
ROCCAT Kone XTD Mouse Driver (HKLM-x32\...\{7133137D-DF48-4522-AD88-13C82B7D0A63}) (Version:  - Roccat GmbH)
Roccat Talk (HKLM-x32\...\{605D671E-1D1E-4840-84D9-BFACE17F160D}) (Version: 1.00.0002 - Roccat GmbH)
Sansa Updater (HKU\S-1-5-21-3594826973-1388458410-1933748121-1001\...\Sansa Updater) (Version: 1.406 - SanDisk Corporation)
Sansa Updater (HKU\S-1-5-21-3594826973-1388458410-1933748121-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Sansa Updater) (Version: 1.406 - SanDisk Corporation)
Sansa Updater (HKU\S-1-5-21-3594826973-1388458410-1933748121-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Sansa Updater) (Version: 1.406 - SanDisk Corporation)
SDFormatter (HKLM-x32\...\{179324FF-7B16-4BA8-9836-055CAAEE4F08}) (Version: 4.0.0 - SD Association)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
SHIELD Streaming (Version: 4.1.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.4.1.21 - NVIDIA Corporation) Hidden
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
SteuerSparErklärung 2014 (HKLM-x32\...\{A463EB06-22A6-47F5-9593-E52B291EF13E}) (Version: 19.12.92 - Akademische Arbeitsgemeinschaft)
SteuerSparErklärung 2015 (HKLM-x32\...\{312C0E08-8F94-4536-AAF6-3413F784AC5F}) (Version: 20.24.112 - Akademische Arbeitsgemeinschaft)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
Titanfall™ (HKLM-x32\...\{347EE0C3-0690-48F6-A231-53853C2A80D6}) (Version: 1.0.10.1 - Electronic Arts)
u-center (HKLM-x32\...\{A385DF8C-7E17-4C6C-998F-96FDC10BCE96}) (Version: 7.0.2.1 - u-blox)
Universal Adb Driver (HKLM-x32\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Wacom Tablett (HKLM\...\Wacom Tablet Driver) (Version: 6.3.6b5 - Wacom Technology Corp.)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.3 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.3 - Wacom Technology Corp.)
Win32DiskImager version 0.9.5 (HKLM-x32\...\{D074CE74-912A-4AD3-A0BF-3937D9D01F17}_is1) (Version: 0.9.5 - ImageWriter Developers)
Windows-Treiberpaket - 3D Robotics (usbser) Ports  (01/01/2015 2.0.0.9) (HKLM\...\75690F2C86F7BE1E9F51D6D0CC84D4D7C203E6B5) (Version: 01/01/2015 2.0.0.9 - 3D Robotics)
Windows-Treiberpaket - 3D Robotics (usbser) Ports  (01/01/2015 2.0.0.9) (HKLM\...\E5BE0983C0C60432B42B39114C40C1931CE1AE00) (Version: 01/01/2015 2.0.0.9 - 3D Robotics)
Windows-Treiberpaket - Arduino LLC (www.arduino.cc) (usbser) Ports  (01/01/2015 2.0.0.9) (HKLM\...\86FE9521DE7ABE24A00FABF1A36DFEA326A2B95B) (Version: 01/01/2015 2.0.0.9 - Arduino LLC (www.arduino.cc))
Windows-Treiberpaket - FTDI CDM Driver Package - Bus/D2XX Driver (07/12/2013 2.08.30) (HKLM\...\22CCD58B53472BE3FCAFF05631111C4062959A43) (Version: 07/12/2013 2.08.30 - FTDI)
Windows-Treiberpaket - FTDI CDM Driver Package - VCP Driver (07/12/2013 2.08.30) (HKLM\...\BD00013670D26C16E19F284BF8E15DAF813497C7) (Version: 07/12/2013 2.08.30 - FTDI)
Windows-Treiberpaket - Google, Inc. (WinUSB) AndroidUsbDeviceClass  (08/28/2014 11.0.0000.00000) (HKLM\...\092555911492C6959D2596D612F52DCA71881CA2) (Version: 08/28/2014 11.0.0000.00000 - Google, Inc.)
Windows-Treiberpaket - Laser Navigation (usbser) Ports  (01/01/2015 2.0.0.9) (HKLM\...\5B5A1A5769F13E0E41408EC749064B8AD32F3ABA) (Version: 01/01/2015 2.0.0.9 - Laser Navigation)
Windows-Treiberpaket - Laser Navigation (usbser) Ports  (01/01/2015 2.0.0.9) (HKLM\...\7467F9B0E7D7F46F43092D951C133F4C5AF9A51E) (Version: 01/01/2015 2.0.0.9 - Laser Navigation)
Windows-Treiberpaket - Laser Navigation (usbser) Ports  (01/01/2015 2.0.0.9) (HKLM\...\ACDDC797C22A16749E351E36E8E45708620B451D) (Version: 01/01/2015 2.0.0.9 - Laser Navigation)
Windows-Treiberpaket - u-blox AG (ubloxusb) Ports  (05/09/2012 1.2.0.6) (HKLM\...\7DCB6F90653EABCA4FDB3A94511F5371C9D34C51) (Version: 05/09/2012 1.2.0.6 - u-blox AG)
Windows-Treiberpaket - u-blox AG (ubloxusb) Ports  (07/03/2013 1.2.0.8) (HKLM\...\FD26D50F08971338088D01BEDED393EC9F9C4FA7) (Version: 07/03/2013 1.2.0.8 - u-blox AG)
WinRAR 5.00 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3594826973-1388458410-1933748121-1001_Classes\CLSID\{092dfa86-5807-5a94-bf3b-5a53ba9e5308}\InprocServer32 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)

==================== Restore Points  =========================

22-04-2015 09:28:43 Avira System Speedup 1.6.3

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2014-01-15 11:18 - 00001030 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 na1r.services.adobe.com 
127.0.0.1 hlrcv.stage.adobe.com 
127.0.0.1 lmlicenses.wip4.adobe.com 
127.0.0.1 lm.licenses.adobe.com 
127.0.0.1 activate.adobe.com 
127.0.0.1 practivate.adobe.com 


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {17124A12-B0AA-48B1-A119-D52F008A9584} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-22] (Google Inc.)
Task: {4677EDF6-3647-440B-979A-19464D1B3746} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {4D530DFC-C28F-4E39-ACFD-81DF8AEDCD6F} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {6739EA80-646B-421C-849B-5AEB54E7C110} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-22] (Google Inc.)
Task: {696A40AB-6B0A-4DE2-BF2A-5F102001776A} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-04-15] (Microsoft Corporation)
Task: {73395519-CCAB-489B-A3A9-6A8C3069907F} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
Task: {7714CA0C-9069-46D8-930C-2E213DA86569} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {79388E14-7DB2-4DFC-A0A7-BD9CC33425A5} - System32\Tasks\EPSON XP-322 323 325 Series Update {A4B7AC65-10C9-43CF-B46E-D9311A9A1A5B} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSNEE.EXE [2013-11-22] (SEIKO EPSON CORPORATION)
Task: {BDC2C40D-F181-4C59-85D1-907F12585642} - System32\Tasks\{0C43FB44-1C71-4D7A-A2FD-9097DCF40188} => pcalua.exe -a C:\Users\s\AppData\Local\Unity\WebPlayer\Uninstall.exe -c /CurrentUser
Task: {BEEBCE3A-45FB-41B9-BE9A-3B4B7E2132AE} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {F2DF14B4-CD1C-437E-9BEA-DF11EFB6CABD} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
Task: C:\WINDOWS\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe
Task: C:\WINDOWS\Tasks\EPSON XP-322 323 325 Series Update {A4B7AC65-10C9-43CF-B46E-D9311A9A1A5B}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSNEE.EXE:/EXE:{A4B7AC65-10C9-43CF-B46E-D9311A9A1A5B} /F:UpdateWORKGROUP\HOME$
Searches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2015-01-06 02:48 - 2015-01-06 02:48 - 00076152 _____ () C:\WINDOWS\system32\PnkBstrA.exe
2015-03-24 11:32 - 2015-03-13 18:16 - 00118472 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-12-31 16:39 - 2013-05-02 20:05 - 01185048 ____N () C:\Program Files\Tablet\Wacom\libxml2.dll
2015-02-01 22:46 - 2013-05-15 16:13 - 07012352 _____ () C:\Program Files (x86)\Avanquest\PDF Experte 9 Ultimate\vspdfprsrv.exe
2015-04-22 09:38 - 2015-03-28 05:45 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2014-02-05 14:32 - 2012-06-17 12:20 - 00061440 _____ () C:\Program Files (x86)\ROCCAT\Kone XTD Mouse\hiddriver.dll
2015-02-01 22:46 - 2013-05-15 16:13 - 01185792 _____ () C:\Program Files (x86)\Avanquest\PDF Experte 9 Ultimate\TMSlite170.bpl
2015-02-01 22:46 - 2013-05-14 21:55 - 00089600 _____ () C:\Program Files (x86)\Avanquest\PDF Experte 9 Ultimate\vspropsaver170.bpl
2015-02-01 22:46 - 2013-05-15 16:13 - 04993024 _____ () C:\Program Files (x86)\Avanquest\PDF Experte 9 Ultimate\vspdfcore170.bpl
2015-02-01 22:46 - 2013-05-16 16:56 - 00077312 _____ () C:\Program Files (x86)\Avanquest\PDF Experte 9 Ultimate\expertpdfcore170.bpl
2015-02-01 22:46 - 2013-05-14 21:55 - 02532864 _____ () C:\Program Files (x86)\Avanquest\PDF Experte 9 Ultimate\vsvector170.bpl
2015-02-01 22:46 - 2013-05-15 16:13 - 02787328 _____ () C:\Program Files (x86)\Avanquest\PDF Experte 9 Ultimate\BBlite170.bpl
2015-02-01 22:46 - 2013-05-15 16:13 - 00066560 _____ () C:\Program Files (x86)\Avanquest\PDF Experte 9 Ultimate\vsprinters170.bpl
2015-02-01 22:46 - 2013-05-14 21:55 - 00065024 _____ () C:\Program Files (x86)\Avanquest\PDF Experte 9 Ultimate\vspdfprinter170.bpl
2015-02-01 22:46 - 2013-05-06 18:23 - 01948912 _____ () C:\Program Files (x86)\Avanquest\PDF Experte 9 Ultimate\js32.dll
2015-02-01 22:46 - 2013-05-15 16:13 - 00533504 _____ () C:\Program Files (x86)\Avanquest\PDF Experte 9 Ultimate\vspdfeditor170.bpl
2015-02-01 22:46 - 2013-05-15 16:13 - 00025600 _____ () C:\Program Files (x86)\Avanquest\PDF Experte 9 Ultimate\vstrees170.bpl
2015-04-26 08:17 - 2015-04-26 08:17 - 00098816 _____ () C:\Users\s\AppData\Local\Temp\_MEI57762\win32api.pyd
2015-04-26 08:17 - 2015-04-26 08:17 - 00110080 _____ () C:\Users\s\AppData\Local\Temp\_MEI57762\pywintypes27.dll
2015-04-26 08:17 - 2015-04-26 08:17 - 00364544 _____ () C:\Users\s\AppData\Local\Temp\_MEI57762\pythoncom27.dll
2015-04-26 08:17 - 2015-04-26 08:17 - 00045568 _____ () C:\Users\s\AppData\Local\Temp\_MEI57762\_socket.pyd
2015-04-26 08:17 - 2015-04-26 08:17 - 01161216 _____ () C:\Users\s\AppData\Local\Temp\_MEI57762\_ssl.pyd
2015-04-26 08:17 - 2015-04-26 08:17 - 00320512 _____ () C:\Users\s\AppData\Local\Temp\_MEI57762\win32com.shell.shell.pyd
2015-04-26 08:17 - 2015-04-26 08:17 - 00713216 _____ () C:\Users\s\AppData\Local\Temp\_MEI57762\_hashlib.pyd
2015-04-26 08:17 - 2015-04-26 08:17 - 01175040 _____ () C:\Users\s\AppData\Local\Temp\_MEI57762\wx._core_.pyd
2015-04-26 08:17 - 2015-04-26 08:17 - 00805888 _____ () C:\Users\s\AppData\Local\Temp\_MEI57762\wx._gdi_.pyd
2015-04-26 08:17 - 2015-04-26 08:17 - 00811008 _____ () C:\Users\s\AppData\Local\Temp\_MEI57762\wx._windows_.pyd
2015-04-26 08:17 - 2015-04-26 08:17 - 01062400 _____ () C:\Users\s\AppData\Local\Temp\_MEI57762\wx._controls_.pyd
2015-04-26 08:17 - 2015-04-26 08:17 - 00735232 _____ () C:\Users\s\AppData\Local\Temp\_MEI57762\wx._misc_.pyd
2015-04-26 08:17 - 2015-04-26 08:17 - 00682496 _____ () C:\Users\s\AppData\Local\Temp\_MEI57762\pysqlite2._sqlite.pyd
2015-04-26 08:17 - 2015-04-26 08:17 - 00128512 _____ () C:\Users\s\AppData\Local\Temp\_MEI57762\_elementtree.pyd
2015-04-26 08:17 - 2015-04-26 08:17 - 00127488 _____ () C:\Users\s\AppData\Local\Temp\_MEI57762\pyexpat.pyd
2015-04-26 08:17 - 2015-04-26 08:17 - 00087552 _____ () C:\Users\s\AppData\Local\Temp\_MEI57762\_ctypes.pyd
2015-04-26 08:17 - 2015-04-26 08:17 - 00119808 _____ () C:\Users\s\AppData\Local\Temp\_MEI57762\win32file.pyd
2015-04-26 08:17 - 2015-04-26 08:17 - 00108544 _____ () C:\Users\s\AppData\Local\Temp\_MEI57762\win32security.pyd
2015-04-26 08:17 - 2015-04-26 08:17 - 00007168 _____ () C:\Users\s\AppData\Local\Temp\_MEI57762\hashobjs_ext.pyd
2015-04-26 08:17 - 2015-04-26 08:17 - 00167936 _____ () C:\Users\s\AppData\Local\Temp\_MEI57762\win32gui.pyd
2015-04-26 08:17 - 2015-04-26 08:17 - 00018432 _____ () C:\Users\s\AppData\Local\Temp\_MEI57762\win32event.pyd
2015-04-26 08:17 - 2015-04-26 08:17 - 00038912 _____ () C:\Users\s\AppData\Local\Temp\_MEI57762\win32inet.pyd
2015-04-26 08:17 - 2015-04-26 08:17 - 00011264 _____ () C:\Users\s\AppData\Local\Temp\_MEI57762\win32crypt.pyd
2015-04-26 08:17 - 2015-04-26 08:17 - 00070656 _____ () C:\Users\s\AppData\Local\Temp\_MEI57762\wx._html2.pyd
2015-04-26 08:17 - 2015-04-26 08:17 - 00027136 _____ () C:\Users\s\AppData\Local\Temp\_MEI57762\_multiprocessing.pyd
2015-04-26 08:17 - 2015-04-26 08:17 - 00020480 _____ () C:\Users\s\AppData\Local\Temp\_MEI57762\_yappi.pyd
2015-04-26 08:17 - 2015-04-26 08:17 - 00035840 _____ () C:\Users\s\AppData\Local\Temp\_MEI57762\win32process.pyd
2015-04-26 08:17 - 2015-04-26 08:17 - 00686080 _____ () C:\Users\s\AppData\Local\Temp\_MEI57762\unicodedata.pyd
2015-04-26 08:17 - 2015-04-26 08:17 - 00122368 _____ () C:\Users\s\AppData\Local\Temp\_MEI57762\wx._wizard.pyd
2015-04-26 08:17 - 2015-04-26 08:17 - 00024064 _____ () C:\Users\s\AppData\Local\Temp\_MEI57762\win32pipe.pyd
2015-04-26 08:17 - 2015-04-26 08:17 - 00010240 _____ () C:\Users\s\AppData\Local\Temp\_MEI57762\select.pyd
2015-04-26 08:17 - 2015-04-26 08:17 - 00025600 _____ () C:\Users\s\AppData\Local\Temp\_MEI57762\win32pdh.pyd
2015-04-26 08:17 - 2015-04-26 08:17 - 00525640 _____ () C:\Users\s\AppData\Local\Temp\_MEI57762\windows._lib_cacheinvalidation.pyd
2015-04-26 08:17 - 2015-04-26 08:17 - 00017408 _____ () C:\Users\s\AppData\Local\Temp\_MEI57762\win32profile.pyd
2015-04-26 08:17 - 2015-04-26 08:17 - 00022528 _____ () C:\Users\s\AppData\Local\Temp\_MEI57762\win32ts.pyd
2015-04-26 08:17 - 2015-04-26 08:17 - 00078336 _____ () C:\Users\s\AppData\Local\Temp\_MEI57762\wx._animate.pyd
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2015-04-14 21:30 - 2015-04-13 23:55 - 01252680 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\libglesv2.dll
2015-04-14 21:30 - 2015-04-13 23:55 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\libegl.dll
2015-04-14 21:30 - 2015-04-13 23:55 - 14980424 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows:4B8B0EFD8D3598FA
AlternateDataStreams: C:\Users\s\SkyDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3594826973-1388458410-1933748121-1001\Control Panel\Desktop\\Wallpaper -> H:\Sonstiges\wallpaper\26426-katana-girl-1920x1080-anime-wallpaper.jpg
HKU\S-1-5-21-3594826973-1388458410-1933748121-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> H:\Sonstiges\wallpaper\26426-katana-girl-1920x1080-anime-wallpaper.jpg
HKU\S-1-5-21-3594826973-1388458410-1933748121-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Control Panel\Desktop\\Wallpaper -> H:\Sonstiges\wallpaper\26426-katana-girl-1920x1080-anime-wallpaper.jpg
DNS Servers: 192.168.5.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "CodecPackUpdateChecker.lnk"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "Nvtmru"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager"
HKU\S-1-5-21-3594826973-1388458410-1933748121-1001\...\StartupApproved\Run: => "CAHeadless"
HKU\S-1-5-21-3594826973-1388458410-1933748121-1001\...\StartupApproved\Run: => "SansaDispatch"
HKU\S-1-5-21-3594826973-1388458410-1933748121-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "CAHeadless"
HKU\S-1-5-21-3594826973-1388458410-1933748121-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "SansaDispatch"
HKU\S-1-5-21-3594826973-1388458410-1933748121-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\StartupApproved\Run: => "CAHeadless"
HKU\S-1-5-21-3594826973-1388458410-1933748121-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\StartupApproved\Run: => "SansaDispatch"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/26/2015 08:17:20 AM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [0]

Error: (04/25/2015 08:11:48 AM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [0]

Error: (04/24/2015 11:31:34 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [6]

Error: (04/24/2015 02:09:56 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [0]

Error: (04/23/2015 08:00:30 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [0]

Error: (04/23/2015 07:27:49 AM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [6]

Error: (04/22/2015 09:28:44 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert
.

Error: (04/20/2015 10:22:25 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest.

Error: (04/20/2015 08:40:43 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest.

Error: (04/20/2015 08:40:43 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest.


System errors:
=============
Error: (04/25/2015 00:05:06 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (04/25/2015 00:05:06 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Avira Email-Schutz" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.

Error: (04/25/2015 00:05:06 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "IIS-Verwaltungsdienst" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Aufführung des konfigurierten Wiederherstellungsp.

Error: (04/25/2015 00:05:02 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Office Software Protection Platform" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (04/25/2015 00:05:02 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NVIDIA Streamer Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (04/25/2015 00:05:02 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NVIDIA GeForce Experience Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (04/25/2015 00:05:02 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NVIDIA Network Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (04/25/2015 00:05:02 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (04/25/2015 00:05:02 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Avira Email-Schutz" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.

Error: (04/25/2015 00:05:02 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.


Microsoft Office Sessions:
=========================
Error: (04/26/2015 08:17:20 AM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [0]

Error: (04/25/2015 08:11:48 AM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [0]

Error: (04/24/2015 11:31:34 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [6]

Error: (04/24/2015 02:09:56 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [0]

Error: (04/23/2015 08:00:30 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [0]

Error: (04/23/2015 07:27:49 AM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [6]

Error: (04/22/2015 09:28:44 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert

Error: (04/20/2015 10:22:25 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (04/20/2015 08:40:43 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifestC:\Users\s\Desktop\esetsmartinstaller_deu.exe

Error: (04/20/2015 08:40:43 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifestC:\Users\s\Desktop\esetsmartinstaller_deu.exe


CodeIntegrity Errors:
===================================
  Date: 2015-04-26 13:26:30.575
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-04-26 13:26:30.377
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-04-26 13:26:30.148
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-04-26 13:26:29.979
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-04-26 13:26:29.793
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-04-26 13:26:29.624
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-04-26 13:26:29.440
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-04-26 13:26:29.267
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-04-26 13:26:29.091
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-04-26 13:26:28.920
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info =========================== 

Processor: AMD FX(tm)-4100 Quad-Core Processor 
Percentage of memory in use: 64%
Total physical RAM: 8174.11 MB
Available physical RAM: 2934.59 MB
Total Pagefile: 10862.11 MB
Available Pagefile: 2842.75 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.45 GB) (Free:24.45 GB) NTFS
Drive d: () (Fixed) (Total:119.24 GB) (Free:20.08 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: F59A644E)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: 8DA8688E)
Partition 1: (Not Active) - (Size=119.2 GB) - (Type=07 NTFS)

==================== End Of Log ============================
--- --- ---
__________________
Alt 26.04.2015, 19:55   #4
M-K-D-B
/// TB-Ausbilder
 
Chrome Virus "gighmmpiobklfepjocnamgkkbiglidom" - Standard

Chrome Virus "gighmmpiobklfepjocnamgkkbiglidom"


Du hast da mindestens eine illegale/gecrackte Software auf deinem Rechner:
Adobe Photoshop CS6
Adobe Photoshop Elements 11

Lesestoff:
Illegale Software: Cracks, Keygens und Co

Bitte lesen => http://www.trojaner-board.de/95393-c...-software.html

Es geht weiter, wenn du alles Illegale entfernt hast.

Bei wiederholten Crack/Keygen Verstößen behalte ich es mir vor, den Support einzustellen, d.h. Hilfe nur noch bei der Datensicherung und Neuinstallation des Betriebssystems.
Alt 26.04.2015, 20:22   #5
BanRi
 
Chrome Virus "gighmmpiobklfepjocnamgkkbiglidom" - Standard

Chrome Virus "gighmmpiobklfepjocnamgkkbiglidom"


oje, entschuldige bitte das ich mich nicht an die Board Regeln gehalten habe.

Software Testweise installiert, nie mit klar gekommen, daher auch nie benutzt.
Habe beide Sachen Deinstalliert und sämtliche Daten gelöscht!

Hier der neue Log


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-04-2015
Ran by s (administrator) on HOME on 26-04-2015 21:18:41
Running from C:\Users\s\Desktop
Loaded Profiles: s (Available profiles: s & DefaultAppPool)
Platform: Windows 8.1 Pro (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\inetinfo.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\System32\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\mqtgsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(ROCCAT GmbH Co., Ltd.) C:\Program Files (x86)\ROCCAT\Roccat Talk\Roccat Talk.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(ROCCAT GmbH) C:\Program Files (x86)\ROCCAT\Kone XTD Mouse\KoneXTDMonitor.exe
() C:\Program Files (x86)\Avanquest\PDF Experte 9 Ultimate\vspdfprsrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [8290584 2013-08-01] (Logitech Inc.)
HKLM\...\Run: [MsmqIntCert] => "C:\WINDOWS\System32\regsvr32.exe" /s "C:\WINDOWS\System32\mqrt.dll"
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2673296 2015-03-28] (NVIDIA Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [726320 2015-03-31] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [RoccatKoneXTD] => C:\Program Files (x86)\ROCCAT\Kone XTD Mouse\KoneXTDMonitor.EXE [552960 2013-10-25] (ROCCAT GmbH)
HKLM-x32\...\Run: [vspdfprsrv.exe] => C:\Program Files (x86)\Avanquest\PDF Experte 9 Ultimate\vspdfprsrv.exe [7012352 2013-05-15] ()
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-3594826973-1388458410-1933748121-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [26232152 2015-02-19] (Google)
HKU\S-1-5-21-3594826973-1388458410-1933748121-1001\...\Run: [SansaDispatch] => C:\Users\s\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe [1465616 2015-01-23] (SanDisk Corporation)
HKU\S-1-5-21-3594826973-1388458410-1933748121-1001\...\MountPoints2: {89c02c83-e392-11e4-bf71-d72739493a21} - "F:\setup.exe" 
HKU\S-1-5-18\...\Run: [AviraSpeedup] => "C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup_internetsecuritysuite.exe" -autorun
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodecPackUpdateChecker.lnk [2014-01-28]
ShortcutTarget: CodecPackUpdateChecker.lnk -> C:\Windows\SysWOW64\C2MP\UpdateChecker.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Roccat Talk.lnk [2014-02-05]
ShortcutTarget: Roccat Talk.lnk -> C:\Windows\Installer\{605D671E-1D1E-4840-84D9-BFACE17F160D}\NewShortcut1_38373BA15BEE4DD08E16D3720C304537.exe (Flexera Software LLC)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-3594826973-1388458410-1933748121-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3594826973-1388458410-1933748121-1001 -> {0985724C-C257-4A78-B6B3-2B1B179EFC01} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=888596&p={searchTerms}
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{1333E452-9BD6-4ADF-9D62-07859AC12D3A}: [NameServer] 192.168.5.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\s\AppData\Roaming\Mozilla\Firefox\Profiles\pTMlo6Wx.default
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2014-12-03] (EA Digital Illusions CE AB)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-25] (Wacom)
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2014-12-03] (EA Digital Illusions CE AB)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-03-13] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-03-13] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2012-12-25] (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeExManDetect -> D:\Adobe\Adobe CS6\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll No File
FF Plugin HKU\S-1-5-21-3594826973-1388458410-1933748121-1001: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-25] (Wacom)
FF Extension: Avira Browser Safety - C:\Users\s\AppData\Roaming\Mozilla\Firefox\Profiles\pTMlo6Wx.default\Extensions\abs@avira.com [2014-12-03]

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.de/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\s\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (ProxFlow) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek [2014-05-31]
CHR Extension: (Google Docs) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-22]
CHR Extension: (Google Drive) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-22]
CHR Extension: (YouTube) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-22]
CHR Extension: (Google Search) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-22]
CHR Extension: (Google Analytics Opt-out Add-on (by Google)) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\fllaojicojecljbmefodhfapmkghcbnh [2014-05-31]
CHR Extension: (Snip-Me - Amazon-Preisalarm) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggbcajkaanddkocabpldmeomjdlgjpag [2014-05-31]
CHR Extension: (BetaFish Adblocker) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-04-25]
CHR Extension: (Bookmark Manager) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-15]
CHR Extension: (Pixlr Express) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\hojmjpdlmjopaeginhldhiokeidchjid [2014-05-31]
CHR Extension: (Online PDF Tools) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\jddfpnmfhodaljeelokfceepbeapgbdn [2014-05-31]
CHR Extension: (Custom Google™ Background) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\jepibmfmhopgkplegmkjgifmhabbjadg [2015-03-07]
CHR Extension: (komoot) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbgbaicglaiooophhbkpkdhpglkbhohb [2014-05-31]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-14]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-04]
CHR Extension: (Hangouts) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2015-03-07]
CHR Extension: (Google Wallet) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-22]
CHR Extension: (Gmail) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-22]
CHR HKU\S-1-5-21-3594826973-1388458410-1933748121-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome - Chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [815920 2015-03-23] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-03-23] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-03-23] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1004280 2015-03-31] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152144 2015-03-28] (NVIDIA Corporation)
R2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [16896 2013-10-31] (Microsoft Corporation)
R2 MSMQ; C:\Windows\system32\mqsvc.exe [25600 2013-10-31] (Microsoft Corporation)
R2 MSMQTriggers; C:\Windows\system32\mqtgsvc.exe [168448 2013-10-31] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1878672 2015-03-28] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [22995600 2015-03-28] (NVIDIA Corporation)
S3 Origin Client Service; D:\Origin\OriginClientService.exe [1930608 2015-03-26] (Electronic Arts)
R2 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [76152 2015-01-06] ()
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2015-01-06] ()
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-07-02] (Microsoft Corporation)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [546304 2013-10-31] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [598808 2013-05-02] (Wacom Technology, Corp.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-03-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132120 2015-03-05] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-10-10] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43576 2015-03-05] (Avira Operations GmbH & Co. KG)
S3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30352 2015-04-15] (Disc Soft Ltd)
S3 LGSHidFilt; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
R3 MQAC; C:\Windows\System32\drivers\mqac.sys [173568 2013-10-31] (Microsoft Corporation)
R3 MTsensor; C:\Windows\system32\DRIVERS\ASACPI.sys [17280 2013-05-17] ()
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-03-28] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-03-18] (Microsoft Corporation)
S3 Ser2pl; \SystemRoot\system32\DRIVERS\ser2pl64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-26 21:18 - 2015-04-26 21:19 - 00023588 _____ () C:\Users\s\Desktop\FRST.txt
2015-04-26 21:18 - 2015-04-26 21:18 - 00000000 ____D () C:\Users\s\Desktop\FRST-OlderVersion
2015-04-26 15:50 - 2015-04-26 16:27 - 00590848 _____ () C:\Users\s\Desktop\Stunden_SvenBöer.xlsx
2015-04-26 13:43 - 2015-04-26 15:50 - 00000000 ____D () C:\Users\s\Desktop\Stunden
2015-04-26 13:30 - 2015-04-26 13:30 - 00041309 _____ () C:\Users\s\Desktop\1Addition.txt
2015-04-26 13:29 - 2015-04-26 21:18 - 00000000 ____D () C:\FRST
2015-04-26 13:29 - 2015-04-26 13:39 - 00052428 _____ () C:\Users\s\Desktop\1FRST.txt
2015-04-26 13:28 - 2015-04-26 21:18 - 02101248 _____ (Farbar) C:\Users\s\Desktop\FRST64.exe
2015-04-25 12:03 - 2015-04-25 12:03 - 02224640 _____ () C:\Users\s\Desktop\adwcleaner_4.202.exe
2015-04-25 10:21 - 2015-04-24 21:25 - 316191928 _____ () C:\Users\s\Downloads\ac.720p.e14.mkv
2015-04-23 14:15 - 2015-04-22 21:28 - 304467827 _____ () C:\Users\s\Downloads\triagex.720p.e03.mkv
2015-04-23 14:15 - 2015-04-17 17:08 - 294389571 _____ () C:\Users\s\Downloads\triagex.720p.e02.mp4
2015-04-23 14:15 - 2015-04-17 16:43 - 289795797 _____ () C:\Users\s\Downloads\triagex.720p.e01.mp4
2015-04-23 13:47 - 2015-04-18 20:17 - 583081914 _____ () C:\Users\s\Downloads\plastic.1080p.e03.mkv
2015-04-23 12:06 - 2015-04-12 21:17 - 548958249 _____ () C:\Users\s\Downloads\plastic.1080p.e02.mkv
2015-04-23 11:26 - 2015-04-11 20:18 - 553148423 _____ () C:\Users\s\Downloads\plastic.1080p.e01.mkv
2015-04-22 14:53 - 2015-04-22 14:53 - 00000000 ____D () C:\Users\s\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader
2015-04-22 09:36 - 2015-03-03 15:17 - 00295552 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-04-22 09:34 - 2015-04-22 09:34 - 00000000 ____D () C:\Users\s\AppData\Local\AviraSpeedup
2015-04-21 18:03 - 2015-04-20 12:04 - 1589627016 _____ () C:\Users\s\Downloads\Gam.of.Thones.S05E02.Ger.Sub.72p.HDTV.x264-iND.mkv
2015-04-21 09:05 - 2015-04-13 16:11 - 1268349959 _____ () C:\Users\s\Downloads\Gam.of.Thones.S05E01.Ger.Sub.72p.HDTV.x264-iND.mkv
2015-04-20 15:43 - 2015-04-20 16:00 - 00000000 ____D () C:\Temp
2015-04-19 22:48 - 2015-04-19 22:48 - 02347384 _____ (ESET) C:\Users\s\Desktop\esetsmartinstaller_deu.exe
2015-04-19 21:57 - 2015-04-20 14:28 - 00000000 ____D () C:\Users\s\AppData\Roaming\ImgBurn
2015-04-19 21:54 - 2015-04-19 21:54 - 00001893 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
2015-04-19 21:54 - 2015-04-19 21:54 - 00001881 _____ () C:\Users\Public\Desktop\ImgBurn.lnk
2015-04-19 21:54 - 2015-04-19 21:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
2015-04-19 21:54 - 2015-04-19 21:54 - 00000000 ____D () C:\Program Files (x86)\ImgBurn
2015-04-16 21:04 - 2015-04-26 13:09 - 00000000 ____D () C:\AdwCleaner
2015-04-16 07:57 - 2015-01-06 05:01 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndproxy.sys
2015-04-16 07:57 - 2015-01-06 04:59 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
2015-04-16 07:57 - 2015-01-06 03:12 - 00185856 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascfg.dll
2015-04-16 07:57 - 2015-01-06 03:02 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rascfg.dll
2015-04-15 22:53 - 2015-04-20 10:35 - 00000000 ____D () C:\Program Files\RC Desk Pilot
2015-04-15 22:22 - 2015-04-15 22:24 - 00000000 ____D () C:\Users\s\AppData\Roaming\DAEMON Tools Lite
2015-04-15 22:22 - 2015-04-15 22:23 - 00030352 _____ (Disc Soft Ltd) C:\WINDOWS\system32\Drivers\dtlitescsibus.sys
2015-04-15 22:21 - 2015-04-15 22:22 - 00000000 ____D () C:\ProgramData\DAEMON Tools Lite
2015-04-15 21:21 - 2015-04-16 21:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Flug-Model-Simulator
2015-04-15 12:16 - 2015-04-15 12:16 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2015-04-15 08:21 - 2015-03-23 23:59 - 07476032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-04-15 08:21 - 2015-03-23 23:59 - 01733952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-04-15 08:21 - 2015-03-23 23:59 - 00360480 _____ (Microsoft Corporation) C:\WINDOWS\system32\sechost.dll
2015-04-15 08:21 - 2015-03-23 23:58 - 01498872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-04-15 08:21 - 2015-03-23 23:45 - 00257216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sechost.dll
2015-04-15 08:21 - 2015-03-23 00:45 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-04-15 08:21 - 2015-03-23 00:09 - 01111552 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-04-15 08:21 - 2015-03-23 00:09 - 00957440 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-04-15 08:21 - 2015-03-23 00:09 - 00769024 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-04-15 08:21 - 2015-03-23 00:09 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-04-15 08:21 - 2015-03-23 00:09 - 00419328 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-04-15 08:21 - 2015-03-23 00:09 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-04-15 08:21 - 2015-03-20 06:12 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2015-04-15 08:21 - 2015-03-20 06:10 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-04-15 08:21 - 2015-03-20 06:10 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-04-15 08:21 - 2015-03-20 05:17 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\tracerpt.exe
2015-04-15 08:21 - 2015-03-20 04:41 - 00369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tracerpt.exe
2015-04-15 08:21 - 2015-03-20 04:40 - 00950784 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2015-04-15 08:21 - 2015-03-20 04:16 - 00749568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2015-04-15 08:21 - 2015-03-14 10:54 - 00133256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-04-15 08:21 - 2015-03-14 03:56 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2015-04-15 08:21 - 2015-03-14 03:56 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-04-15 08:21 - 2015-03-14 03:51 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wu.upgrade.ps.dll
2015-04-15 08:21 - 2015-03-14 03:37 - 00267264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2015-04-15 08:21 - 2015-03-14 03:14 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2015-04-15 08:21 - 2015-03-14 02:22 - 03678720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-04-15 08:21 - 2015-03-14 02:12 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-04-15 08:21 - 2015-03-14 02:12 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-04-15 08:21 - 2015-03-14 02:09 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2015-04-15 08:21 - 2015-03-14 02:08 - 00408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-04-15 08:21 - 2015-03-14 02:08 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-04-15 08:21 - 2015-03-14 02:06 - 02373632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-04-15 08:21 - 2015-03-14 02:06 - 00891392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-04-15 08:21 - 2015-03-14 02:02 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-04-15 08:21 - 2015-03-14 02:02 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-04-15 08:21 - 2015-03-14 01:59 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-04-15 08:21 - 2015-03-14 01:59 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-04-15 08:21 - 2015-03-13 06:32 - 24980480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-04-15 08:21 - 2015-03-13 06:08 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-04-15 08:21 - 2015-03-13 06:07 - 02886144 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-04-15 08:21 - 2015-03-13 05:53 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-04-15 08:21 - 2015-03-13 05:50 - 06025216 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-04-15 08:21 - 2015-03-13 05:42 - 19695616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-04-15 08:21 - 2015-03-13 05:28 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-04-15 08:21 - 2015-03-13 05:26 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-04-15 08:21 - 2015-03-13 05:22 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-04-15 08:21 - 2015-03-13 05:17 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-04-15 08:21 - 2015-03-13 05:16 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-04-15 08:21 - 2015-03-13 05:08 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-04-15 08:21 - 2015-03-13 05:07 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-04-15 08:21 - 2015-03-13 05:00 - 14397440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-04-15 08:21 - 2015-03-13 04:58 - 00259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2015-04-15 08:21 - 2015-03-13 04:50 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-04-15 08:21 - 2015-03-13 04:49 - 04305408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-04-15 08:21 - 2015-03-13 04:45 - 02358784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-04-15 08:21 - 2015-03-13 04:44 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-04-15 08:21 - 2015-03-13 04:37 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll
2015-04-15 08:21 - 2015-03-13 04:34 - 12825600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-04-15 08:21 - 2015-03-13 04:33 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-04-15 08:21 - 2015-03-13 04:22 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-04-15 08:21 - 2015-03-13 04:20 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-04-15 08:21 - 2015-03-13 04:16 - 01311232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-04-15 08:21 - 2015-03-13 04:14 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-04-15 08:21 - 2015-03-04 12:25 - 00377152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2015-04-15 08:21 - 2015-03-04 05:04 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\clfsw32.dll
2015-04-15 08:21 - 2015-03-04 04:19 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clfsw32.dll
2015-04-15 08:21 - 2015-02-24 10:32 - 00991552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2015-04-15 08:21 - 2015-02-21 01:49 - 00780800 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll
2015-04-15 08:21 - 2014-12-03 01:09 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2015-04-13 09:05 - 2015-04-13 09:05 - 00000295 _____ () C:\Users\s\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Papierkorb.lnk
2015-04-07 00:12 - 2015-04-07 00:12 - 00000000 ____D () C:\ProgramData\MULTIFlight
2015-04-07 00:12 - 2015-04-07 00:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MULTIFlight
2015-04-07 00:12 - 2015-04-07 00:12 - 00000000 ____D () C:\Program Files (x86)\MULTIFlight
2015-04-04 15:03 - 2015-04-04 15:03 - 00000000 ___SD () C:\WINDOWS\SysWOW64\GWX
2015-04-04 15:03 - 2015-04-04 15:03 - 00000000 ___SD () C:\WINDOWS\system32\GWX
2015-04-01 19:04 - 2015-04-01 19:04 - 00018321 _____ () C:\WINDOWS\DirectX.log
2015-03-30 21:34 - 2015-03-30 21:35 - 00000000 ____D () C:\Users\s\Documents\Heroes of the Storm
2015-03-30 20:26 - 2015-04-01 12:48 - 00000000 ____D () C:\Users\s\AppData\Local\Battle.net
2015-03-30 20:26 - 2015-03-30 21:34 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment
2015-03-30 20:26 - 2015-03-30 20:27 - 00000000 ____D () C:\Users\s\AppData\Roaming\Battle.net
2015-03-30 20:26 - 2015-03-30 20:26 - 00000000 ____D () C:\Users\s\AppData\Local\Blizzard Entertainment
2015-03-30 20:24 - 2015-03-30 20:24 - 00000000 ____D () C:\ProgramData\Battle.net
2015-03-29 15:45 - 2015-03-29 15:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\u-blox
2015-03-29 15:45 - 2015-03-29 15:45 - 00000000 ____D () C:\Program Files (x86)\u-blox
2015-03-27 12:18 - 2015-04-26 21:05 - 00037770 _____ () C:\WINDOWS\DPINST.LOG
2015-03-27 12:18 - 2015-03-27 12:18 - 00001019 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Arduino.lnk
2015-03-27 12:18 - 2015-03-27 12:18 - 00001007 _____ () C:\Users\Public\Desktop\Arduino.lnk
2015-03-27 12:18 - 2015-03-27 12:18 - 00000000 ____D () C:\Users\s\Documents\Arduino
2015-03-27 12:18 - 2015-03-27 12:18 - 00000000 ____D () C:\Users\s\AppData\Roaming\Arduino15
2015-03-27 12:18 - 2015-03-27 12:18 - 00000000 ____D () C:\Users\s\.jssc
2015-03-27 12:17 - 2015-03-27 12:18 - 00000000 ____D () C:\Program Files (x86)\Arduino
2015-03-27 10:46 - 2015-03-27 10:46 - 00000000 ____D () C:\Users\s\AppData\Roaming\NVIDIA
2015-03-27 10:28 - 2015-04-26 21:09 - 00007862 _____ () C:\WINDOWS\setupact.log
2015-03-27 10:28 - 2015-04-19 22:31 - 00219646 _____ () C:\WINDOWS\PFRO.log
2015-03-27 10:28 - 2015-03-27 10:28 - 00000000 _____ () C:\WINDOWS\setuperr.log

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-26 21:15 - 2013-09-30 06:14 - 01871602 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-04-26 21:15 - 2013-09-30 05:56 - 00804408 _____ () C:\WINDOWS\system32\perfh007.dat
2015-04-26 21:15 - 2013-09-30 05:56 - 00170296 _____ () C:\WINDOWS\system32\perfc007.dat
2015-04-26 21:14 - 2013-10-21 17:16 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3594826973-1388458410-1933748121-1001
2015-04-26 21:11 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\inetsrv
2015-04-26 21:10 - 2014-05-06 00:40 - 01712385 _____ () C:\WINDOWS\WindowsUpdate.log
2015-04-26 21:10 - 2014-01-27 21:35 - 00000000 ___RD () C:\Users\s\Downloads\GoogleDrive
2015-04-26 21:10 - 2013-10-21 19:43 - 00000000 __RDO () C:\Users\s\SkyDrive
2015-04-26 21:09 - 2015-03-24 11:32 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-04-26 21:09 - 2015-01-02 23:28 - 05062712 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-04-26 21:09 - 2014-01-16 19:14 - 00000284 _____ () C:\WINDOWS\Tasks\AutoKMS.job
2015-04-26 21:09 - 2013-10-22 11:40 - 00001124 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-26 21:09 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-04-26 21:08 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-04-26 21:03 - 2014-02-04 20:53 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2015-04-26 21:03 - 2013-10-24 10:16 - 00000000 ____D () C:\ProgramData\Adobe
2015-04-26 21:03 - 2013-10-24 10:16 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-04-26 21:03 - 2013-10-21 17:02 - 00000000 ____D () C:\Users\s\AppData\Roaming\Adobe
2015-04-26 21:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-04-26 20:55 - 2015-03-24 17:55 - 00000929 _____ () C:\WINDOWS\Tasks\EPSON XP-322 323 325 Series Update {A4B7AC65-10C9-43CF-B46E-D9311A9A1A5B}.job
2015-04-26 20:29 - 2013-10-22 11:40 - 00001128 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-26 13:55 - 2011-10-23 22:42 - 00000000 ____D () C:\Users\s\Downloads\02_Musik
2015-04-26 13:43 - 2013-03-03 08:40 - 00000000 ____D () C:\Users\s\Downloads\07_JDownloader
2015-04-26 13:42 - 2013-01-22 20:03 - 00000000 ____D () C:\Users\s\Downloads\03_Software
2015-04-26 12:54 - 2015-01-02 23:12 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-04-26 12:27 - 2012-08-21 21:20 - 00000000 ____D () C:\Users\s\Downloads\05_Arbeit
2015-04-26 08:40 - 2015-03-04 17:58 - 00000000 ____D () C:\Program Files (x86)\Mission Planner
2015-04-25 18:36 - 2015-03-01 22:02 - 00000000 ____D () C:\Users\s\apmplanner2
2015-04-22 18:38 - 2014-04-27 07:43 - 00000000 ____D () C:\Users\DefaultAppPool
2015-04-22 14:53 - 2013-10-31 15:17 - 00000000 ____D () C:\Program Files (x86)\JDownloader
2015-04-22 09:36 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-04-22 09:32 - 2013-10-24 10:16 - 00000000 ____D () C:\Users\s\AppData\Local\Adobe
2015-04-19 20:01 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-04-17 07:23 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-04-16 22:36 - 2013-10-22 12:06 - 00000000 ____D () C:\Users\s\AppData\Roaming\vlc
2015-04-16 21:05 - 2013-12-01 18:16 - 00000000 ____D () C:\Users\s\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-04-16 21:05 - 2013-10-22 11:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-04-16 21:05 - 2013-10-21 19:42 - 00000999 _____ () C:\Users\s\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-04-16 13:04 - 2013-10-21 19:35 - 00000000 ____D () C:\Users\s
2015-04-16 12:29 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-04-16 08:13 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppCompat
2015-04-16 07:55 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\Cursors
2015-04-15 22:19 - 2014-11-10 18:46 - 00000041 ___SH () C:\ProgramData\.zreglib
2015-04-15 12:16 - 2014-12-03 09:44 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2015-04-15 09:59 - 2014-01-16 19:00 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-15 09:59 - 2013-10-21 17:49 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-04-15 09:55 - 2013-10-21 17:49 - 128913832 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-04-14 01:24 - 2013-08-22 17:38 - 00792056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-04-14 01:24 - 2013-08-22 17:38 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-12 13:33 - 2014-02-05 14:32 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-04-10 07:23 - 2014-05-23 08:14 - 00000000 ____D () C:\ProgramData\Package Cache
2015-04-10 07:23 - 2013-10-21 17:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-04-10 07:23 - 2013-10-21 17:14 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-04-07 10:01 - 2015-03-01 22:02 - 00000000 ____D () C:\Users\s\mapscache
2015-04-01 23:49 - 2014-12-31 19:56 - 00000000 ____D () C:\ProgramData\Origin
2015-03-29 15:32 - 2015-03-04 23:38 - 00000149 _____ () C:\Users\s\Documents\diagnostic.ubx
2015-03-29 12:29 - 2015-03-24 17:54 - 00000000 ____D () C:\ProgramData\EPSON
2015-03-28 11:11 - 2014-05-02 13:37 - 00000000 ____D () C:\Users\s\AppData\Roaming\PhotoScape
2015-03-28 05:44 - 2014-07-29 18:37 - 01316000 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2015-03-28 05:44 - 2013-11-09 00:46 - 01316000 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2015-03-28 05:43 - 2014-07-29 18:37 - 01756424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2015-03-28 05:43 - 2013-11-09 00:46 - 01570672 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll

==================== Files in the root of some directories =======

2015-01-13 01:04 - 2015-01-13 22:55 - 0000600 _____ () C:\Users\s\AppData\Roaming\winscp.rnd
2014-10-01 20:15 - 2014-10-01 20:15 - 0004096 ____H () C:\Users\s\AppData\Local\keyfile3.drm
2015-01-13 01:00 - 2015-03-12 13:53 - 0000600 _____ () C:\Users\s\AppData\Local\PUTTY.RND
2014-06-13 16:47 - 2015-03-25 08:22 - 0007597 _____ () C:\Users\s\AppData\Local\Resmon.ResmonCfg
2014-11-10 18:46 - 2015-04-15 22:19 - 0000041 ___SH () C:\ProgramData\.zreglib
1999-07-07 02:00 - 1999-07-07 02:00 - 0000006 __RSH () C:\ProgramData\DE280AC2-0786-4476-96E5-D6E6370396FE

Some content of TEMP:
====================
C:\Users\s\AppData\Local\Temp\avgnt.exe
C:\Users\s\AppData\Local\Temp\i4jdel0.exe
C:\Users\s\AppData\Local\Temp\proxy_vole6848895154067636924.dll
C:\Users\s\AppData\Local\Temp\readSTILog.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-23 09:59

==================== End Of Log ============================
--- --- ---




FRST Additions Logfile:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-04-2015
Ran by s at 2015-04-26 21:19:27
Running from C:\Users\s\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3594826973-1388458410-1933748121-500 - Administrator - Disabled)
Gast (S-1-5-21-3594826973-1388458410-1933748121-501 - Limited - Disabled)
s (S-1-5-21-3594826973-1388458410-1933748121-1001 - Administrator - Enabled) => C:\Users\s

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AAVUpdateManager (HKLM-x32\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Arduino (HKLM-x32\...\Arduino) (Version: 1.6.1 - Arduino LLC)
Avira (HKLM-x32\...\{b5675cc4-ab8b-4945-8c1d-4c5479556d6a}) (Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.9.504 - Avira Operations GmbH & Co. KG)
Battlefield: Bad Company™ 2 (HKLM-x32\...\{3AC8457C-0385-4BEA-A959-E095F05D6D67}) (Version: 1.0.1.0 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.6.2 - EA Digital Illusions CE AB)
DNDownloader version 1.2 (HKLM-x32\...\DNDownloader_is1) (Version: 1.2 - )
Druckerdeinstallation für EPSON XP-322 323 325 Series (HKLM\...\EPSON XP-322 323 325 Series) (Version:  - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EXPERTool v8.9 (HKLM-x32\...\{551D9481-9487-4D0C-9A1D-6BC3E7B6D991}_is1) (Version: 8.9.7.3 - Gainward Co. Ltd.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.90 - Google Inc.)
Google Drive (HKLM-x32\...\{6C36881B-0E51-4231-9D02-BF2149664D34}) (Version: 1.20.8672.3137 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Helium (HKLM-x32\...\{9A781940-AC41-4D5E-8E1E-76A04B916FB9}) (Version: 1.0.0 - ClockworkMod)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Logitech Gaming Software 8.50 (HKLM\...\Logitech Gaming Software) (Version: 8.50.281 - Logitech Inc.)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Media Player Codec Pack 4.3.0 (HKLM-x32\...\Media Player - Codec Pack) (Version: 4.3.0 - Media Player Codec Pack)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mission Planner (HKLM-x32\...\{2C6E91C8-8B1B-479F-9BBD-545AF60F09E0}) (Version: 1.3.19 - Michael Oborne)
MULTIFlight (HKLM-x32\...\MULTIFlight) (Version:  - Multiplex Modellsport GmbH & Co.KG)
NARUTO SHIPPUDEN: Ultimate Ninja STORM 3 Full Burst (HKLM-x32\...\Steam App 234670) (Version:  - CyberConnect 2)
NVIDIA 3D Vision Controller-Treiber 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 347.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.88 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.4.1.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.1.21 - NVIDIA Corporation)
NVIDIA Grafiktreiber 347.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.88 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
OpenOffice 4.1.1 Language Pack (German) (HKLM-x32\...\{68AF7AB8-E018-40D9-B703-0129274FDBAE}) (Version: 4.11.9775 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.5.3.636 - Electronic Arts, Inc.)
PDF Experte 9 Ultimate (HKLM-x32\...\{FC279721-37A6-4777-AFD8-7A56681EBA14}) (Version:  - )
PDF24 Creator 6.9.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
ROCCAT Kone XTD Mouse Driver (HKLM-x32\...\{7133137D-DF48-4522-AD88-13C82B7D0A63}) (Version:  - Roccat GmbH)
Roccat Talk (HKLM-x32\...\{605D671E-1D1E-4840-84D9-BFACE17F160D}) (Version: 1.00.0002 - Roccat GmbH)
Sansa Updater (HKU\S-1-5-21-3594826973-1388458410-1933748121-1001\...\Sansa Updater) (Version: 1.406 - SanDisk Corporation)
SDFormatter (HKLM-x32\...\{179324FF-7B16-4BA8-9836-055CAAEE4F08}) (Version: 4.0.0 - SD Association)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
SHIELD Streaming (Version: 4.1.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.4.1.21 - NVIDIA Corporation) Hidden
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
SteuerSparErklärung 2014 (HKLM-x32\...\{A463EB06-22A6-47F5-9593-E52B291EF13E}) (Version: 19.12.92 - Akademische Arbeitsgemeinschaft)
SteuerSparErklärung 2015 (HKLM-x32\...\{312C0E08-8F94-4536-AAF6-3413F784AC5F}) (Version: 20.24.112 - Akademische Arbeitsgemeinschaft)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
Titanfall™ (HKLM-x32\...\{347EE0C3-0690-48F6-A231-53853C2A80D6}) (Version: 1.0.10.1 - Electronic Arts)
u-center (HKLM-x32\...\{A385DF8C-7E17-4C6C-998F-96FDC10BCE96}) (Version: 7.0.2.1 - u-blox)
Universal Adb Driver (HKLM-x32\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Wacom Tablett (HKLM\...\Wacom Tablet Driver) (Version: 6.3.6b5 - Wacom Technology Corp.)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.3 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.3 - Wacom Technology Corp.)
Win32DiskImager version 0.9.5 (HKLM-x32\...\{D074CE74-912A-4AD3-A0BF-3937D9D01F17}_is1) (Version: 0.9.5 - ImageWriter Developers)
Windows-Treiberpaket - 3D Robotics (usbser) Ports  (01/01/2015 2.0.0.9) (HKLM\...\75690F2C86F7BE1E9F51D6D0CC84D4D7C203E6B5) (Version: 01/01/2015 2.0.0.9 - 3D Robotics)
Windows-Treiberpaket - 3D Robotics (usbser) Ports  (01/01/2015 2.0.0.9) (HKLM\...\E5BE0983C0C60432B42B39114C40C1931CE1AE00) (Version: 01/01/2015 2.0.0.9 - 3D Robotics)
Windows-Treiberpaket - Arduino LLC (www.arduino.cc) (usbser) Ports  (01/01/2015 2.0.0.9) (HKLM\...\86FE9521DE7ABE24A00FABF1A36DFEA326A2B95B) (Version: 01/01/2015 2.0.0.9 - Arduino LLC (www.arduino.cc))
Windows-Treiberpaket - u-blox AG (ubloxusb) Ports  (05/09/2012 1.2.0.6) (HKLM\...\7DCB6F90653EABCA4FDB3A94511F5371C9D34C51) (Version: 05/09/2012 1.2.0.6 - u-blox AG)
Windows-Treiberpaket - u-blox AG (ubloxusb) Ports  (07/03/2013 1.2.0.8) (HKLM\...\FD26D50F08971338088D01BEDED393EC9F9C4FA7) (Version: 07/03/2013 1.2.0.8 - u-blox AG)
WinRAR 5.00 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3594826973-1388458410-1933748121-1001_Classes\CLSID\{092dfa86-5807-5a94-bf3b-5a53ba9e5308}\InprocServer32 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)

==================== Restore Points  =========================

22-04-2015 09:28:43 Avira System Speedup 1.6.3
26-04-2015 20:59:08 Removed Adobe Photoshop Elements 11.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2014-01-15 11:18 - 00001030 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 na1r.services.adobe.com 
127.0.0.1 hlrcv.stage.adobe.com 
127.0.0.1 lmlicenses.wip4.adobe.com 
127.0.0.1 lm.licenses.adobe.com 
127.0.0.1 activate.adobe.com 
127.0.0.1 practivate.adobe.com 


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {17124A12-B0AA-48B1-A119-D52F008A9584} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-22] (Google Inc.)
Task: {3D10BDA8-3416-4CB8-85DD-36B1E1AAE8E1} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-04-15] (Microsoft Corporation)
Task: {4677EDF6-3647-440B-979A-19464D1B3746} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {4D530DFC-C28F-4E39-ACFD-81DF8AEDCD6F} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {6739EA80-646B-421C-849B-5AEB54E7C110} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-22] (Google Inc.)
Task: {73395519-CCAB-489B-A3A9-6A8C3069907F} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
Task: {7714CA0C-9069-46D8-930C-2E213DA86569} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {79388E14-7DB2-4DFC-A0A7-BD9CC33425A5} - System32\Tasks\EPSON XP-322 323 325 Series Update {A4B7AC65-10C9-43CF-B46E-D9311A9A1A5B} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSNEE.EXE [2013-11-22] (SEIKO EPSON CORPORATION)
Task: {BDC2C40D-F181-4C59-85D1-907F12585642} - System32\Tasks\{0C43FB44-1C71-4D7A-A2FD-9097DCF40188} => pcalua.exe -a C:\Users\s\AppData\Local\Unity\WebPlayer\Uninstall.exe -c /CurrentUser
Task: {BEEBCE3A-45FB-41B9-BE9A-3B4B7E2132AE} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {F2DF14B4-CD1C-437E-9BEA-DF11EFB6CABD} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
Task: C:\WINDOWS\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe
Task: C:\WINDOWS\Tasks\EPSON XP-322 323 325 Series Update {A4B7AC65-10C9-43CF-B46E-D9311A9A1A5B}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSNEE.EXE:/EXE:{A4B7AC65-10C9-43CF-B46E-D9311A9A1A5B} /F:UpdateWORKGROUP\HOME$
Searches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2015-03-24 11:32 - 2015-03-13 18:16 - 00118472 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-01-06 02:48 - 2015-01-06 02:48 - 00076152 _____ () C:\WINDOWS\system32\PnkBstrA.exe
2014-12-31 16:39 - 2013-05-02 20:05 - 01185048 ____N () C:\Program Files\Tablet\Wacom\libxml2.dll
2015-02-01 22:46 - 2013-05-15 16:13 - 07012352 _____ () C:\Program Files (x86)\Avanquest\PDF Experte 9 Ultimate\vspdfprsrv.exe
2015-04-22 09:38 - 2015-03-28 05:45 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-04-26 21:09 - 2015-04-26 21:09 - 00098816 _____ () C:\Users\s\AppData\Local\Temp\_MEI13522\win32api.pyd
2015-04-26 21:09 - 2015-04-26 21:09 - 00110080 _____ () C:\Users\s\AppData\Local\Temp\_MEI13522\pywintypes27.dll
2015-04-26 21:09 - 2015-04-26 21:09 - 00364544 _____ () C:\Users\s\AppData\Local\Temp\_MEI13522\pythoncom27.dll
2015-04-26 21:09 - 2015-04-26 21:09 - 00045568 _____ () C:\Users\s\AppData\Local\Temp\_MEI13522\_socket.pyd
2015-04-26 21:09 - 2015-04-26 21:09 - 01161216 _____ () C:\Users\s\AppData\Local\Temp\_MEI13522\_ssl.pyd
2015-04-26 21:09 - 2015-04-26 21:09 - 00320512 _____ () C:\Users\s\AppData\Local\Temp\_MEI13522\win32com.shell.shell.pyd
2015-04-26 21:09 - 2015-04-26 21:09 - 00713216 _____ () C:\Users\s\AppData\Local\Temp\_MEI13522\_hashlib.pyd
2015-04-26 21:09 - 2015-04-26 21:09 - 01175040 _____ () C:\Users\s\AppData\Local\Temp\_MEI13522\wx._core_.pyd
2015-04-26 21:09 - 2015-04-26 21:09 - 00805888 _____ () C:\Users\s\AppData\Local\Temp\_MEI13522\wx._gdi_.pyd
2015-04-26 21:09 - 2015-04-26 21:09 - 00811008 _____ () C:\Users\s\AppData\Local\Temp\_MEI13522\wx._windows_.pyd
2015-04-26 21:09 - 2015-04-26 21:09 - 01062400 _____ () C:\Users\s\AppData\Local\Temp\_MEI13522\wx._controls_.pyd
2015-04-26 21:09 - 2015-04-26 21:09 - 00735232 _____ () C:\Users\s\AppData\Local\Temp\_MEI13522\wx._misc_.pyd
2015-04-26 21:09 - 2015-04-26 21:09 - 00682496 _____ () C:\Users\s\AppData\Local\Temp\_MEI13522\pysqlite2._sqlite.pyd
2015-04-26 21:09 - 2015-04-26 21:09 - 00128512 _____ () C:\Users\s\AppData\Local\Temp\_MEI13522\_elementtree.pyd
2015-04-26 21:09 - 2015-04-26 21:09 - 00127488 _____ () C:\Users\s\AppData\Local\Temp\_MEI13522\pyexpat.pyd
2015-04-26 21:09 - 2015-04-26 21:09 - 00087552 _____ () C:\Users\s\AppData\Local\Temp\_MEI13522\_ctypes.pyd
2015-04-26 21:09 - 2015-04-26 21:09 - 00119808 _____ () C:\Users\s\AppData\Local\Temp\_MEI13522\win32file.pyd
2015-04-26 21:09 - 2015-04-26 21:09 - 00108544 _____ () C:\Users\s\AppData\Local\Temp\_MEI13522\win32security.pyd
2015-04-26 21:09 - 2015-04-26 21:09 - 00007168 _____ () C:\Users\s\AppData\Local\Temp\_MEI13522\hashobjs_ext.pyd
2015-04-26 21:09 - 2015-04-26 21:09 - 00167936 _____ () C:\Users\s\AppData\Local\Temp\_MEI13522\win32gui.pyd
2015-04-26 21:09 - 2015-04-26 21:09 - 00018432 _____ () C:\Users\s\AppData\Local\Temp\_MEI13522\win32event.pyd
2015-04-26 21:09 - 2015-04-26 21:09 - 00038912 _____ () C:\Users\s\AppData\Local\Temp\_MEI13522\win32inet.pyd
2015-04-26 21:09 - 2015-04-26 21:09 - 00011264 _____ () C:\Users\s\AppData\Local\Temp\_MEI13522\win32crypt.pyd
2015-04-26 21:09 - 2015-04-26 21:09 - 00070656 _____ () C:\Users\s\AppData\Local\Temp\_MEI13522\wx._html2.pyd
2015-04-26 21:09 - 2015-04-26 21:09 - 00027136 _____ () C:\Users\s\AppData\Local\Temp\_MEI13522\_multiprocessing.pyd
2015-04-26 21:09 - 2015-04-26 21:09 - 00020480 _____ () C:\Users\s\AppData\Local\Temp\_MEI13522\_yappi.pyd
2015-04-26 21:09 - 2015-04-26 21:09 - 00035840 _____ () C:\Users\s\AppData\Local\Temp\_MEI13522\win32process.pyd
2015-04-26 21:09 - 2015-04-26 21:09 - 00686080 _____ () C:\Users\s\AppData\Local\Temp\_MEI13522\unicodedata.pyd
2015-04-26 21:09 - 2015-04-26 21:09 - 00122368 _____ () C:\Users\s\AppData\Local\Temp\_MEI13522\wx._wizard.pyd
2015-04-26 21:09 - 2015-04-26 21:09 - 00024064 _____ () C:\Users\s\AppData\Local\Temp\_MEI13522\win32pipe.pyd
2015-04-26 21:09 - 2015-04-26 21:09 - 00010240 _____ () C:\Users\s\AppData\Local\Temp\_MEI13522\select.pyd
2015-04-26 21:09 - 2015-04-26 21:09 - 00025600 _____ () C:\Users\s\AppData\Local\Temp\_MEI13522\win32pdh.pyd
2015-04-26 21:09 - 2015-04-26 21:09 - 00525640 _____ () C:\Users\s\AppData\Local\Temp\_MEI13522\windows._lib_cacheinvalidation.pyd
2015-04-26 21:09 - 2015-04-26 21:09 - 00017408 _____ () C:\Users\s\AppData\Local\Temp\_MEI13522\win32profile.pyd
2015-04-26 21:09 - 2015-04-26 21:09 - 00022528 _____ () C:\Users\s\AppData\Local\Temp\_MEI13522\win32ts.pyd
2015-04-26 21:09 - 2015-04-26 21:09 - 00078336 _____ () C:\Users\s\AppData\Local\Temp\_MEI13522\wx._animate.pyd
2014-02-05 14:32 - 2012-06-17 12:20 - 00061440 _____ () C:\Program Files (x86)\ROCCAT\Kone XTD Mouse\hiddriver.dll
2015-02-01 22:46 - 2013-05-15 16:13 - 01185792 _____ () C:\Program Files (x86)\Avanquest\PDF Experte 9 Ultimate\TMSlite170.bpl
2015-02-01 22:46 - 2013-05-14 21:55 - 00089600 _____ () C:\Program Files (x86)\Avanquest\PDF Experte 9 Ultimate\vspropsaver170.bpl
2015-02-01 22:46 - 2013-05-15 16:13 - 04993024 _____ () C:\Program Files (x86)\Avanquest\PDF Experte 9 Ultimate\vspdfcore170.bpl
2015-02-01 22:46 - 2013-05-16 16:56 - 00077312 _____ () C:\Program Files (x86)\Avanquest\PDF Experte 9 Ultimate\expertpdfcore170.bpl
2015-02-01 22:46 - 2013-05-14 21:55 - 02532864 _____ () C:\Program Files (x86)\Avanquest\PDF Experte 9 Ultimate\vsvector170.bpl
2015-02-01 22:46 - 2013-05-15 16:13 - 02787328 _____ () C:\Program Files (x86)\Avanquest\PDF Experte 9 Ultimate\BBlite170.bpl
2015-02-01 22:46 - 2013-05-15 16:13 - 00066560 _____ () C:\Program Files (x86)\Avanquest\PDF Experte 9 Ultimate\vsprinters170.bpl
2015-02-01 22:46 - 2013-05-14 21:55 - 00065024 _____ () C:\Program Files (x86)\Avanquest\PDF Experte 9 Ultimate\vspdfprinter170.bpl
2015-02-01 22:46 - 2013-05-06 18:23 - 01948912 _____ () C:\Program Files (x86)\Avanquest\PDF Experte 9 Ultimate\js32.dll
2015-02-01 22:46 - 2013-05-15 16:13 - 00533504 _____ () C:\Program Files (x86)\Avanquest\PDF Experte 9 Ultimate\vspdfeditor170.bpl
2015-02-01 22:46 - 2013-05-15 16:13 - 00025600 _____ () C:\Program Files (x86)\Avanquest\PDF Experte 9 Ultimate\vstrees170.bpl
2015-04-14 21:30 - 2015-04-13 23:55 - 01252680 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\libglesv2.dll
2015-04-14 21:30 - 2015-04-13 23:55 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\libegl.dll
2015-04-14 21:30 - 2015-04-13 23:55 - 14980424 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows:4B8B0EFD8D3598FA
AlternateDataStreams: C:\Users\s\SkyDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3594826973-1388458410-1933748121-1001\Control Panel\Desktop\\Wallpaper -> H:\Sonstiges\wallpaper\26426-katana-girl-1920x1080-anime-wallpaper.jpg
DNS Servers: 192.168.5.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "CodecPackUpdateChecker.lnk"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "Nvtmru"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager"
HKU\S-1-5-21-3594826973-1388458410-1933748121-1001\...\StartupApproved\Run: => "CAHeadless"
HKU\S-1-5-21-3594826973-1388458410-1933748121-1001\...\StartupApproved\Run: => "SansaDispatch"

==================== FirewallRules (whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

FirewallRules: [Wininit-Shutdown-In-Rule-TCP-RPC] => (Allow) %systemroot%\system32\wininit.exe
FirewallRules: [Wininit-Shutdown-In-Rule-TCP-RPC-EPMapper] => (Allow) %systemroot%\system32\wininit.exe
FirewallRules: [ProximityUxHost-Sharing-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\proximityuxhost.exe
FirewallRules: [ProximityUxHost-Sharing-Out-TCP-NoScope] => (Allow) %SystemRoot%\system32\proximityuxhost.exe
FirewallRules: [NETDIS-DAS-In-UDP-Active] => (Allow) %SystemRoot%\system32\dashost.exe
FirewallRules: [NETDIS-DAS-In-UDP] => (Allow) %SystemRoot%\system32\dashost.exe
FirewallRules: [EventForwarder-In-TCP] => (Allow) %SystemRoot%\system32\NetEvtFwdr.exe
FirewallRules: [TPMVSCMGR-Server-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\RmtTpmVscMgrSvr.exe
FirewallRules: [TPMVSCMGR-Server-Out-TCP-NoScope] => (Allow) %SystemRoot%\system32\RmtTpmVscMgrSvr.exe
FirewallRules: [TPMVSCMGR-Server-In-TCP] => (Allow) %SystemRoot%\system32\RmtTpmVscMgrSvr.exe
FirewallRules: [TPMVSCMGR-Server-Out-TCP] => (Allow) %SystemRoot%\system32\RmtTpmVscMgrSvr.exe
FirewallRules: [PlayTo-In-UDP-NoScope] => (Allow) %SystemRoot%\system32\mdeserver.exe
FirewallRules: [PlayTo-In-UDP-LocalSubnetScope] => (Allow) %SystemRoot%\system32\mdeserver.exe
FirewallRules: [PlayTo-In-UDP-PlayToScope] => (Allow) %SystemRoot%\system32\mdeserver.exe
FirewallRules: [PlayTo-Out-UDP-NoScope] => (Allow) %SystemRoot%\system32\mdeserver.exe
FirewallRules: [PlayTo-Out-UDP-LocalSubnetScope] => (Allow) %SystemRoot%\system32\mdeserver.exe
FirewallRules: [PlayTo-Out-UDP-PlayToScope] => (Allow) %SystemRoot%\system32\mdeserver.exe
FirewallRules: [PlayTo-In-RTSP-NoScope] => (Allow) %SystemRoot%\system32\mdeserver.exe
FirewallRules: [PlayTo-In-RTSP-LocalSubnetScope] => (Allow) %SystemRoot%\system32\mdeserver.exe
FirewallRules: [PlayTo-In-RTSP-PlayToScope] => (Allow) %SystemRoot%\system32\mdeserver.exe
FirewallRules: [WFDPRINT-DAFWSD-In-Active] => (Allow) %SystemRoot%\system32\dashost.exe
FirewallRules: [WFDPRINT-DAFWSD-Out-Active] => (Allow) %SystemRoot%\system32\dashost.exe
FirewallRules: [RemoteDesktop-Shadow-In-TCP] => (Allow) %SystemRoot%\system32\RdpSa.exe
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [{B045B430-A659-433A-98D9-6CC034C6C2AF}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [{3B8BEFF2-8667-4898-A117-AD21DB5486EB}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [{9475951F-6B56-454F-9F27-C28B09ECF92C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{BE5501F9-1F33-44EA-B70E-FFE4CCC00779}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{FE906EFC-8C26-4DBD-B458-C2A404182FB2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{A00390CC-6A8E-4DBD-9586-16FCA1C92D1F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [TCP Query User{FCC13315-E993-4372-93CE-C66BE0E155B5}C:\program files (x86)\jdownloader\jre\bin\javaw.exe] => (Allow) C:\program files (x86)\jdownloader\jre\bin\javaw.exe
FirewallRules: [UDP Query User{F22525E6-F9D3-4D19-A3AE-98DAC076A78B}C:\program files (x86)\jdownloader\jre\bin\javaw.exe] => (Allow) C:\program files (x86)\jdownloader\jre\bin\javaw.exe
FirewallRules: [{CE15A5DB-C75F-4F69-851A-CF4313A715D1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{D4CBE62C-26EA-4985-BC83-E6BDCD3D659C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{8425F546-9E82-40FA-A46C-1C81AEE1E06A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{4F7C391F-AAC3-4CCC-B3F4-6D9FCD37DB4B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{F1EF356C-E593-4CB8-BB49-ED5F0A6C7547}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{3150D9DB-25A9-4F72-8A5F-4287D83DD4CD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{219F0F56-4842-48EA-A6A6-B59A23FC014D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{B0309D70-ED48-43E9-A981-A4A3166174CA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{58AC6098-40CE-450A-8556-B1F6AE10C78B}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{FB82FC6C-F878-4168-86E8-48775B86E7AC}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{62FFDA57-DA2A-420D-A3CA-E12CEB56AF07}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{F91BDABD-62FF-4FD3-AC64-F6567CACBD24}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{B66E6BDE-DD60-4DBB-8CF7-6B472AAB3D56}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{414090EE-DB88-41D1-8A00-160C0B81F07F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{65D8C19D-106A-49B5-B107-93CC6C7F04F5}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{2DA585E8-DF67-4E52-A36C-CA67FA067F64}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{087816C0-E2AA-4A58-9154-AC8E8667F7C5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{D250874E-FBB4-403D-B833-C231F691B500}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{AD0806C8-AB04-4E4E-BA2A-32CBF135CAD6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{8778653C-194A-4CF4-A586-8C37222149EE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{EE8432AD-EE73-4F3A-8726-4806EEEC7FCC}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTE.EXE
FirewallRules: [{5CB598E9-2DED-406C-A806-053784E4C321}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTE.EXE
FirewallRules: [TCP Query User{B7695911-64A6-4CA9-BE50-3788F4F21497}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [UDP Query User{F1E06132-40C1-43EA-A376-B46162A54AF3}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [{61A243B1-25FB-4F26-A266-0A8898432A99}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE
FirewallRules: [{A2B98E58-B73C-4762-81CC-CD19119D6BDC}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE
FirewallRules: [TCP Query User{94B681B3-9815-4DF6-9F66-9B05B51A5B46}E:\easysetupassistant\tl-wdr3600\easysetupassistant.exe] => (Allow) E:\easysetupassistant\tl-wdr3600\easysetupassistant.exe
FirewallRules: [UDP Query User{AD2F893E-67DD-445F-90D1-7725C6AD1D81}E:\easysetupassistant\tl-wdr3600\easysetupassistant.exe] => (Allow) E:\easysetupassistant\tl-wdr3600\easysetupassistant.exe
FirewallRules: [{CBBCF43D-4FCE-4203-87A6-567A199C2AAE}] => (Allow) D:\Steam\SteamApps\common\NARUTO SHIPPUDEN Ultimate Ninja STORM 3 Full Burst\NS3FB_launcher.exe
FirewallRules: [{7BB1AA7E-F5F2-444D-890D-C1FB1BAD3790}] => (Allow) D:\Steam\SteamApps\common\NARUTO SHIPPUDEN Ultimate Ninja STORM 3 Full Burst\NS3FB_launcher.exe
FirewallRules: [TCP Query User{ECFB131C-F0EA-4FEA-B953-3734F3C809EB}D:\steam\steamapps\common\naruto shippuden ultimate ninja storm 3 full burst\ns3fb.exe] => (Allow) D:\steam\steamapps\common\naruto shippuden ultimate ninja storm 3 full burst\ns3fb.exe
FirewallRules: [UDP Query User{67C2BD29-3E03-4CD4-BE0B-54B932B4FF5C}D:\steam\steamapps\common\naruto shippuden ultimate ninja storm 3 full burst\ns3fb.exe] => (Allow) D:\steam\steamapps\common\naruto shippuden ultimate ninja storm 3 full burst\ns3fb.exe
FirewallRules: [{CD198907-58AC-4EF5-90F7-EA0DDF89F035}] => (Allow) D:\Steam\bin\steamwebhelper.exe
FirewallRules: [{53820AF7-5667-4A6E-B00D-5EBB38D6B5D0}] => (Allow) D:\Steam\bin\steamwebhelper.exe
FirewallRules: [{E6D9C79A-D956-4F9E-B83C-927661DF1CC5}] => (Allow) D:\Program Files (x86)\Origin Games\Battlefield Bad Company 2\BFBC2Game.exe
FirewallRules: [{9460BDE8-95B7-4A64-B7DB-3D9CBBB79D15}] => (Allow) D:\Program Files (x86)\Origin Games\Battlefield Bad Company 2\BFBC2Game.exe
FirewallRules: [{18D2BEDE-3596-4084-BBFA-29DCC4C26DC8}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{DEBAE4EA-66BD-421D-B257-00AAC9FCFF23}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{32ECDE8C-8479-467F-9730-6272B812A3B8}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{D036600F-B726-4B20-94AA-6DE28C2253A6}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [TCP Query User{C5CFE0A3-69ED-4E1D-B4AE-19283EE55B9B}H:\sonstiges\portable mal updater 2\malupdaterportable.exe] => (Allow) H:\sonstiges\portable mal updater 2\malupdaterportable.exe
FirewallRules: [UDP Query User{A2CBA3C1-C54E-49D8-971A-47CD3855CE8A}H:\sonstiges\portable mal updater 2\malupdaterportable.exe] => (Allow) H:\sonstiges\portable mal updater 2\malupdaterportable.exe
FirewallRules: [TCP Query User{E6411B6C-26D6-4F89-85C5-3F2F82886EFC}C:\program files (x86)\apmplanner2\apmplanner2.exe] => (Allow) C:\program files (x86)\apmplanner2\apmplanner2.exe
FirewallRules: [UDP Query User{6ACC6F20-A0B7-434C-8CFB-7359977C4E50}C:\program files (x86)\apmplanner2\apmplanner2.exe] => (Allow) C:\program files (x86)\apmplanner2\apmplanner2.exe
FirewallRules: [TCP Query User{2B52317E-E25D-4125-8121-49E572996F87}C:\program files (x86)\apmplanner2\apmplanner2.exe] => (Allow) C:\program files (x86)\apmplanner2\apmplanner2.exe
FirewallRules: [UDP Query User{D808E643-D367-4E0E-B323-6128B83B248E}C:\program files (x86)\apmplanner2\apmplanner2.exe] => (Allow) C:\program files (x86)\apmplanner2\apmplanner2.exe
FirewallRules: [TCP Query User{DE3EC9A0-0A84-4467-B9CE-58695302A8F8}C:\program files (x86)\mission planner\missionplanner.exe] => (Allow) C:\program files (x86)\mission planner\missionplanner.exe
FirewallRules: [UDP Query User{C593EC15-2E8A-44F7-9B67-3BA30AEA702B}C:\program files (x86)\mission planner\missionplanner.exe] => (Allow) C:\program files (x86)\mission planner\missionplanner.exe
FirewallRules: [TCP Query User{5C364D75-BE0F-4F79-9E96-E7387C18AD03}C:\program files (x86)\jdownloader\jre\bin\javaw.exe] => (Allow) C:\program files (x86)\jdownloader\jre\bin\javaw.exe
FirewallRules: [UDP Query User{AEEB0CCD-9338-4923-A198-3901B574EDB5}C:\program files (x86)\jdownloader\jre\bin\javaw.exe] => (Allow) C:\program files (x86)\jdownloader\jre\bin\javaw.exe
FirewallRules: [TCP Query User{83AA44E7-72A9-45F1-A23E-24078078B1EC}D:\program files (x86)\origin games\battlefield bad company 2\bfbc2game.exe] => (Allow) D:\program files (x86)\origin games\battlefield bad company 2\bfbc2game.exe
FirewallRules: [UDP Query User{6F7ED111-7BC0-46FB-A661-BB4DC39B1B6C}D:\program files (x86)\origin games\battlefield bad company 2\bfbc2game.exe] => (Allow) D:\program files (x86)\origin games\battlefield bad company 2\bfbc2game.exe
FirewallRules: [TCP Query User{1C49BBF5-A996-4249-A9B1-AA0841C67469}C:\program files (x86)\arduino\java\bin\javaw.exe] => (Allow) C:\program files (x86)\arduino\java\bin\javaw.exe
FirewallRules: [UDP Query User{8F0202A6-0D20-46DE-8016-A8737BC5A908}C:\program files (x86)\arduino\java\bin\javaw.exe] => (Allow) C:\program files (x86)\arduino\java\bin\javaw.exe
FirewallRules: [{B2525E85-C45A-4F40-BA80-F20070006670}] => (Allow) C:\Users\s\AppData\Local\Temp\WZSE0.TMP\FWE559TL\EPFWUPD.exe
FirewallRules: [{BC4D1824-6C0C-4ED6-9CCD-96C22EE4AAED}] => (Allow) C:\Users\s\AppData\Local\Temp\WZSE0.TMP\FWE559TL\EPFWUPD.exe
FirewallRules: [{47577A29-E74D-4D78-AE94-844AE7371D77}] => (Allow) D:\Battle.net\Battle.net.exe
FirewallRules: [{0A643A14-D352-43E7-AA3E-E353DDEA0137}] => (Allow) D:\Battle.net\Battle.net.exe
FirewallRules: [TCP Query User{49ED702F-691F-4504-9ADF-102F7879ED21}D:\heroes of the storm\versions\base34659\heroesofthestorm_x64.exe] => (Allow) D:\heroes of the storm\versions\base34659\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{A2364591-25C4-4E29-8984-F7C1C4475072}D:\heroes of the storm\versions\base34659\heroesofthestorm_x64.exe] => (Allow) D:\heroes of the storm\versions\base34659\heroesofthestorm_x64.exe
FirewallRules: [{501CF256-1365-4520-82BE-B13593B1F9F7}] => (Allow) D:\Program Files (x86)\Origin Games\Titanfall\Titanfall.exe
FirewallRules: [{955B7372-F570-4F3D-84D6-433AAC91C3B0}] => (Allow) D:\Program Files (x86)\Origin Games\Titanfall\Titanfall.exe
FirewallRules: [{C1B5F2A6-9E36-45BB-B74B-14BE9753988E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/26/2015 08:59:09 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert
.

Error: (04/26/2015 08:17:20 AM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [0]

Error: (04/25/2015 08:11:48 AM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [0]

Error: (04/24/2015 11:31:34 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [6]

Error: (04/24/2015 02:09:56 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [0]

Error: (04/23/2015 08:00:30 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [0]

Error: (04/23/2015 07:27:49 AM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [6]

Error: (04/22/2015 09:28:44 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert
.

Error: (04/20/2015 10:22:25 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest.

Error: (04/20/2015 08:40:43 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest.


System errors:
=============
Error: (04/26/2015 09:08:46 PM) (Source: DCOM) (EventID: 10010) (User: HOME)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}

Error: (04/26/2015 09:08:46 PM) (Source: DCOM) (EventID: 10010) (User: HOME)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}

Error: (04/25/2015 00:05:06 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (04/25/2015 00:05:06 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Avira Email-Schutz" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.

Error: (04/25/2015 00:05:06 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "IIS-Verwaltungsdienst" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Aufführung des konfigurierten Wiederherstellungsp.

Error: (04/25/2015 00:05:02 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Office Software Protection Platform" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (04/25/2015 00:05:02 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NVIDIA Streamer Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (04/25/2015 00:05:02 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NVIDIA GeForce Experience Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (04/25/2015 00:05:02 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NVIDIA Network Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (04/25/2015 00:05:02 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.


Microsoft Office Sessions:
=========================
Error: (04/26/2015 08:59:09 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert

Error: (04/26/2015 08:17:20 AM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [0]

Error: (04/25/2015 08:11:48 AM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [0]

Error: (04/24/2015 11:31:34 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [6]

Error: (04/24/2015 02:09:56 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [0]

Error: (04/23/2015 08:00:30 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [0]

Error: (04/23/2015 07:27:49 AM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [6]

Error: (04/22/2015 09:28:44 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert

Error: (04/20/2015 10:22:25 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (04/20/2015 08:40:43 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifestC:\Users\s\Desktop\esetsmartinstaller_deu.exe


CodeIntegrity Errors:
===================================
  Date: 2015-04-26 18:57:33.677
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-04-26 18:57:33.499
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-04-26 18:57:33.322
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-04-26 18:57:33.147
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-04-26 18:57:32.975
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-04-26 18:57:32.806
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-04-26 18:57:32.633
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-04-26 18:57:32.462
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-04-26 18:57:32.266
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-04-26 18:57:32.096
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info =========================== 

Processor: AMD FX(tm)-4100 Quad-Core Processor 
Percentage of memory in use: 46%
Total physical RAM: 8174.11 MB
Available physical RAM: 4359.57 MB
Total Pagefile: 10862.11 MB
Available Pagefile: 5066.75 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.45 GB) (Free:31.7 GB) NTFS
Drive d: () (Fixed) (Total:119.24 GB) (Free:21.75 GB) NTFS
Drive h: (Anime´s & Filme) (Fixed) (Total:931.51 GB) (Free:182.52 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: F59A644E)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: 8DA8688E)
Partition 1: (Not Active) - (Size=119.2 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 931.5 GB) (Disk ID: C0F0026E)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================
--- --- ---
Alt 27.04.2015, 13:46   #6
M-K-D-B
/// TB-Ausbilder
 
Chrome Virus "gighmmpiobklfepjocnamgkkbiglidom" - Standard

Chrome Virus "gighmmpiobklfepjocnamgkkbiglidom"


Servus,


also gibt es außer den Funden von AdwCleaner denn Probleme mit dem Rechner?

Die beiden Funde sind Fehlalarme (Falschmeldungen), ich habe sie bereits an den Entwickler weitergeleitet.

Zur Kontrolle bitte noch kurz folgendes ausführen:






Schritt 1
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.







Schritt 2

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.







Schritt 3
  • Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
  • FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.






Bitte poste mit deiner nächsten Antwort
  • die Logdatei von MBAM,
  • die Logdatei von JRT,
  • die beiden neuen Logdateien von FRST.
Alt 27.04.2015, 14:33   #7
BanRi
 
Chrome Virus "gighmmpiobklfepjocnamgkkbiglidom" - Standard

Chrome Virus "gighmmpiobklfepjocnamgkkbiglidom"


Hallo,

direkte Probleme habe ich mit den Rechner nicht.
Zur Vorgeschichte, ich habe mir wohl auf einer (dubiosen) dritt Anbieter Seite ein Freeware RC Flugsimulator Programm geladen.
Bei der Installation ist Avira direkt angesprungen und ich habe den Vorgang sofort abgebrochen.
Jedoch wurden dabei schon 2 Suchmaschinen in Chrome installiert, beim öffnen eines neuen Tabs kam dann die Fehlermeldung das die Seite blockiert wird.
Daraufhin habe ich die Suchmaschinen unter den "Einstellungen" in Chrome entfernt was das Tab Problem löste.

Unter "Einstellungen" in Chrome wird mir jedoch noch diese Meldung angezeigt




Hier die gewünschten Log´s,
MBAM hat 1 Objekt gefunden

Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 27.04.2015
Suchlauf-Zeit: 14:56:26
Logdatei: mbam.txt
Administrator: Ja

Version: 2.01.6.1022
Malware Datenbank: v2015.04.27.02
Rootkit Datenbank: v2015.04.21.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: s

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 452637
Verstrichene Zeit: 9 Min, 51 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente gefunden)

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 0
(Keine schädliche Elemente gefunden)

Registrierungswerte: 1
PUP.Optional.Spigot.A, HKU\S-1-5-21-3594826973-1388458410-1933748121-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0985724C-C257-4A78-B6B3-2B1B179EFC01}|URL, hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=888596&p={searchTerms}, In Quarantäne, [f19d353c4149de5882dd6b5cf90a9070]

Registrierungsdaten: 0
(Keine schädliche Elemente gefunden)

Ordner: 0
(Keine schädliche Elemente gefunden)

Dateien: 0
(Keine schädliche Elemente gefunden)

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)
JRT Logfile:
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.6.5 (04.27.2015:1)
OS: Windows 8.1 Pro x64
Ran by s on 27.04.2015 at 15:13:36,48
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks

Successfully deleted: [Task] C:\WINDOWS\system32\tasks\Optimize Start Menu Cache Files-S-1-5-21-3594826973-1388458410-1933748121-1001



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] C:\WINDOWS\wininit.ini



~~~ Folders

Successfully deleted: [Folder] C:\WINDOWS\syswow64\ai_recyclebin





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 27.04.2015 at 15:15:41,29
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
--- --- ---



FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-04-2015
Ran by s (administrator) on HOME on 27-04-2015 15:17:01
Running from C:\Users\s\Desktop
Loaded Profiles: s &  (Available profiles: s & DefaultAppPool)
Platform: Windows 8.1 Pro (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\inetinfo.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Windows\System32\mqtgsvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [8290584 2013-08-01] (Logitech Inc.)
HKLM\...\Run: [MsmqIntCert] => "C:\WINDOWS\System32\regsvr32.exe" /s "C:\WINDOWS\System32\mqrt.dll"
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2673296 2015-03-28] (NVIDIA Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [726320 2015-03-31] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [RoccatKoneXTD] => C:\Program Files (x86)\ROCCAT\Kone XTD Mouse\KoneXTDMonitor.EXE [552960 2013-10-25] (ROCCAT GmbH)
HKLM-x32\...\Run: [vspdfprsrv.exe] => C:\Program Files (x86)\Avanquest\PDF Experte 9 Ultimate\vspdfprsrv.exe [7012352 2013-05-15] ()
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [AviraSpeedup] => "C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup_internetsecuritysuite.exe" -autorun
HKU\S-1-5-21-3594826973-1388458410-1933748121-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [26232152 2015-02-19] (Google)
HKU\S-1-5-21-3594826973-1388458410-1933748121-1001\...\Run: [SansaDispatch] => C:\Users\s\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe [1465616 2015-01-23] (SanDisk Corporation)
HKU\S-1-5-21-3594826973-1388458410-1933748121-1001\...\MountPoints2: {89c02c83-e392-11e4-bf71-d72739493a21} - "F:\setup.exe" 
HKU\S-1-5-21-3594826973-1388458410-1933748121-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [26232152 2015-02-19] (Google)
HKU\S-1-5-21-3594826973-1388458410-1933748121-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [SansaDispatch] => C:\Users\s\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe [1465616 2015-01-23] (SanDisk Corporation)
HKU\S-1-5-21-3594826973-1388458410-1933748121-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATINEE.EXE [298560 2013-12-16] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3594826973-1388458410-1933748121-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {89c02c83-e392-11e4-bf71-d72739493a21} - "F:\setup.exe" 
HKU\S-1-5-18\...\Run: [AviraSpeedup] => "C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup_internetsecuritysuite.exe" -autorun
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodecPackUpdateChecker.lnk [2014-01-28]
ShortcutTarget: CodecPackUpdateChecker.lnk -> C:\Windows\SysWOW64\C2MP\UpdateChecker.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Roccat Talk.lnk [2014-02-05]
ShortcutTarget: Roccat Talk.lnk -> C:\Windows\Installer\{605D671E-1D1E-4840-84D9-BFACE17F160D}\NewShortcut1_38373BA15BEE4DD08E16D3720C304537.exe (Flexera Software LLC)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-3594826973-1388458410-1933748121-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
HKU\S-1-5-21-3594826973-1388458410-1933748121-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
URLSearchHook: [S-1-5-21-3594826973-1388458410-1933748121-1005-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0] ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: [S-1-5-21-3594826973-1388458410-1933748121-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0] ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: [S-1-5-21-3594826973-1388458410-1933748121-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0] ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: [S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0] ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: [S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0] ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3594826973-1388458410-1933748121-1001 -> {0985724C-C257-4A78-B6B3-2B1B179EFC01} URL = 
SearchScopes: HKU\S-1-5-21-3594826973-1388458410-1933748121-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {0985724C-C257-4A78-B6B3-2B1B179EFC01} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=888596&p={searchTerms}
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{1333E452-9BD6-4ADF-9D62-07859AC12D3A}: [NameServer] 192.168.5.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\s\AppData\Roaming\Mozilla\Firefox\Profiles\pTMlo6Wx.default
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2014-12-03] (EA Digital Illusions CE AB)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-25] (Wacom)
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2014-12-03] (EA Digital Illusions CE AB)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-03-13] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-03-13] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2012-12-25] (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeExManDetect -> D:\Adobe\Adobe CS6\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll No File
FF Plugin HKU\S-1-5-21-3594826973-1388458410-1933748121-1001: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-25] (Wacom)
FF Plugin HKU\S-1-5-21-3594826973-1388458410-1933748121-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-25] (Wacom)
FF Extension: Avira Browser Safety - C:\Users\s\AppData\Roaming\Mozilla\Firefox\Profiles\pTMlo6Wx.default\Extensions\abs@avira.com [2014-12-03]

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.de/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\s\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (ProxFlow) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek [2014-05-31]
CHR Extension: (Google Docs) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-22]
CHR Extension: (Google Drive) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-22]
CHR Extension: (YouTube) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-22]
CHR Extension: (Google Search) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-22]
CHR Extension: (Google Analytics Opt-out Add-on (by Google)) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\fllaojicojecljbmefodhfapmkghcbnh [2014-05-31]
CHR Extension: (Snip-Me - Amazon-Preisalarm) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggbcajkaanddkocabpldmeomjdlgjpag [2014-05-31]
CHR Extension: (BetaFish Adblocker) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-04-25]
CHR Extension: (Bookmark Manager) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-15]
CHR Extension: (Pixlr Express) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\hojmjpdlmjopaeginhldhiokeidchjid [2014-05-31]
CHR Extension: (Online PDF Tools) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\jddfpnmfhodaljeelokfceepbeapgbdn [2014-05-31]
CHR Extension: (Custom Google™ Background) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\jepibmfmhopgkplegmkjgifmhabbjadg [2015-03-07]
CHR Extension: (komoot) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbgbaicglaiooophhbkpkdhpglkbhohb [2014-05-31]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-14]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-04]
CHR Extension: (Hangouts) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2015-03-07]
CHR Extension: (Google Wallet) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-22]
CHR Extension: (Gmail) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-22]
CHR HKU\S-1-5-21-3594826973-1388458410-1933748121-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3594826973-1388458410-1933748121-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome - Chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [815920 2015-03-23] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-03-23] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-03-23] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1004280 2015-03-31] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
S2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
S2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152144 2015-03-28] (NVIDIA Corporation)
R2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [16896 2013-10-31] (Microsoft Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 MSMQ; C:\Windows\system32\mqsvc.exe [25600 2013-10-31] (Microsoft Corporation)
R2 MSMQTriggers; C:\Windows\system32\mqtgsvc.exe [168448 2013-10-31] (Microsoft Corporation)
S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1878672 2015-03-28] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [22995600 2015-03-28] (NVIDIA Corporation)
S3 Origin Client Service; D:\Origin\OriginClientService.exe [1930608 2015-03-26] (Electronic Arts)
S2 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [76152 2015-01-06] ()
S2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2015-01-06] ()
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-07-02] (Microsoft Corporation)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [546304 2013-10-31] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
S2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [598808 2013-05-02] (Wacom Technology, Corp.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-03-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132120 2015-03-05] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-10-10] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43576 2015-03-05] (Avira Operations GmbH & Co. KG)
S3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30352 2015-04-15] (Disc Soft Ltd)
S3 LGSHidFilt; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [136408 2015-04-27] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 MQAC; C:\Windows\System32\drivers\mqac.sys [173568 2013-10-31] (Microsoft Corporation)
R3 MTsensor; C:\Windows\system32\DRIVERS\ASACPI.sys [17280 2013-05-17] ()
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-03-28] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-03-18] (Microsoft Corporation)
S3 Ser2pl; \SystemRoot\system32\DRIVERS\ser2pl64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-27 15:16 - 2015-04-27 15:16 - 00000000 ____D () C:\Users\s\Desktop\FRST-OlderVersion
2015-04-27 15:15 - 2015-04-27 15:15 - 00000849 _____ () C:\Users\s\Desktop\JRT.txt
2015-04-27 15:13 - 2015-04-27 15:13 - 00000207 _____ () C:\WINDOWS\tweaking.com-regbackup-HOME-Windows-8.1-Pro-(64-bit).dat
2015-04-27 15:13 - 2015-04-27 15:13 - 00000000 ____D () C:\RegBackup
2015-04-27 15:12 - 2015-04-27 15:12 - 02715845 _____ (Thisisu) C:\Users\s\Desktop\JRT.exe
2015-04-27 15:10 - 2015-04-27 15:10 - 00001473 _____ () C:\Users\s\Desktop\mbam.txt
2015-04-27 14:55 - 2015-04-27 14:55 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-04-27 14:55 - 2015-04-27 14:55 - 00001118 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-04-27 14:55 - 2015-04-27 14:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-04-27 14:55 - 2015-04-27 14:55 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-04-27 14:55 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-04-27 14:55 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-04-27 14:55 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-04-27 14:53 - 2015-04-27 14:53 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\s\Desktop\mbam-setup-2.1.6.1022.exe
2015-04-27 13:37 - 2015-04-27 10:15 - 1132447871 _____ () C:\Users\s\Downloads\Gam.of.Thones.S05E03.Ger.Sub.72p.HDTV.x264-iND.mkv
2015-04-27 13:32 - 2015-04-27 13:34 - 280819260 _____ () C:\Users\s\Downloads\plastic.1080p.e04.part1.rar
2015-04-27 13:32 - 2015-04-27 13:33 - 252804296 _____ () C:\Users\s\Downloads\plastic.1080p.e04.part2.rar
2015-04-27 10:44 - 2015-04-27 10:44 - 00000000 ____D () C:\Users\s\Desktop\nexus
2015-04-26 21:19 - 2015-04-26 21:20 - 00050973 _____ () C:\Users\s\Desktop\Addition.txt
2015-04-26 21:18 - 2015-04-27 15:17 - 00024756 _____ () C:\Users\s\Desktop\FRST.txt
2015-04-26 15:50 - 2015-04-26 16:27 - 00590848 _____ () C:\Users\s\Desktop\Stunden_SvenBöer.xlsx
2015-04-26 13:43 - 2015-04-26 15:50 - 00000000 ____D () C:\Users\s\Desktop\Stunden
2015-04-26 13:29 - 2015-04-27 15:17 - 00000000 ____D () C:\FRST
2015-04-26 13:28 - 2015-04-27 15:16 - 02100736 _____ (Farbar) C:\Users\s\Desktop\FRST64.exe
2015-04-25 12:03 - 2015-04-25 12:03 - 02224640 _____ () C:\Users\s\Desktop\adwcleaner_4.202.exe
2015-04-25 10:21 - 2015-04-24 21:25 - 316191928 _____ () C:\Users\s\Downloads\ac.720p.e14.mkv
2015-04-23 14:15 - 2015-04-22 21:28 - 304467827 _____ () C:\Users\s\Downloads\triagex.720p.e03.mkv
2015-04-23 14:15 - 2015-04-17 17:08 - 294389571 _____ () C:\Users\s\Downloads\triagex.720p.e02.mp4
2015-04-23 14:15 - 2015-04-17 16:43 - 289795797 _____ () C:\Users\s\Downloads\triagex.720p.e01.mp4
2015-04-23 13:47 - 2015-04-18 20:17 - 583081914 _____ () C:\Users\s\Downloads\plastic.1080p.e03.mkv
2015-04-23 12:06 - 2015-04-12 21:17 - 548958249 _____ () C:\Users\s\Downloads\plastic.1080p.e02.mkv
2015-04-23 11:26 - 2015-04-11 20:18 - 553148423 _____ () C:\Users\s\Downloads\plastic.1080p.e01.mkv
2015-04-22 14:53 - 2015-04-22 14:53 - 00000000 ____D () C:\Users\s\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader
2015-04-22 09:36 - 2015-03-03 15:17 - 00295552 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-04-22 09:34 - 2015-04-22 09:34 - 00000000 ____D () C:\Users\s\AppData\Local\AviraSpeedup
2015-04-21 18:03 - 2015-04-20 12:04 - 1589627016 _____ () C:\Users\s\Downloads\Gam.of.Thones.S05E02.Ger.Sub.72p.HDTV.x264-iND.mkv
2015-04-21 09:05 - 2015-04-13 16:11 - 1268349959 _____ () C:\Users\s\Downloads\Gam.of.Thones.S05E01.Ger.Sub.72p.HDTV.x264-iND.mkv
2015-04-20 15:43 - 2015-04-20 16:00 - 00000000 ____D () C:\Temp
2015-04-19 22:48 - 2015-04-19 22:48 - 02347384 _____ (ESET) C:\Users\s\Desktop\esetsmartinstaller_deu.exe
2015-04-19 21:57 - 2015-04-20 14:28 - 00000000 ____D () C:\Users\s\AppData\Roaming\ImgBurn
2015-04-19 21:54 - 2015-04-19 21:54 - 00001893 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
2015-04-19 21:54 - 2015-04-19 21:54 - 00001881 _____ () C:\Users\Public\Desktop\ImgBurn.lnk
2015-04-19 21:54 - 2015-04-19 21:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
2015-04-19 21:54 - 2015-04-19 21:54 - 00000000 ____D () C:\Program Files (x86)\ImgBurn
2015-04-16 21:04 - 2015-04-26 13:09 - 00000000 ____D () C:\AdwCleaner
2015-04-16 07:57 - 2015-01-06 05:01 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndproxy.sys
2015-04-16 07:57 - 2015-01-06 04:59 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
2015-04-16 07:57 - 2015-01-06 03:12 - 00185856 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascfg.dll
2015-04-16 07:57 - 2015-01-06 03:02 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rascfg.dll
2015-04-15 22:53 - 2015-04-20 10:35 - 00000000 ____D () C:\Program Files\RC Desk Pilot
2015-04-15 22:22 - 2015-04-15 22:24 - 00000000 ____D () C:\Users\s\AppData\Roaming\DAEMON Tools Lite
2015-04-15 22:22 - 2015-04-15 22:23 - 00030352 _____ (Disc Soft Ltd) C:\WINDOWS\system32\Drivers\dtlitescsibus.sys
2015-04-15 22:21 - 2015-04-15 22:22 - 00000000 ____D () C:\ProgramData\DAEMON Tools Lite
2015-04-15 21:21 - 2015-04-16 21:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Flug-Model-Simulator
2015-04-15 12:16 - 2015-04-15 12:16 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2015-04-15 08:21 - 2015-03-23 23:59 - 07476032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-04-15 08:21 - 2015-03-23 23:59 - 01733952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-04-15 08:21 - 2015-03-23 23:59 - 00360480 _____ (Microsoft Corporation) C:\WINDOWS\system32\sechost.dll
2015-04-15 08:21 - 2015-03-23 23:58 - 01498872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-04-15 08:21 - 2015-03-23 23:45 - 00257216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sechost.dll
2015-04-15 08:21 - 2015-03-23 00:45 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-04-15 08:21 - 2015-03-23 00:09 - 01111552 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-04-15 08:21 - 2015-03-23 00:09 - 00957440 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-04-15 08:21 - 2015-03-23 00:09 - 00769024 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-04-15 08:21 - 2015-03-23 00:09 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-04-15 08:21 - 2015-03-23 00:09 - 00419328 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-04-15 08:21 - 2015-03-23 00:09 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-04-15 08:21 - 2015-03-20 06:12 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2015-04-15 08:21 - 2015-03-20 06:10 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-04-15 08:21 - 2015-03-20 06:10 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-04-15 08:21 - 2015-03-20 05:17 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\tracerpt.exe
2015-04-15 08:21 - 2015-03-20 04:41 - 00369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tracerpt.exe
2015-04-15 08:21 - 2015-03-20 04:40 - 00950784 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2015-04-15 08:21 - 2015-03-20 04:16 - 00749568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2015-04-15 08:21 - 2015-03-14 10:54 - 00133256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-04-15 08:21 - 2015-03-14 03:56 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2015-04-15 08:21 - 2015-03-14 03:56 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-04-15 08:21 - 2015-03-14 03:51 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wu.upgrade.ps.dll
2015-04-15 08:21 - 2015-03-14 03:37 - 00267264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2015-04-15 08:21 - 2015-03-14 03:14 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2015-04-15 08:21 - 2015-03-14 02:22 - 03678720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-04-15 08:21 - 2015-03-14 02:12 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-04-15 08:21 - 2015-03-14 02:12 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-04-15 08:21 - 2015-03-14 02:09 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2015-04-15 08:21 - 2015-03-14 02:08 - 00408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-04-15 08:21 - 2015-03-14 02:08 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-04-15 08:21 - 2015-03-14 02:06 - 02373632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-04-15 08:21 - 2015-03-14 02:06 - 00891392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-04-15 08:21 - 2015-03-14 02:02 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-04-15 08:21 - 2015-03-14 02:02 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-04-15 08:21 - 2015-03-14 01:59 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-04-15 08:21 - 2015-03-14 01:59 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-04-15 08:21 - 2015-03-13 06:32 - 24980480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-04-15 08:21 - 2015-03-13 06:08 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-04-15 08:21 - 2015-03-13 06:07 - 02886144 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-04-15 08:21 - 2015-03-13 05:53 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-04-15 08:21 - 2015-03-13 05:50 - 06025216 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-04-15 08:21 - 2015-03-13 05:42 - 19695616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-04-15 08:21 - 2015-03-13 05:28 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-04-15 08:21 - 2015-03-13 05:26 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-04-15 08:21 - 2015-03-13 05:22 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-04-15 08:21 - 2015-03-13 05:17 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-04-15 08:21 - 2015-03-13 05:16 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-04-15 08:21 - 2015-03-13 05:08 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-04-15 08:21 - 2015-03-13 05:07 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-04-15 08:21 - 2015-03-13 05:00 - 14397440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-04-15 08:21 - 2015-03-13 04:58 - 00259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2015-04-15 08:21 - 2015-03-13 04:50 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-04-15 08:21 - 2015-03-13 04:49 - 04305408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-04-15 08:21 - 2015-03-13 04:45 - 02358784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-04-15 08:21 - 2015-03-13 04:44 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-04-15 08:21 - 2015-03-13 04:37 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll
2015-04-15 08:21 - 2015-03-13 04:34 - 12825600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-04-15 08:21 - 2015-03-13 04:33 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-04-15 08:21 - 2015-03-13 04:22 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-04-15 08:21 - 2015-03-13 04:20 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-04-15 08:21 - 2015-03-13 04:16 - 01311232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-04-15 08:21 - 2015-03-13 04:14 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-04-15 08:21 - 2015-03-04 12:25 - 00377152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2015-04-15 08:21 - 2015-03-04 05:04 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\clfsw32.dll
2015-04-15 08:21 - 2015-03-04 04:19 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clfsw32.dll
2015-04-15 08:21 - 2015-02-24 10:32 - 00991552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2015-04-15 08:21 - 2015-02-21 01:49 - 00780800 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll
2015-04-15 08:21 - 2014-12-03 01:09 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2015-04-13 09:05 - 2015-04-13 09:05 - 00000295 _____ () C:\Users\s\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Papierkorb.lnk
2015-04-07 00:12 - 2015-04-07 00:12 - 00000000 ____D () C:\ProgramData\MULTIFlight
2015-04-07 00:12 - 2015-04-07 00:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MULTIFlight
2015-04-07 00:12 - 2015-04-07 00:12 - 00000000 ____D () C:\Program Files (x86)\MULTIFlight
2015-04-04 15:03 - 2015-04-04 15:03 - 00000000 ___SD () C:\WINDOWS\SysWOW64\GWX
2015-04-04 15:03 - 2015-04-04 15:03 - 00000000 ___SD () C:\WINDOWS\system32\GWX
2015-04-01 19:04 - 2015-04-01 19:04 - 00018321 _____ () C:\WINDOWS\DirectX.log
2015-03-30 21:34 - 2015-03-30 21:35 - 00000000 ____D () C:\Users\s\Documents\Heroes of the Storm
2015-03-30 20:26 - 2015-04-01 12:48 - 00000000 ____D () C:\Users\s\AppData\Local\Battle.net
2015-03-30 20:26 - 2015-03-30 21:34 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment
2015-03-30 20:26 - 2015-03-30 20:27 - 00000000 ____D () C:\Users\s\AppData\Roaming\Battle.net
2015-03-30 20:26 - 2015-03-30 20:26 - 00000000 ____D () C:\Users\s\AppData\Local\Blizzard Entertainment
2015-03-30 20:24 - 2015-03-30 20:24 - 00000000 ____D () C:\ProgramData\Battle.net
2015-03-29 15:45 - 2015-03-29 15:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\u-blox
2015-03-29 15:45 - 2015-03-29 15:45 - 00000000 ____D () C:\Program Files (x86)\u-blox

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-27 15:15 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\inetsrv
2015-04-27 15:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-04-27 14:55 - 2015-03-24 17:55 - 00000929 _____ () C:\WINDOWS\Tasks\EPSON XP-322 323 325 Series Update {A4B7AC65-10C9-43CF-B46E-D9311A9A1A5B}.job
2015-04-27 14:49 - 2015-03-27 10:28 - 00009588 _____ () C:\WINDOWS\setupact.log
2015-04-27 14:30 - 2013-10-22 11:40 - 00001128 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-27 14:18 - 2014-05-06 00:40 - 01894284 _____ () C:\WINDOWS\WindowsUpdate.log
2015-04-27 10:54 - 2014-01-27 21:35 - 00000000 ___RD () C:\Users\s\Downloads\GoogleDrive
2015-04-27 09:07 - 2013-10-22 11:40 - 00001124 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-27 09:07 - 2013-10-21 19:43 - 00000000 ___DO () C:\Users\s\SkyDrive
2015-04-26 21:15 - 2013-09-30 06:14 - 01871602 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-04-26 21:15 - 2013-09-30 05:56 - 00804408 _____ () C:\WINDOWS\system32\perfh007.dat
2015-04-26 21:15 - 2013-09-30 05:56 - 00170296 _____ () C:\WINDOWS\system32\perfc007.dat
2015-04-26 21:09 - 2015-03-24 11:32 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-04-26 21:09 - 2015-01-02 23:28 - 05062712 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-04-26 21:09 - 2014-01-16 19:14 - 00000284 _____ () C:\WINDOWS\Tasks\AutoKMS.job
2015-04-26 21:09 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-04-26 21:08 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-04-26 21:05 - 2015-03-27 12:18 - 00037770 _____ () C:\WINDOWS\DPINST.LOG
2015-04-26 21:03 - 2014-02-04 20:53 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2015-04-26 21:03 - 2013-10-24 10:16 - 00000000 ____D () C:\ProgramData\Adobe
2015-04-26 21:03 - 2013-10-24 10:16 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-04-26 21:03 - 2013-10-21 17:02 - 00000000 ____D () C:\Users\s\AppData\Roaming\Adobe
2015-04-26 13:55 - 2011-10-23 22:42 - 00000000 ____D () C:\Users\s\Downloads\02_Musik
2015-04-26 13:43 - 2013-03-03 08:40 - 00000000 ____D () C:\Users\s\Downloads\07_JDownloader
2015-04-26 13:42 - 2013-01-22 20:03 - 00000000 ____D () C:\Users\s\Downloads\03_Software
2015-04-26 12:27 - 2012-08-21 21:20 - 00000000 ____D () C:\Users\s\Downloads\05_Arbeit
2015-04-26 08:40 - 2015-03-04 17:58 - 00000000 ____D () C:\Program Files (x86)\Mission Planner
2015-04-25 18:36 - 2015-03-01 22:02 - 00000000 ____D () C:\Users\s\apmplanner2
2015-04-22 18:38 - 2014-04-27 07:43 - 00000000 ____D () C:\Users\DefaultAppPool
2015-04-22 14:53 - 2013-10-31 15:17 - 00000000 ____D () C:\Program Files (x86)\JDownloader
2015-04-22 09:36 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-04-22 09:32 - 2013-10-24 10:16 - 00000000 ____D () C:\Users\s\AppData\Local\Adobe
2015-04-19 22:31 - 2015-03-27 10:28 - 00219646 _____ () C:\WINDOWS\PFRO.log
2015-04-19 20:01 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-04-17 07:23 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-04-16 22:36 - 2013-10-22 12:06 - 00000000 ____D () C:\Users\s\AppData\Roaming\vlc
2015-04-16 21:05 - 2013-12-01 18:16 - 00000000 ____D () C:\Users\s\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-04-16 21:05 - 2013-10-22 11:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-04-16 21:05 - 2013-10-21 19:42 - 00000999 _____ () C:\Users\s\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-04-16 13:04 - 2013-10-21 19:35 - 00000000 ____D () C:\Users\s
2015-04-16 12:29 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-04-16 08:13 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppCompat
2015-04-16 07:55 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\Cursors
2015-04-15 22:19 - 2014-11-10 18:46 - 00000041 ___SH () C:\ProgramData\.zreglib
2015-04-15 12:16 - 2014-12-03 09:44 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2015-04-15 09:59 - 2014-01-16 19:00 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-15 09:59 - 2013-10-21 17:49 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-04-15 09:55 - 2013-10-21 17:49 - 128913832 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-04-14 01:24 - 2013-08-22 17:38 - 00792056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-04-14 01:24 - 2013-08-22 17:38 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-12 13:33 - 2014-02-05 14:32 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-04-10 07:23 - 2014-05-23 08:14 - 00000000 ____D () C:\ProgramData\Package Cache
2015-04-10 07:23 - 2013-10-21 17:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-04-10 07:23 - 2013-10-21 17:14 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-04-07 10:01 - 2015-03-01 22:02 - 00000000 ____D () C:\Users\s\mapscache
2015-04-01 23:49 - 2014-12-31 19:56 - 00000000 ____D () C:\ProgramData\Origin
2015-03-29 15:32 - 2015-03-04 23:38 - 00000149 _____ () C:\Users\s\Documents\diagnostic.ubx
2015-03-29 12:29 - 2015-03-24 17:54 - 00000000 ____D () C:\ProgramData\EPSON
2015-03-28 11:11 - 2014-05-02 13:37 - 00000000 ____D () C:\Users\s\AppData\Roaming\PhotoScape
2015-03-28 05:44 - 2014-07-29 18:37 - 01316000 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2015-03-28 05:44 - 2013-11-09 00:46 - 01316000 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2015-03-28 05:43 - 2014-07-29 18:37 - 01756424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2015-03-28 05:43 - 2013-11-09 00:46 - 01570672 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll

==================== Files in the root of some directories =======

2015-01-13 01:04 - 2015-01-13 22:55 - 0000600 _____ () C:\Users\s\AppData\Roaming\winscp.rnd
2014-10-01 20:15 - 2014-10-01 20:15 - 0004096 ____H () C:\Users\s\AppData\Local\keyfile3.drm
2015-01-13 01:00 - 2015-03-12 13:53 - 0000600 _____ () C:\Users\s\AppData\Local\PUTTY.RND
2014-06-13 16:47 - 2015-03-25 08:22 - 0007597 _____ () C:\Users\s\AppData\Local\Resmon.ResmonCfg
2014-11-10 18:46 - 2015-04-15 22:19 - 0000041 ___SH () C:\ProgramData\.zreglib
1999-07-07 02:00 - 1999-07-07 02:00 - 0000006 __RSH () C:\ProgramData\DE280AC2-0786-4476-96E5-D6E6370396FE

Some content of TEMP:
====================
C:\Users\s\AppData\Local\Temp\avgnt.exe
C:\Users\s\AppData\Local\Temp\i4jdel0.exe
C:\Users\s\AppData\Local\Temp\proxy_vole6848895154067636924.dll
C:\Users\s\AppData\Local\Temp\readSTILog.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-23 09:59

==================== End Of Log ============================
--- --- ---

--- --- ---


FRST Additions Logfile:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-04-2015
Ran by s at 2015-04-27 15:17:37
Running from C:\Users\s\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3594826973-1388458410-1933748121-500 - Administrator - Disabled)
Gast (S-1-5-21-3594826973-1388458410-1933748121-501 - Limited - Disabled)
s (S-1-5-21-3594826973-1388458410-1933748121-1001 - Administrator - Enabled) => C:\Users\s

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AAVUpdateManager (HKLM-x32\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Arduino (HKLM-x32\...\Arduino) (Version: 1.6.1 - Arduino LLC)
Avira (HKLM-x32\...\{b5675cc4-ab8b-4945-8c1d-4c5479556d6a}) (Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.9.504 - Avira Operations GmbH & Co. KG)
Battlefield: Bad Company™ 2 (HKLM-x32\...\{3AC8457C-0385-4BEA-A959-E095F05D6D67}) (Version: 1.0.1.0 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.6.2 - EA Digital Illusions CE AB)
DNDownloader version 1.2 (HKLM-x32\...\DNDownloader_is1) (Version: 1.2 - )
Druckerdeinstallation für EPSON XP-322 323 325 Series (HKLM\...\EPSON XP-322 323 325 Series) (Version:  - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EXPERTool v8.9 (HKLM-x32\...\{551D9481-9487-4D0C-9A1D-6BC3E7B6D991}_is1) (Version: 8.9.7.3 - Gainward Co. Ltd.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.90 - Google Inc.)
Google Drive (HKLM-x32\...\{6C36881B-0E51-4231-9D02-BF2149664D34}) (Version: 1.20.8672.3137 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Helium (HKLM-x32\...\{9A781940-AC41-4D5E-8E1E-76A04B916FB9}) (Version: 1.0.0 - ClockworkMod)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Logitech Gaming Software 8.50 (HKLM\...\Logitech Gaming Software) (Version: 8.50.281 - Logitech Inc.)
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Media Player Codec Pack 4.3.0 (HKLM-x32\...\Media Player - Codec Pack) (Version: 4.3.0 - Media Player Codec Pack)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mission Planner (HKLM-x32\...\{2C6E91C8-8B1B-479F-9BBD-545AF60F09E0}) (Version: 1.3.19 - Michael Oborne)
MULTIFlight (HKLM-x32\...\MULTIFlight) (Version:  - Multiplex Modellsport GmbH & Co.KG)
NARUTO SHIPPUDEN: Ultimate Ninja STORM 3 Full Burst (HKLM-x32\...\Steam App 234670) (Version:  - CyberConnect 2)
NVIDIA 3D Vision Controller-Treiber 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 347.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.88 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.4.1.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.1.21 - NVIDIA Corporation)
NVIDIA Grafiktreiber 347.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.88 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
OpenOffice 4.1.1 Language Pack (German) (HKLM-x32\...\{68AF7AB8-E018-40D9-B703-0129274FDBAE}) (Version: 4.11.9775 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.5.3.636 - Electronic Arts, Inc.)
PDF Experte 9 Ultimate (HKLM-x32\...\{FC279721-37A6-4777-AFD8-7A56681EBA14}) (Version:  - )
PDF24 Creator 6.9.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
ROCCAT Kone XTD Mouse Driver (HKLM-x32\...\{7133137D-DF48-4522-AD88-13C82B7D0A63}) (Version:  - Roccat GmbH)
Roccat Talk (HKLM-x32\...\{605D671E-1D1E-4840-84D9-BFACE17F160D}) (Version: 1.00.0002 - Roccat GmbH)
Sansa Updater (HKU\S-1-5-21-3594826973-1388458410-1933748121-1001\...\Sansa Updater) (Version: 1.406 - SanDisk Corporation)
Sansa Updater (HKU\S-1-5-21-3594826973-1388458410-1933748121-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Sansa Updater) (Version: 1.406 - SanDisk Corporation)
SDFormatter (HKLM-x32\...\{179324FF-7B16-4BA8-9836-055CAAEE4F08}) (Version: 4.0.0 - SD Association)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
SHIELD Streaming (Version: 4.1.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.4.1.21 - NVIDIA Corporation) Hidden
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
SteuerSparErklärung 2014 (HKLM-x32\...\{A463EB06-22A6-47F5-9593-E52B291EF13E}) (Version: 19.12.92 - Akademische Arbeitsgemeinschaft)
SteuerSparErklärung 2015 (HKLM-x32\...\{312C0E08-8F94-4536-AAF6-3413F784AC5F}) (Version: 20.24.112 - Akademische Arbeitsgemeinschaft)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
Titanfall™ (HKLM-x32\...\{347EE0C3-0690-48F6-A231-53853C2A80D6}) (Version: 1.0.10.1 - Electronic Arts)
u-center (HKLM-x32\...\{A385DF8C-7E17-4C6C-998F-96FDC10BCE96}) (Version: 7.0.2.1 - u-blox)
Universal Adb Driver (HKLM-x32\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Wacom Tablett (HKLM\...\Wacom Tablet Driver) (Version: 6.3.6b5 - Wacom Technology Corp.)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.3 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.3 - Wacom Technology Corp.)
Win32DiskImager version 0.9.5 (HKLM-x32\...\{D074CE74-912A-4AD3-A0BF-3937D9D01F17}_is1) (Version: 0.9.5 - ImageWriter Developers)
Windows-Treiberpaket - 3D Robotics (usbser) Ports  (01/01/2015 2.0.0.9) (HKLM\...\75690F2C86F7BE1E9F51D6D0CC84D4D7C203E6B5) (Version: 01/01/2015 2.0.0.9 - 3D Robotics)
Windows-Treiberpaket - 3D Robotics (usbser) Ports  (01/01/2015 2.0.0.9) (HKLM\...\E5BE0983C0C60432B42B39114C40C1931CE1AE00) (Version: 01/01/2015 2.0.0.9 - 3D Robotics)
Windows-Treiberpaket - Arduino LLC (www.arduino.cc) (usbser) Ports  (01/01/2015 2.0.0.9) (HKLM\...\86FE9521DE7ABE24A00FABF1A36DFEA326A2B95B) (Version: 01/01/2015 2.0.0.9 - Arduino LLC (www.arduino.cc))
Windows-Treiberpaket - u-blox AG (ubloxusb) Ports  (05/09/2012 1.2.0.6) (HKLM\...\7DCB6F90653EABCA4FDB3A94511F5371C9D34C51) (Version: 05/09/2012 1.2.0.6 - u-blox AG)
Windows-Treiberpaket - u-blox AG (ubloxusb) Ports  (07/03/2013 1.2.0.8) (HKLM\...\FD26D50F08971338088D01BEDED393EC9F9C4FA7) (Version: 07/03/2013 1.2.0.8 - u-blox AG)
WinRAR 5.00 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3594826973-1388458410-1933748121-1001_Classes\CLSID\{092dfa86-5807-5a94-bf3b-5a53ba9e5308}\InprocServer32 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)

==================== Restore Points  =========================

22-04-2015 09:28:43 Avira System Speedup 1.6.3
26-04-2015 20:59:08 Removed Adobe Photoshop Elements 11.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2014-01-15 11:18 - 00001030 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 na1r.services.adobe.com 
127.0.0.1 hlrcv.stage.adobe.com 
127.0.0.1 lmlicenses.wip4.adobe.com 
127.0.0.1 lm.licenses.adobe.com 
127.0.0.1 activate.adobe.com 
127.0.0.1 practivate.adobe.com 


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {17124A12-B0AA-48B1-A119-D52F008A9584} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-22] (Google Inc.)
Task: {4677EDF6-3647-440B-979A-19464D1B3746} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {4D530DFC-C28F-4E39-ACFD-81DF8AEDCD6F} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {6739EA80-646B-421C-849B-5AEB54E7C110} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-22] (Google Inc.)
Task: {73395519-CCAB-489B-A3A9-6A8C3069907F} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
Task: {7714CA0C-9069-46D8-930C-2E213DA86569} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {79388E14-7DB2-4DFC-A0A7-BD9CC33425A5} - System32\Tasks\EPSON XP-322 323 325 Series Update {A4B7AC65-10C9-43CF-B46E-D9311A9A1A5B} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSNEE.EXE [2013-11-22] (SEIKO EPSON CORPORATION)
Task: {BDC2C40D-F181-4C59-85D1-907F12585642} - System32\Tasks\{0C43FB44-1C71-4D7A-A2FD-9097DCF40188} => pcalua.exe -a C:\Users\s\AppData\Local\Unity\WebPlayer\Uninstall.exe -c /CurrentUser
Task: {BEEBCE3A-45FB-41B9-BE9A-3B4B7E2132AE} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {BF00F630-9D5A-4FD3-BA83-882B746A21F8} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-04-15] (Microsoft Corporation)
Task: {CEACDB88-8D3F-48B7-8824-D65F9CD75213} - \Optimize Start Menu Cache Files-S-1-5-21-3594826973-1388458410-1933748121-1001 No Task File <==== ATTENTION
Task: {F2DF14B4-CD1C-437E-9BEA-DF11EFB6CABD} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
Task: C:\WINDOWS\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe
Task: C:\WINDOWS\Tasks\EPSON XP-322 323 325 Series Update {A4B7AC65-10C9-43CF-B46E-D9311A9A1A5B}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSNEE.EXE:/EXE:{A4B7AC65-10C9-43CF-B46E-D9311A9A1A5B} /F:UpdateWORKGROUP\HOME$
Searches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2015-04-14 21:30 - 2015-04-13 23:55 - 01252680 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\libglesv2.dll
2015-04-14 21:30 - 2015-04-13 23:55 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\libegl.dll
2015-04-14 21:30 - 2015-04-13 23:55 - 14980424 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows:4B8B0EFD8D3598FA
AlternateDataStreams: C:\Users\s\SkyDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3594826973-1388458410-1933748121-1001\Control Panel\Desktop\\Wallpaper -> H:\Sonstiges\wallpaper\26426-katana-girl-1920x1080-anime-wallpaper.jpg
HKU\S-1-5-21-3594826973-1388458410-1933748121-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> H:\Sonstiges\wallpaper\26426-katana-girl-1920x1080-anime-wallpaper.jpg
DNS Servers: 192.168.5.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "CodecPackUpdateChecker.lnk"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "Nvtmru"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager"
HKU\S-1-5-21-3594826973-1388458410-1933748121-1001\...\StartupApproved\Run: => "CAHeadless"
HKU\S-1-5-21-3594826973-1388458410-1933748121-1001\...\StartupApproved\Run: => "SansaDispatch"
HKU\S-1-5-21-3594826973-1388458410-1933748121-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "CAHeadless"
HKU\S-1-5-21-3594826973-1388458410-1933748121-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "SansaDispatch"

==================== FirewallRules (whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

FirewallRules: [Wininit-Shutdown-In-Rule-TCP-RPC] => (Allow) %systemroot%\system32\wininit.exe
FirewallRules: [Wininit-Shutdown-In-Rule-TCP-RPC-EPMapper] => (Allow) %systemroot%\system32\wininit.exe
FirewallRules: [ProximityUxHost-Sharing-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\proximityuxhost.exe
FirewallRules: [ProximityUxHost-Sharing-Out-TCP-NoScope] => (Allow) %SystemRoot%\system32\proximityuxhost.exe
FirewallRules: [NETDIS-DAS-In-UDP-Active] => (Allow) %SystemRoot%\system32\dashost.exe
FirewallRules: [NETDIS-DAS-In-UDP] => (Allow) %SystemRoot%\system32\dashost.exe
FirewallRules: [EventForwarder-In-TCP] => (Allow) %SystemRoot%\system32\NetEvtFwdr.exe
FirewallRules: [TPMVSCMGR-Server-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\RmtTpmVscMgrSvr.exe
FirewallRules: [TPMVSCMGR-Server-Out-TCP-NoScope] => (Allow) %SystemRoot%\system32\RmtTpmVscMgrSvr.exe
FirewallRules: [TPMVSCMGR-Server-In-TCP] => (Allow) %SystemRoot%\system32\RmtTpmVscMgrSvr.exe
FirewallRules: [TPMVSCMGR-Server-Out-TCP] => (Allow) %SystemRoot%\system32\RmtTpmVscMgrSvr.exe
FirewallRules: [PlayTo-In-UDP-NoScope] => (Allow) %SystemRoot%\system32\mdeserver.exe
FirewallRules: [PlayTo-In-UDP-LocalSubnetScope] => (Allow) %SystemRoot%\system32\mdeserver.exe
FirewallRules: [PlayTo-In-UDP-PlayToScope] => (Allow) %SystemRoot%\system32\mdeserver.exe
FirewallRules: [PlayTo-Out-UDP-NoScope] => (Allow) %SystemRoot%\system32\mdeserver.exe
FirewallRules: [PlayTo-Out-UDP-LocalSubnetScope] => (Allow) %SystemRoot%\system32\mdeserver.exe
FirewallRules: [PlayTo-Out-UDP-PlayToScope] => (Allow) %SystemRoot%\system32\mdeserver.exe
FirewallRules: [PlayTo-In-RTSP-NoScope] => (Allow) %SystemRoot%\system32\mdeserver.exe
FirewallRules: [PlayTo-In-RTSP-LocalSubnetScope] => (Allow) %SystemRoot%\system32\mdeserver.exe
FirewallRules: [PlayTo-In-RTSP-PlayToScope] => (Allow) %SystemRoot%\system32\mdeserver.exe
FirewallRules: [WFDPRINT-DAFWSD-In-Active] => (Allow) %SystemRoot%\system32\dashost.exe
FirewallRules: [WFDPRINT-DAFWSD-Out-Active] => (Allow) %SystemRoot%\system32\dashost.exe
FirewallRules: [RemoteDesktop-Shadow-In-TCP] => (Allow) %SystemRoot%\system32\RdpSa.exe
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [{B045B430-A659-433A-98D9-6CC034C6C2AF}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [{3B8BEFF2-8667-4898-A117-AD21DB5486EB}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [{9475951F-6B56-454F-9F27-C28B09ECF92C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{BE5501F9-1F33-44EA-B70E-FFE4CCC00779}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{FE906EFC-8C26-4DBD-B458-C2A404182FB2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{A00390CC-6A8E-4DBD-9586-16FCA1C92D1F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [TCP Query User{FCC13315-E993-4372-93CE-C66BE0E155B5}C:\program files (x86)\jdownloader\jre\bin\javaw.exe] => (Allow) C:\program files (x86)\jdownloader\jre\bin\javaw.exe
FirewallRules: [UDP Query User{F22525E6-F9D3-4D19-A3AE-98DAC076A78B}C:\program files (x86)\jdownloader\jre\bin\javaw.exe] => (Allow) C:\program files (x86)\jdownloader\jre\bin\javaw.exe
FirewallRules: [{CE15A5DB-C75F-4F69-851A-CF4313A715D1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{D4CBE62C-26EA-4985-BC83-E6BDCD3D659C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{8425F546-9E82-40FA-A46C-1C81AEE1E06A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{4F7C391F-AAC3-4CCC-B3F4-6D9FCD37DB4B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{F1EF356C-E593-4CB8-BB49-ED5F0A6C7547}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{3150D9DB-25A9-4F72-8A5F-4287D83DD4CD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{219F0F56-4842-48EA-A6A6-B59A23FC014D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{B0309D70-ED48-43E9-A981-A4A3166174CA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{58AC6098-40CE-450A-8556-B1F6AE10C78B}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{FB82FC6C-F878-4168-86E8-48775B86E7AC}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{62FFDA57-DA2A-420D-A3CA-E12CEB56AF07}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{F91BDABD-62FF-4FD3-AC64-F6567CACBD24}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{B66E6BDE-DD60-4DBB-8CF7-6B472AAB3D56}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{414090EE-DB88-41D1-8A00-160C0B81F07F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{65D8C19D-106A-49B5-B107-93CC6C7F04F5}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{2DA585E8-DF67-4E52-A36C-CA67FA067F64}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{087816C0-E2AA-4A58-9154-AC8E8667F7C5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{D250874E-FBB4-403D-B833-C231F691B500}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{AD0806C8-AB04-4E4E-BA2A-32CBF135CAD6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{8778653C-194A-4CF4-A586-8C37222149EE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{EE8432AD-EE73-4F3A-8726-4806EEEC7FCC}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTE.EXE
FirewallRules: [{5CB598E9-2DED-406C-A806-053784E4C321}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTE.EXE
FirewallRules: [TCP Query User{B7695911-64A6-4CA9-BE50-3788F4F21497}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [UDP Query User{F1E06132-40C1-43EA-A376-B46162A54AF3}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [{61A243B1-25FB-4F26-A266-0A8898432A99}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE
FirewallRules: [{A2B98E58-B73C-4762-81CC-CD19119D6BDC}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE
FirewallRules: [TCP Query User{94B681B3-9815-4DF6-9F66-9B05B51A5B46}E:\easysetupassistant\tl-wdr3600\easysetupassistant.exe] => (Allow) E:\easysetupassistant\tl-wdr3600\easysetupassistant.exe
FirewallRules: [UDP Query User{AD2F893E-67DD-445F-90D1-7725C6AD1D81}E:\easysetupassistant\tl-wdr3600\easysetupassistant.exe] => (Allow) E:\easysetupassistant\tl-wdr3600\easysetupassistant.exe
FirewallRules: [{CBBCF43D-4FCE-4203-87A6-567A199C2AAE}] => (Allow) D:\Steam\SteamApps\common\NARUTO SHIPPUDEN Ultimate Ninja STORM 3 Full Burst\NS3FB_launcher.exe
FirewallRules: [{7BB1AA7E-F5F2-444D-890D-C1FB1BAD3790}] => (Allow) D:\Steam\SteamApps\common\NARUTO SHIPPUDEN Ultimate Ninja STORM 3 Full Burst\NS3FB_launcher.exe
FirewallRules: [TCP Query User{ECFB131C-F0EA-4FEA-B953-3734F3C809EB}D:\steam\steamapps\common\naruto shippuden ultimate ninja storm 3 full burst\ns3fb.exe] => (Allow) D:\steam\steamapps\common\naruto shippuden ultimate ninja storm 3 full burst\ns3fb.exe
FirewallRules: [UDP Query User{67C2BD29-3E03-4CD4-BE0B-54B932B4FF5C}D:\steam\steamapps\common\naruto shippuden ultimate ninja storm 3 full burst\ns3fb.exe] => (Allow) D:\steam\steamapps\common\naruto shippuden ultimate ninja storm 3 full burst\ns3fb.exe
FirewallRules: [{CD198907-58AC-4EF5-90F7-EA0DDF89F035}] => (Allow) D:\Steam\bin\steamwebhelper.exe
FirewallRules: [{53820AF7-5667-4A6E-B00D-5EBB38D6B5D0}] => (Allow) D:\Steam\bin\steamwebhelper.exe
FirewallRules: [{E6D9C79A-D956-4F9E-B83C-927661DF1CC5}] => (Allow) D:\Program Files (x86)\Origin Games\Battlefield Bad Company 2\BFBC2Game.exe
FirewallRules: [{9460BDE8-95B7-4A64-B7DB-3D9CBBB79D15}] => (Allow) D:\Program Files (x86)\Origin Games\Battlefield Bad Company 2\BFBC2Game.exe
FirewallRules: [{18D2BEDE-3596-4084-BBFA-29DCC4C26DC8}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{DEBAE4EA-66BD-421D-B257-00AAC9FCFF23}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{32ECDE8C-8479-467F-9730-6272B812A3B8}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{D036600F-B726-4B20-94AA-6DE28C2253A6}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [TCP Query User{C5CFE0A3-69ED-4E1D-B4AE-19283EE55B9B}H:\sonstiges\portable mal updater 2\malupdaterportable.exe] => (Allow) H:\sonstiges\portable mal updater 2\malupdaterportable.exe
FirewallRules: [UDP Query User{A2CBA3C1-C54E-49D8-971A-47CD3855CE8A}H:\sonstiges\portable mal updater 2\malupdaterportable.exe] => (Allow) H:\sonstiges\portable mal updater 2\malupdaterportable.exe
FirewallRules: [TCP Query User{E6411B6C-26D6-4F89-85C5-3F2F82886EFC}C:\program files (x86)\apmplanner2\apmplanner2.exe] => (Allow) C:\program files (x86)\apmplanner2\apmplanner2.exe
FirewallRules: [UDP Query User{6ACC6F20-A0B7-434C-8CFB-7359977C4E50}C:\program files (x86)\apmplanner2\apmplanner2.exe] => (Allow) C:\program files (x86)\apmplanner2\apmplanner2.exe
FirewallRules: [TCP Query User{2B52317E-E25D-4125-8121-49E572996F87}C:\program files (x86)\apmplanner2\apmplanner2.exe] => (Allow) C:\program files (x86)\apmplanner2\apmplanner2.exe
FirewallRules: [UDP Query User{D808E643-D367-4E0E-B323-6128B83B248E}C:\program files (x86)\apmplanner2\apmplanner2.exe] => (Allow) C:\program files (x86)\apmplanner2\apmplanner2.exe
FirewallRules: [TCP Query User{DE3EC9A0-0A84-4467-B9CE-58695302A8F8}C:\program files (x86)\mission planner\missionplanner.exe] => (Allow) C:\program files (x86)\mission planner\missionplanner.exe
FirewallRules: [UDP Query User{C593EC15-2E8A-44F7-9B67-3BA30AEA702B}C:\program files (x86)\mission planner\missionplanner.exe] => (Allow) C:\program files (x86)\mission planner\missionplanner.exe
FirewallRules: [TCP Query User{5C364D75-BE0F-4F79-9E96-E7387C18AD03}C:\program files (x86)\jdownloader\jre\bin\javaw.exe] => (Allow) C:\program files (x86)\jdownloader\jre\bin\javaw.exe
FirewallRules: [UDP Query User{AEEB0CCD-9338-4923-A198-3901B574EDB5}C:\program files (x86)\jdownloader\jre\bin\javaw.exe] => (Allow) C:\program files (x86)\jdownloader\jre\bin\javaw.exe
FirewallRules: [TCP Query User{83AA44E7-72A9-45F1-A23E-24078078B1EC}D:\program files (x86)\origin games\battlefield bad company 2\bfbc2game.exe] => (Allow) D:\program files (x86)\origin games\battlefield bad company 2\bfbc2game.exe
FirewallRules: [UDP Query User{6F7ED111-7BC0-46FB-A661-BB4DC39B1B6C}D:\program files (x86)\origin games\battlefield bad company 2\bfbc2game.exe] => (Allow) D:\program files (x86)\origin games\battlefield bad company 2\bfbc2game.exe
FirewallRules: [TCP Query User{1C49BBF5-A996-4249-A9B1-AA0841C67469}C:\program files (x86)\arduino\java\bin\javaw.exe] => (Allow) C:\program files (x86)\arduino\java\bin\javaw.exe
FirewallRules: [UDP Query User{8F0202A6-0D20-46DE-8016-A8737BC5A908}C:\program files (x86)\arduino\java\bin\javaw.exe] => (Allow) C:\program files (x86)\arduino\java\bin\javaw.exe
FirewallRules: [{B2525E85-C45A-4F40-BA80-F20070006670}] => (Allow) C:\Users\s\AppData\Local\Temp\WZSE0.TMP\FWE559TL\EPFWUPD.exe
FirewallRules: [{BC4D1824-6C0C-4ED6-9CCD-96C22EE4AAED}] => (Allow) C:\Users\s\AppData\Local\Temp\WZSE0.TMP\FWE559TL\EPFWUPD.exe
FirewallRules: [{47577A29-E74D-4D78-AE94-844AE7371D77}] => (Allow) D:\Battle.net\Battle.net.exe
FirewallRules: [{0A643A14-D352-43E7-AA3E-E353DDEA0137}] => (Allow) D:\Battle.net\Battle.net.exe
FirewallRules: [TCP Query User{49ED702F-691F-4504-9ADF-102F7879ED21}D:\heroes of the storm\versions\base34659\heroesofthestorm_x64.exe] => (Allow) D:\heroes of the storm\versions\base34659\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{A2364591-25C4-4E29-8984-F7C1C4475072}D:\heroes of the storm\versions\base34659\heroesofthestorm_x64.exe] => (Allow) D:\heroes of the storm\versions\base34659\heroesofthestorm_x64.exe
FirewallRules: [{501CF256-1365-4520-82BE-B13593B1F9F7}] => (Allow) D:\Program Files (x86)\Origin Games\Titanfall\Titanfall.exe
FirewallRules: [{955B7372-F570-4F3D-84D6-433AAC91C3B0}] => (Allow) D:\Program Files (x86)\Origin Games\Titanfall\Titanfall.exe
FirewallRules: [{C1B5F2A6-9E36-45BB-B74B-14BE9753988E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/26/2015 08:59:09 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert
.

Error: (04/26/2015 08:17:20 AM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [0]

Error: (04/25/2015 08:11:48 AM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [0]

Error: (04/24/2015 11:31:34 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [6]

Error: (04/24/2015 02:09:56 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [0]

Error: (04/23/2015 08:00:30 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [0]

Error: (04/23/2015 07:27:49 AM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [6]

Error: (04/22/2015 09:28:44 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert
.

Error: (04/20/2015 10:22:25 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest.

Error: (04/20/2015 08:40:43 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest.


System errors:
=============
Error: (04/27/2015 03:13:58 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Avira Email-Schutz" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.

Error: (04/27/2015 03:13:58 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (04/27/2015 03:13:58 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Message Queuing-Trigger" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (04/27/2015 03:13:58 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "PnkBstrA" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (04/27/2015 03:13:58 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NVIDIA Streamer Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (04/27/2015 03:13:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NVIDIA Network Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (04/27/2015 03:13:57 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Message Queuing" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (04/27/2015 03:13:57 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "IIS-Verwaltungsdienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Aufführung des konfigurierten Wiederherstellungsp.

Error: (04/27/2015 03:13:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NVIDIA GeForce Experience Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (04/27/2015 03:13:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Epson Scanner Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


Microsoft Office Sessions:
=========================
Error: (04/26/2015 08:59:09 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert

Error: (04/26/2015 08:17:20 AM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [0]

Error: (04/25/2015 08:11:48 AM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [0]

Error: (04/24/2015 11:31:34 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [6]

Error: (04/24/2015 02:09:56 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [0]

Error: (04/23/2015 08:00:30 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [0]

Error: (04/23/2015 07:27:49 AM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [6]

Error: (04/22/2015 09:28:44 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert

Error: (04/20/2015 10:22:25 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (04/20/2015 08:40:43 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifestC:\Users\s\Desktop\esetsmartinstaller_deu.exe


CodeIntegrity Errors:
===================================
  Date: 2015-04-27 13:44:58.881
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-04-27 13:44:58.710
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-04-27 13:44:58.539
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-04-27 13:44:58.370
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-04-27 13:44:58.189
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-04-27 13:44:58.023
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-04-27 13:44:57.852
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-04-27 13:44:57.686
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-04-27 13:44:57.517
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-04-27 13:44:57.351
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info =========================== 

Processor: AMD FX(tm)-4100 Quad-Core Processor 
Percentage of memory in use: 55%
Total physical RAM: 8174.11 MB
Available physical RAM: 3630.48 MB
Total Pagefile: 10862.11 MB
Available Pagefile: 4636.11 MB
Total Virtual: 131072 MB
Available Virtual: 131071.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.45 GB) (Free:29.4 GB) NTFS
Drive d: () (Fixed) (Total:119.24 GB) (Free:21.75 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: F59A644E)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: 8DA8688E)
Partition 1: (Not Active) - (Size=119.2 GB) - (Type=07 NTFS)

==================== End Of Log ============================
--- --- ---

Alt 28.04.2015, 16:28   #8
M-K-D-B
/// TB-Ausbilder
 
Chrome Virus "gighmmpiobklfepjocnamgkkbiglidom" - Standard

Chrome Virus "gighmmpiobklfepjocnamgkkbiglidom"


Servus,


bitte Google Chrome zurücksetzen:

Setze Google Chrome nach dieser Anleitung zurück.


Sonst noch Probleme?






Schritt 1

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset






Schritt 2
Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.






Bitte poste mit deiner nächsten Antwort
  • die Logdatei von ESET,
  • die Logdatei von SecurityCheck.
Alt 28.04.2015, 22:40   #9
BanRi
 
Chrome Virus "gighmmpiobklfepjocnamgkkbiglidom" - Standard

Chrome Virus "gighmmpiobklfepjocnamgkkbiglidom"


Hallo,

Chrome habe ich nach Anleitung zurück gesetzt.

Sonst sind keine weiteren Probleme.


Logdatei von ESET
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=29771da5c849a540a5838841150bf860
# engine=23603
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-04-28 07:44:57
# local_time=2015-04-28 09:44:57 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT 
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 54691 7332689 0 0
# scanned=257283
# found=0
# cleaned=0
# scan_time=13824
Logdatei von SecurityCheck
Code:
ATTFilter
 Results of screen317's Security Check version 1.00  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Avira Antivirus    
Windows Defender   
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Adobe Reader XI  
 Google Chrome (41.0.2272.118) 
 Google Chrome (42.0.2311.90) 
````````Process Check: objlist.exe by Laurent````````  
 Windows Defender MSMpEng.exe 
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````

Alt 29.04.2015, 13:17   #10
M-K-D-B
/// TB-Ausbilder
 
Chrome Virus "gighmmpiobklfepjocnamgkkbiglidom" - Standard

Chrome Virus "gighmmpiobklfepjocnamgkkbiglidom"


Wenn du keine Probleme mehr mit Malware hast, dann sind wir hier fertig. Deine Logdateien sind sauber.
Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern.


Cleanup:
(Die Reihenfolge ist hier entscheidend)

Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken.

Falls Combofix verwendet wurde:
Combofix deinstallieren
  • Wichtig: Bitte Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.
  • Drücke bitte die + R Taste und schreibe Combofix /Uninstall in das Ausführen-Fenster.
  • Klicke auf OK.
    Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert.
  • Nun die eben deaktivierten Programme wieder aktivieren.

Alle Logs gepostet? Dann lade Dir bitte DelFix herunter.
  • Schließe alle offenen Programme.
  • Starte die delfix.exe mit einem Doppelklick.
  • Setze vor jede Funktion ein Häkchen.
  • Klicke auf Start.

Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...und/oder das Forum mit einer kleinen Spende unterstützen.


Absicherung:
Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen:

Browser
Java
 Flash-Player
PDF-Reader

Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.
Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen.

Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.

Verwende ein einziges der folgenden Antivirusprogramme mit Echtzeitscanner und stets aktueller Signaturendatenbank:

   
 
 


Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen.

Optional:
NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen.
Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.


Lade Software von einem sauberen Portal wie .
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner .


Abschließend noch ein paar grundsätzliche Bemerkungen:
Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems.
Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.

Alt 03.05.2015, 14:06   #11
M-K-D-B
/// TB-Ausbilder
 
Chrome Virus "gighmmpiobklfepjocnamgkkbiglidom" - Standard

Chrome Virus "gighmmpiobklfepjocnamgkkbiglidom"


Ich bin froh, dass wir helfen konnten

In diesem Forum kannst du eine kurze Rückmeldung zur Bereinigung abgeben, sofern du das möchtest:
Lob, Kritik und Wünsche
Klicke dazu auf den Button "NEUES THEMA" und poste ein kleines Feedback. Vielen Dank!

Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke mir bitte eine PM.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen.

Alt 03.05.2015, 17:01   #12
BanRi
 
Chrome Virus "gighmmpiobklfepjocnamgkkbiglidom" - Standard

Chrome Virus "gighmmpiobklfepjocnamgkkbiglidom"


alles super , habe mich bei dir in "Lob, Kritik und Wünsche" schon bedankt

Antwort

Themen zu Chrome Virus "gighmmpiobklfepjocnamgkkbiglidom"
appdata, bericht, betriebssystem, browser, bytes, code, dateien, desktop, erstellt, explorer, firefox, folge, gen, google, hallo zusammen, internet explorer, internetbrowser, löschen, mozilla, nicht löschen, ordner, secure, server, virus, windows


« Laptop sehr langsam und stürzt immer ab | Windows 8.1: Fenster blinken und bei Videos erscheint immer wieder die Playleiste trotz keiner Mausbewegung »


Ähnliche Themen: Chrome Virus "gighmmpiobklfepjocnamgkkbiglidom"


  1. "Suspicious.Cloud.9" (Trojaner) und "SAPE.DnwldSponsor.2" (Virus?, vielleicht False Positive)
    Plagegeister aller Art und deren Bekämpfung - 22.08.2015 (23)
  2. ESET hat Diverses gefunden, Laptop extrem langsam, andauernde Fehlermeldungen Chrome"Ups Google Chrome ...."
    Plagegeister aller Art und deren Bekämpfung - 19.07.2015 (165)
  3. Diverse Malware ("CoolSaleCoupon", "ddownlloaditkeep", "omiga-plus", "SaveSense", "SaleItCoupon"); lahmer PC & viel Werbung!
    Plagegeister aller Art und deren Bekämpfung - 11.01.2015 (16)
  4. Windows 8.1: Avira findet "TR/Swrort.A.10259" in "C:\Program Files (x86)\Google\Chrome\Application\old_chrome.exe"
    Plagegeister aller Art und deren Bekämpfung - 23.07.2014 (3)
  5. "monstermarketplace.com" Infektion und ihre Folgen; "Anti-Virus-Blocker"," unsichtbare Toolbars" + "Browser-Hijacker" von selbst installiert
    Log-Analyse und Auswertung - 16.11.2013 (21)
  6. Windows XP Nach Installation von HP Player immer zwei Startseiten beim Öffnen von Google chrome "start.iminent.com" und "Search gol"
    Log-Analyse und Auswertung - 08.10.2013 (5)
  7. Sicherheitscenter deaktiviert und Virus "ADWARE/InstallCo.HA" "ADWARE/bProtect.D" "TR/Mevade.A.95" gefunden
    Log-Analyse und Auswertung - 10.09.2013 (10)
  8. Diverse "Buren" "Lamar" sowie ein Exploit Virus entdeckt
    Plagegeister aller Art und deren Bekämpfung - 04.09.2013 (13)
  9. "Redirect-Virus" unter Windows 8 / "document has moved redirecting..."
    Plagegeister aller Art und deren Bekämpfung - 23.01.2013 (11)
  10. "Funmoods Search" Startseite in Chrome lässt sich nicht entfernen - möglicher Virus?
    Plagegeister aller Art und deren Bekämpfung - 22.01.2013 (9)
  11. Diverse Fehlermeldungen bei Start des Systems nach "Entfernen" des "Polizei-Virus"
    Log-Analyse und Auswertung - 27.10.2012 (10)
  12. "Falsche" E-Mail von Freund mit Link ins Netz -> Virus oder nur "Werbung"?
    Log-Analyse und Auswertung - 30.07.2012 (1)
  13. Vermehrtes Virenvrkommen nach "50€-Virus" unteranderem "TR/injetor569344.5"
    Plagegeister aller Art und deren Bekämpfung - 04.02.2012 (1)
  14. Verspätetes "Xmas-geschenk": 50€-Virus mit Text "System wird aus sicherheitsgründen blockiert"
    Log-Analyse und Auswertung - 02.01.2012 (5)
  15. Trojaner/Virus lähmt das Internet "extrem". "TR/Cospet.EO.1" !
    Plagegeister aller Art und deren Bekämpfung - 10.06.2010 (11)
  16. "Adware.Virtumonde"/"Downloader.MisleadApp"/"TR/VB.agt.4"/"NewDotNet.A.1350"/"Fakerec
    Plagegeister aller Art und deren Bekämpfung - 22.08.2008 (6)
  17. Bekomme "http://default.home/" und "ACCESS BLOCKED - VIRUS WARNING" nicht mehr los
    Log-Analyse und Auswertung - 16.01.2005 (5)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Chrome Virus "gighmmpiobklfepjocnamgkkbiglidom" - Hallo zusammen, und zwar wende ich mich an euch da ich mir vermutlich einen Virus eingefangen habe. (Ich nenne es jetzt einfach mal Virus! ob es einer ist weiß ich - Chrome Virus "gighmmpiobklfepjocnamgkkbiglidom"...
Archiv
Du betrachtest: Chrome Virus "gighmmpiobklfepjocnamgkkbiglidom" auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131