Trojaner-Board - Offen Unerwünschte Startseite/Suchmaschine/Erweiterungen: 'fbdownloader'; PUA/DownloadSponsor.Gen; Win8.1 64-Bit

Hallo cosinus,

danke für die schnelle Antwort. Nein, Avira ist das einzige Programm das ausgeführt wurde. Hier die Logs:

Code:


 

Typ:        Datei

Quelle:        C:\Users\****\Downloads\Thunderbird - CHIP-Installer.exe

Status:        Infiziert

Quarantäne-Objekt:        5061288a.qua

Wiederhergestellt:        NEIN

Zu Avira hochgeladen:        NEIN

Betriebssystem:        Windows XP/VISTA Workstation/Windows 7

Suchengine:        8.03.30.10

Virendefinitionsdatei:        8.11.221.214

Gefunden:        PUA/DownloadSponsor.Gen

Datum/Uhrzeit:        07/04/2015, 13:05
 
 

Typ:        Datei

Quelle:        C:\Users\****\Downloads\VLC media player 32 Bit - CHIP-Installer.exe

Status:        Infiziert

Quarantäne-Objekt:        486979e7.qua

Wiederhergestellt:        NEIN

Zu Avira hochgeladen:        NEIN

Betriebssystem:        Windows XP/VISTA Workstation/Windows 7

Suchengine:        8.03.28.32

Virendefinitionsdatei:        8.11.215.32

Gefunden:        PUA/DownloadSponsor.Gen

Datum/Uhrzeit:        09/03/2015, 17:07
 
 

Typ:        Datei

Quelle:        C:\Program Files (x86)\MyPC Backup\DEL_UnRegisterExtensions.exe

Status:        Verdächtig

Quarantäne-Objekt:        50f74071.qua

Wiederhergestellt:        NEIN

Zu Avira hochgeladen:        NEIN

Betriebssystem:        Windows XP/VISTA Workstation/Windows 7

Suchengine:        unknown

Virendefinitionsdatei:        unknown

Gefunden:        Verdächtige Datei

Datum/Uhrzeit:        09/03/2015, 17:07
 
 

Typ:        Datei

Quelle:        C:\Users\****\AppData\Roaming\Seventh\Seventh.exe

Status:        Infiziert

Quarantäne-Objekt:        51eecfd7.qua

Wiederhergestellt:        NEIN

Zu Avira hochgeladen:        NEIN

Betriebssystem:        Windows XP/VISTA Workstation/Windows 7

Suchengine:        8.03.24.36

Virendefinitionsdatei:        8.11.178.06

Gefunden:        TR/Agent.83648

Datum/Uhrzeit:        14/10/2014, 20:34
 
 

Typ:        Datei

Quelle:        C:\Users\****\AppData\Roaming\SCheck\ntcrxinst.exe

Status:        Infiziert

Quarantäne-Objekt:        48900296.qua

Wiederhergestellt:        NEIN

Zu Avira hochgeladen:        NEIN

Betriebssystem:        Windows XP/VISTA Workstation/Windows 7

Suchengine:        8.03.24.06

Virendefinitionsdatei:        8.11.166.208

Gefunden:        TR/Crypt.XPACK.Gen3

Datum/Uhrzeit:        12/08/2014, 23:58
 
 

Typ:        Datei

Quelle:        C:\Users\****\AppData\Roaming\SCheck\ntxpiinst.exe

Status:        Infiziert

Quarantäne-Objekt:        50282d31.qua

Wiederhergestellt:        NEIN

Zu Avira hochgeladen:        NEIN

Betriebssystem:        Windows XP/VISTA Workstation/Windows 7

Suchengine:        8.03.24.06

Virendefinitionsdatei:        8.11.166.208

Gefunden:        TR/Crypt.XPACK.Gen3

Datum/Uhrzeit:        12/08/2014, 23:58
 
 

Typ:        Datei

Quelle:        C:\Users\****\AppData\Roaming\Snz\Snz.exe

Status:        Infiziert

Quarantäne-Objekt:        56e10ebf.qua

Wiederhergestellt:        NEIN

Zu Avira hochgeladen:        NEIN

Betriebssystem:        Windows XP/VISTA Workstation/Windows 7

Suchengine:        8.03.24.06

Virendefinitionsdatei:        8.11.166.78

Gefunden:        TR/Crypt.XPACK.Gen3

Datum/Uhrzeit:        10/08/2014, 18:44
 
 

Typ:        Datei

Quelle:        C:\$Recycle.Bin\S-1-5-21-3718987256-3696895883-2711694715-1002\$R7NXLQL.exe

Status:        Infiziert

Quarantäne-Objekt:        50fbd973.qua

Wiederhergestellt:        NEIN

Zu Avira hochgeladen:        NEIN

Betriebssystem:        Windows XP/VISTA Workstation/Windows 7

Suchengine:        8.03.22.12

Virendefinitionsdatei:        8.11.163.68

Gefunden:        ADWARE/InstallCore.Gen7

Datum/Uhrzeit:        21/07/2014, 19:22
 
 

Typ:        Datei

Quelle:        C:\Users\****\AppData\Local\Temp\ICReinstall_ImageEditorSetup.exe

Status:        Infiziert

Quarantäne-Objekt:        5107dae7.qua

Wiederhergestellt:        NEIN

Zu Avira hochgeladen:        NEIN

Betriebssystem:        Windows XP/VISTA Workstation/Windows 7

Suchengine:        8.03.22.12

Virendefinitionsdatei:        8.11.163.68

Gefunden:        ADWARE/InstallCore.Gen7

Datum/Uhrzeit:        21/07/2014, 19:21

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-04-2015

Ran by **** (administrator) on **** on 13-04-2015 21:35:49

Running from C:\Users\****\Downloads

Loaded Profiles: **** (Available profiles: UpdatusUser & ****)

Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)

Internet Explorer Version 11 (Default browser: FF)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 

==================== Processes (Whitelisted) =================
 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Microsoft Corporation) C:\Windows\System32\dasHost.exe

(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe

(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe

(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe

(Microsoft Corporation) C:\Windows\System32\alg.exe

(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe

(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe

(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe

(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe

(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe

(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe

(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe

(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe

(Spotify Ltd) C:\Users\****\AppData\Roaming\Spotify\SpotifyWebHelper.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe

(Windows Net) C:\Users\****\AppData\Roaming\Windows Net Data\net.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe

(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe

(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe

(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe

(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe

(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe

(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_235.exe

(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_235.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Spotify Ltd) C:\Users\****\AppData\Roaming\Spotify\Spotify.exe

(Spotify Ltd) C:\Users\****\AppData\Roaming\Spotify\SpotifyCrashService.exe

(Spotify Ltd) C:\Users\****\AppData\Roaming\Spotify\Spotify.exe

(Spotify Ltd) C:\Users\****\AppData\Roaming\Spotify\Spotify.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
 
 

==================== Registry (Whitelisted) ==================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13192848 2012-08-20] (Realtek Semiconductor)

HKLM\...\Run: [AuditSHD] => C:\windows\system32\oobe\auditshd.exe [30208 2014-10-29] (Microsoft Corporation)

HKLM\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [107192 2012-08-24] (ASUS)

HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3331312 2012-08-17] (ASUSTek Computer Inc.)

HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.6.112\AsusWSPanel.exe [3411328 2012-07-24] (ASUS Cloud Corporation)

HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)

HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [726320 2015-04-01] (Avira Operations GmbH & Co. KG)

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)

HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)

HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)

Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)

HKU\S-1-5-21-3718987256-3696895883-2711694715-1002\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-10-17] (Apple Inc.)

HKU\S-1-5-21-3718987256-3696895883-2711694715-1002\...\Run: [SSync] => C:\Users\****\AppData\Roaming\SSync\SSync.exe [36864 2013-04-10] ()

HKU\S-1-5-21-3718987256-3696895883-2711694715-1002\...\Run: [OMESupervisor] => C:\Users\****\AppData\Local\omesuperv.exe [939496 2015-04-02] ()

HKU\S-1-5-21-3718987256-3696895883-2711694715-1002\...\Run: [Spotify Web Helper] => C:\Users\****\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2018360 2015-04-07] (Spotify Ltd)

HKU\S-1-5-21-3718987256-3696895883-2711694715-1002\...\Run: [Sixth] => C:\Users\****\AppData\Roaming\Sixth\Sixth.exe [74470 2014-11-24] ()

HKU\S-1-5-21-3718987256-3696895883-2711694715-1002\...\Run: [Seventh] => C:\Users\****\AppData\Roaming\Seventh\Seventh.exe [98491 2015-02-22] ()

HKU\S-1-5-21-3718987256-3696895883-2711694715-1002\...\Run: [Spotify] => C:\Users\****\AppData\Roaming\Spotify\Spotify.exe [7112248 2015-04-07] (Spotify Ltd)

HKU\S-1-5-21-3718987256-3696895883-2711694715-1002\...\Run: [SCheck] => C:\Users\****\AppData\Roaming\SCheck\SCheck.exe [37376 2013-12-09] ()

HKU\S-1-5-21-3718987256-3696895883-2711694715-1002\...\Run: [Snoozer] => C:\Users\****\AppData\Roaming\Snz\Snz.exe [1641160 2015-04-06] ()

HKU\S-1-5-21-3718987256-3696895883-2711694715-1002\...\Run: [DataMgr] => C:\Users\****\AppData\Roaming\DataMgr\DataMgr.exe [168848 2013-06-26] (HTTO Group, Ltd.)

HKU\S-1-5-21-3718987256-3696895883-2711694715-1002\...\Run: [Intermediate] => C:\Users\****\AppData\Roaming\Intermediate\Intermediate.exe [37376 2013-12-09] ()

HKU\S-1-5-21-3718987256-3696895883-2711694715-1002\...\Policies\Explorer: [DisallowRun] 1

HKU\S-1-5-21-3718987256-3696895883-2711694715-1002\...\MountPoints2: {053d9404-ddc4-11e3-be97-08606e055dfd} - "G:\LGAutoRun.exe" 

HKU\S-1-5-21-3718987256-3696895883-2711694715-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\SysWOW64\STANDA~1.SCR [232448 2012-06-08] ()

HKU\User-3\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2014-10-29] (Microsoft Corporation)

AppInit_DLLs: C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL => C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvStInit64.dll [18856 2012-10-02] (NVIDIA Corporation)

AppInit_DLLs: ,C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-12-10] (NVIDIA Corporation)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk

ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe (ASUSTeK Computer Inc.)

Startup: C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\net.lnk

ShortcutTarget: net.lnk -> C:\Users\****\AppData\Roaming\Windows Net Data\net.exe (Windows Net)

ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.6.112\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)

ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.6.112\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)

ShellIconOverlayIdentifiers: [AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.6.112\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
 

==================== Internet (Whitelisted) ====================
 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKU\S-1-5-21-3718987256-3696895883-2711694715-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com

HKU\S-1-5-21-3718987256-3696895883-2711694715-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.giga.de/software/

HKU\S-1-5-21-3718987256-3696895883-2711694715-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.fbdownloader.com/?channel=fpo

URLSearchHook: HKU\S-1-5-21-3718987256-3696895883-2711694715-1002 - (No Name) - {D8278076-BC68-4484-9233-6E7F1628B56C} - No File

SearchScopes: HKU\S-1-5-21-3718987256-3696895883-2711694715-1002 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://search.fbdownloader.com/search.php?channel=fpo&q={searchTerms}

SearchScopes: HKU\S-1-5-21-3718987256-3696895883-2711694715-1002 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://search.fbdownloader.com/search.php?channel=fpo&q={searchTerms}

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)

BHO-x32: PiccShare BHO -> {553318DA-D010-469E-84B1-496563CAE1C0} -> C:\Users\****\AppData\Local\ext_piccshare\ext_piccshare.dll [2013-06-26] (HTTO Group, Ltd)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)

BHO-x32: ChromeFrame BHO -> {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} -> C:\Program Files (x86)\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll [2014-02-02] (Google Inc.)

DPF: HKLM-x32 {82E5DF24-51E8-47CD-864A-F4BD5005AA73} https://www.icloud.com/system/iCloud.cab

Handler-x32: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll [2014-02-02] (Google Inc.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.2
 

FireFox:

========

FF ProfilePath: C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\ca3qt68x.default-1415723533465

FF DefaultSearchEngine: Search

FF DefaultSearchUrl: hxxp://search.fbdownloader.com/search.php?channel=fpo&q=

FF SelectedSearchEngine: Search

FF Homepage: hxxp://www.google.de/

FF Keyword.URL: hxxp://search.fbdownloader.com/search.php?channel=fpo&q=

FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll [2014-12-12] ()

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll [2014-12-12] ()

FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1214154.dll [2014-11-26] (Adobe Systems, Inc.)

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)

FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2012-10-02] (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2012-10-02] (NVIDIA Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)

FF Plugin HKU\S-1-5-21-3718987256-3696895883-2711694715-1002: bebomedia.com/OfferMosquitoIEHelper -> C:\Users\****\AppData\Local\ext_offermosquito\npOfferMosquitoIEHelper.dll [2013-12-24] (Bebo Media Ltd)

FF Extension: FavGenius - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\ca3qt68x.default-1415723533465\Extensions\fg@favgenius.com.xpi [2015-03-30]

FF Extension: Adblock Plus - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\ca3qt68x.default-1415723533465\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-11]

FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
 

Chrome: 

=======

CHR StartupUrls: Default -> "http:\/\/search.fbdownloader.com\/?channel=fpo"

CHR DefaultSuggestURL: Default -> 

CHR Profile: C:\Users\****\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (AdBlock) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-11-02]

CHR Extension: (FavGenius) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\llpnaddghmkpkmnghbdpahlgncpieofn [2015-03-02]

CHR Extension: (Google Wallet) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-01]

CHR Extension: (Simple New Tab) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmgkeimkiojpjcoiiipekfjaopchhjga [2015-01-18]

CHR HKU\S-1-5-21-3718987256-3696895883-2711694715-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [docfnddcclkgokdfpnmngpiliiachclb] - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\ext_piccshare\ext_piccshare.crx [2013-06-26]

CHR HKU\S-1-5-21-3718987256-3696895883-2711694715-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [gbmdkmlcnbapgegninelmjbfibaghdmk] - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\ext_offermosquito\ext_offermosquito.crx [2013-12-19]

CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [mkcedibhemacmilmkpndpkoidlnmgngg] - C:\Users\****\ChromeExtensions\mkcedibhemacmilmkpndpkoidlnmgngg\amazon.crx [2014-01-13]
 

==================== Services (Whitelisted) =================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [815920 2015-04-01] (Avira Operations GmbH & Co. KG)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-04-01] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-04-01] (Avira Operations GmbH & Co. KG)

S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1004280 2015-04-01] (Avira Operations GmbH & Co. KG)

R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)

R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)

S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)

R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)

S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272176 2012-11-15] ()

S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)

R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [1153840 2012-11-15] (Intel® Corporation)
 

==================== Drivers (Whitelisted) ====================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [61824 2012-10-31] (ASUS Corporation)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-03-04] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132120 2015-03-04] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-01-24] (Avira Operations GmbH & Co. KG)

R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43576 2015-03-04] (Avira Operations GmbH & Co. KG)

R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )

S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
 

==================== NetSvcs (Whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 

==================== One Month Created Files and Folders ========
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2015-04-13 21:35 - 2015-04-13 21:36 - 00020875 _____ () C:\Users\****\Downloads\FRST.txt

2015-04-13 21:35 - 2015-04-13 21:35 - 00000000 ____D () C:\FRST

2015-04-13 21:34 - 2015-04-13 21:34 - 02096640 _____ (Farbar) C:\Users\****\Downloads\FRST64.exe

2015-04-13 17:22 - 2015-04-13 17:22 - 00000000 ____D () C:\Users\****\Downloads\Grass__Gunter_Die_Blechtrommel_114c475ce06a3367cedf783811c32c32

2015-04-13 17:18 - 2015-04-13 17:22 - 497818663 _____ () C:\Users\****\Downloads\Grass__Gunter_Die_Blechtrommel_114c475ce06a3367cedf783811c32c32.zip

2015-04-13 14:46 - 2015-04-13 14:46 - 00000000 ____D () C:\Users\****\AppData\Roaming\Snz

2015-04-13 12:10 - 2015-04-13 12:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2015-04-07 21:55 - 2015-04-07 21:55 - 00000000 ___SD () C:\WINDOWS\SysWOW64\GWX

2015-04-07 21:55 - 2015-04-07 21:55 - 00000000 ___SD () C:\WINDOWS\system32\GWX

2015-04-02 20:01 - 2015-04-02 20:01 - 00939496 _____ () C:\Users\****\AppData\Local\omesuperv.exe

2015-03-22 18:31 - 2015-03-27 20:32 - 00021364 _____ () C:\Users\****\Desktop\Einkaufsliste.odt

2015-03-14 20:23 - 2015-03-04 23:24 - 00792032 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe

2015-03-14 20:23 - 2015-03-04 23:24 - 00178144 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
 

==================== One Month Modified Files and Folders =======
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2015-04-13 21:29 - 2014-11-04 19:17 - 01671108 _____ () C:\WINDOWS\WindowsUpdate.log

2015-04-13 21:22 - 2014-08-09 20:49 - 00000000 ____D () C:\Users\****\AppData\Roaming\Spotify

2015-04-13 21:07 - 2014-05-14 15:36 - 00000000 ____D () C:\Users\****\Desktop\****

2015-04-13 21:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru

2015-04-13 20:45 - 2013-05-04 23:56 - 00001146 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

2015-04-13 19:57 - 2014-08-09 20:50 - 00000000 ____D () C:\Users\****\AppData\Local\Spotify

2015-04-13 16:10 - 2014-11-05 17:52 - 00300544 ___SH () C:\Users\****\Desktop\Thumbs.db

2015-04-13 15:42 - 2014-09-24 08:17 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI

2015-04-13 15:42 - 2014-09-24 07:43 - 00765582 _____ () C:\WINDOWS\system32\perfh007.dat

2015-04-13 15:42 - 2014-09-24 07:43 - 00159366 _____ () C:\WINDOWS\system32\perfc007.dat

2015-04-13 14:50 - 2013-05-04 23:55 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3718987256-3696895883-2711694715-1002

2015-04-13 14:47 - 2014-12-01 11:21 - 00000000 ____D () C:\Users\****\OneDrive

2015-04-13 14:47 - 2013-07-05 20:17 - 00000000 ____D () C:\Users\****\AppData\Roaming\Intermediate

2015-04-13 14:46 - 2014-08-24 15:44 - 00000000 ____D () C:\Users\****\AppData\Roaming\Seventh

2015-04-13 14:46 - 2014-04-18 23:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2015-04-13 14:46 - 2013-07-05 20:17 - 00000000 ____D () C:\Users\****\AppData\Roaming\DataMgr

2015-04-13 14:45 - 2014-11-04 19:25 - 00000000 ____D () C:\Users\****

2015-04-13 14:45 - 2013-07-25 03:34 - 00000432 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.ics

2015-04-13 14:45 - 2013-05-04 23:56 - 00001142 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

2015-04-13 14:45 - 2013-05-04 23:50 - 00000416 _____ () C:\Users\****\AppData\Roaming\sp_data.sys

2015-04-13 14:44 - 2013-08-22 16:46 - 00344013 _____ () C:\WINDOWS\setupact.log

2015-04-13 14:44 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT

2015-04-13 14:44 - 2013-03-27 10:51 - 00000000 ____D () C:\ProgramData\NVIDIA

2015-04-13 14:43 - 2014-09-23 23:06 - 00227364 _____ () C:\WINDOWS\PFRO.log

2015-04-09 16:22 - 2014-08-05 14:01 - 00000000 ____D () C:\ProgramData\Package Cache

2015-04-09 16:21 - 2013-07-02 16:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira

2015-04-09 16:21 - 2013-07-02 16:10 - 00000000 ____D () C:\Program Files (x86)\Avira

2015-04-07 23:42 - 2014-08-09 20:50 - 00001880 _____ () C:\Users\****\Desktop\Spotify.lnk

2015-04-07 23:42 - 2014-08-09 20:50 - 00001866 _____ () C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk

2015-04-07 21:55 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp

2015-04-07 13:30 - 2014-11-04 23:42 - 23144960 ___SH () C:\Users\****\Downloads\Thumbs.db

2015-04-03 03:45 - 2013-05-04 23:57 - 00002197 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2015-04-01 15:13 - 2013-07-02 16:16 - 00000000 ____D () C:\Users\****\AppData\Roaming\Avira

2015-04-01 15:13 - 2013-07-02 16:10 - 00000000 ____D () C:\ProgramData\Avira

2015-03-27 20:35 - 2013-08-22 15:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI

2015-03-23 19:58 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\NDF

2015-03-15 20:42 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache

2015-03-14 20:22 - 2013-08-22 17:37 - 00005217 _____ () C:\WINDOWS\DtcInstall.log

2015-03-14 20:21 - 2013-08-22 16:44 - 00435512 _____ () C:\WINDOWS\system32\FNTCACHE.DAT

2015-03-14 20:11 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData

2015-03-14 20:11 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools

2015-03-14 20:11 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools

2015-03-14 20:11 - 2013-08-22 17:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories

2015-03-14 20:11 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\WinStore

2015-03-14 20:11 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows Defender

2015-03-14 20:11 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender

2015-03-14 20:10 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

2015-03-14 20:10 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility

2015-03-14 20:10 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

2015-03-14 20:10 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility

2015-03-14 20:10 - 2013-08-22 17:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools

2015-03-14 20:10 - 2013-08-22 17:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility

2015-03-14 20:10 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\MediaViewer

2015-03-14 20:10 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\FileManager

2015-03-14 20:10 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\Camera

2015-03-14 20:09 - 2014-09-24 08:00 - 00000000 ____D () C:\Program Files\Windows Journal

2015-03-14 20:09 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Com

2015-03-14 20:09 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows Portable Devices

2015-03-14 20:09 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows Photo Viewer

2015-03-14 20:09 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows Multimedia Platform

2015-03-14 20:09 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Common Files\System

2015-03-14 20:09 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\oobe

2015-03-14 20:09 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\servicing

2015-03-14 20:08 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\sppui

2015-03-14 20:08 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\setup

2015-03-14 20:08 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\migwiz

2015-03-14 20:08 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Dism

2015-03-14 20:03 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel

2015-03-14 20:03 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\WinBioPlugIns

2015-03-14 20:03 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sppui

2015-03-14 20:03 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\setup

2015-03-14 20:03 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\Com

2015-03-14 20:03 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\IME

2015-03-14 20:03 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\Sysprep

2015-03-14 20:03 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\oobe

2015-03-14 20:02 - 2014-09-24 09:43 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel

2015-03-14 20:02 - 2013-08-22 17:36 - 00000000 ___SD () C:\WINDOWS\system32\dsc

2015-03-14 20:02 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\SystemResetPlatform

2015-03-14 20:02 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\migwiz

2015-03-14 20:02 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\Dism

2015-03-14 19:56 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files (x86)\Windows Portable Devices

2015-03-14 19:56 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Viewer

2015-03-14 19:56 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files (x86)\Windows Multimedia Platform

2015-03-14 19:55 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\WindowsPowerShell
 

==================== Files in the root of some directories =======
 

2013-07-02 16:31 - 2013-07-02 16:31 - 0000021 _____ () C:\Users\****\AppData\Roaming\my_intel.sys

2013-05-04 23:50 - 2015-04-13 14:45 - 0000416 _____ () C:\Users\****\AppData\Roaming\sp_data.sys

2013-06-26 08:53 - 2013-06-26 08:53 - 0044216 _____ () C:\Users\****\AppData\Local\ext_piccshare_uninst.exe

2015-04-02 20:01 - 2015-04-02 20:01 - 0939496 _____ () C:\Users\****\AppData\Local\omesuperv.exe
 

Files to move or delete:

====================

C:\Users\Public\AlexaNSISPlugin.5188.dll
 
 

Some content of TEMP:

====================

C:\Users\****\AppData\Local\Temp\avgnt.exe
 
 

==================== Bamital & volsnap Check =================
 

(There is no automatic fix for files that do not pass verification.)
 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2015-04-10 10:47
 

==================== End Of Log ============================

--- --- ---

--- --- ---

Code:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-04-2015

Ran by **** at 2015-04-13 21:37:57

Running from C:\Users\****\Downloads

Boot Mode: Normal

==========================================================
 
 

==================== Security Center ========================
 

(If an entry is included in the fixlist, it will be removed.)
 

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 

==================== Installed Programs ======================
 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 

Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)

Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.4.154 - Adobe Systems, Inc.)

Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

ASUS InstantOn (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 3.0.2 - ASUS)

ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.1.5 - ASUS)

ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.8 - ASUS)

ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 2.0.4 - ASUS)

ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 1.0.35 - ASUS)

ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.03.0004 - ASUS)

ASUS Tutor (HKLM-x32\...\{58172D66-2F69-4215-9AEC-ED8196023736}) (Version: 1.0.7 - ASUS)

ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.4 - ASUS)

ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.6.112 - ASUS Cloud Corporation)

ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4126.52 - CyberLink Corp.)

ASUSDVD (x32 Version: 10.0.4126.52 - CyberLink Corp.) Hidden

AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.10.168 - ASUSTEK)

ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0022 - ASUS)

Avira (HKLM-x32\...\{b5675cc4-ab8b-4945-8c1d-4c5479556d6a}) (Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG)

Avira (x32 Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG) Hidden

Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.9.504 - Avira Operations GmbH & Co. KG)

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

Canon MG5100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5100_series) (Version:  - )

Canon MP Navigator EX 4.0 (HKLM-x32\...\MP Navigator EX 4.0) (Version:  - )

CDBurnerXP (HKLM-x32\...\{909A791A-DBB0-432F-BC0E-D0C81925E340}) (Version: 4.5.3.4746 - Canneverbe Limited)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.118 - Google Inc.)

Google Chrome Frame (HKLM-x32\...\{1F0342F5-8369-3CD1-99DD-E9BC44473708}) (Version: 65.107.16500 - Google, Inc.)

Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden

iCloud (HKLM\...\{2AAF09D5-4B3F-4975-B6A9-ECE2631FC942}) (Version: 4.0.5.20 - Apple Inc.)

Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)

Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation)

Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (HKLM\...\{F13921D6-AE6D-41BF-807A-17BD99C0A4FD}) (Version: 15.5.5.0480 - Intel Corporation)

Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)

Intel® PROSet/Wireless WiFi Software (HKLM\...\{962E1735-D2E0-4813-AB9F-C6CBA09E759A}) (Version: 15.05.7000.1709 - Intel Corporation)

iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)

Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)

Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)

Mozilla Firefox 37.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 37.0.1 (x86 de)) (Version: 37.0.1 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.6.0 - Mozilla)

Mystery Places - Das Geheimnis der Geisterstadt (HKLM-x32\...\Mystery Places - Das Geheimnis der Geisterstadt) (Version:  - )

Mystery Places - Das Geheimnis der Geistervilla (HKLM-x32\...\Mystery Places - Das Geheimnis der Geistervilla) (Version:  - )

NVIDIA 3D Vision Treiber 306.97 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 306.97 - NVIDIA Corporation)

NVIDIA Grafiktreiber 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation)

NVIDIA HD Audio Driver 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)

NVIDIA PhysX System Software 9.12.0613 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0613 - NVIDIA Corporation)

NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)

OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)

PiccShare (HKU\S-1-5-21-3718987256-3696895883-2711694715-1002\...\PiccShare) (Version: 2.0 - HTTO Group Ltd)

Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)

QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6716 - Realtek Semiconductor Corp.)

Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.8400.27023 - Realtek Semiconductor Corp.)

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)

Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)

Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)

Spotify (HKU\S-1-5-21-3718987256-3696895883-2711694715-1002\...\Spotify) (Version: 1.0.3.101.gbfa97dfe - Spotify AB)

Standard Time Version 1.1 (HKLM-x32\...\{46BF1117-D50B-4C2B-A19A-7ECD1A0EBA61}_is1) (Version: 1.1 - Datenstrudel GbR)

swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden

UseNeXT by Tangysoft (HKLM-x32\...\UseNeXT by Tangysoft_is1) (Version:  - Tangysoft Ltd.)

VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)

Windows Utils (HKLM-x32\...\Windows Utils) (Version:  - )

Windows-Treiberpaket - ASUS (ATP) Mouse  (10/29/2012 1.0.0.148) (HKLM\...\C01F56FBD9B141017E63E2A1A141E59934D4DC67) (Version: 10/29/2012 1.0.0.148 - ASUS)

WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.1 - ASUS)
 

==================== Custom CLSID (selected items): ==========================
 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 

==================== Restore Points  =========================
 

27-03-2015 23:50:29 Geplanter Prüfpunkt

07-04-2015 21:54:03 Windows Update
 

==================== Hosts content: ==========================
 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 

==================== Scheduled Tasks (whitelisted) =============
 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 

Task: {13C85C41-2A7D-428D-8B34-E8BA34324025} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc

Task: {1A33D94C-82A5-4294-B3B8-6A3484753CD0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {35974AF2-E186-474E-A84B-49A92E28601F} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)

Task: {62DB4409-46A1-4995-8252-9E291939F45D} - System32\Tasks\ASUS Touchpad Launcher (x64) => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2012-10-31] (AsusTek)

Task: {8FFF272F-61D1-4B85-9141-25DD3C854834} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-04] (Google Inc.)

Task: {928DC4A9-DA8A-40B9-8F9F-9EC4ECE8C38A} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)

Task: {98397365-3B85-413F-A339-399470DB754A} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)

Task: {A8F96243-C911-4916-8EAC-22084AD9255D} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-07-25] (ASUSTeK Computer Inc.)

Task: {B53CB93E-B21F-4562-9EB7-B842DD31AF06} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-07-24] (ASUSTek Computer Inc.)

Task: {BC001EE7-60C4-4800-90EA-79492342C8AA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-04] (Google Inc.)

Task: {DD371991-91F0-4D6C-8A02-88C41D19167E} - System32\Tasks\ASUS InstantOn Config => C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe [2012-08-06] (ASUS)

Task: {DF600A1D-9DAE-411E-AED0-2D42E45644FD} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)

Task: {EEF1B76F-17DA-4689-A93C-954CE61875F0} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-08-24] (ASUS)

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 

==================== Loaded Modules (whitelisted) ==============
 

2013-12-10 09:13 - 2013-12-10 09:13 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll

2012-08-24 19:26 - 2012-08-24 19:26 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll

2014-11-04 19:18 - 2013-10-23 10:20 - 00102176 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll

2014-07-31 12:16 - 2014-07-31 12:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

2014-10-11 14:05 - 2014-10-11 14:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

2013-12-10 09:13 - 2013-12-10 09:13 - 00013088 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll

2012-08-24 19:17 - 2012-08-24 19:17 - 00009216 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll

2013-03-27 10:45 - 2012-06-25 12:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

2015-03-11 13:36 - 2015-04-07 23:42 - 40506936 _____ () C:\Users\****\AppData\Roaming\Spotify\libcef.dll

2015-03-11 13:36 - 2015-04-07 23:42 - 01365560 _____ () C:\Users\****\AppData\Roaming\Spotify\libglesv2.dll

2015-03-11 13:36 - 2015-04-07 23:42 - 00219192 _____ () C:\Users\****\AppData\Roaming\Spotify\libegl.dll

2015-03-11 13:36 - 2015-03-26 13:58 - 09305656 _____ () C:\Users\****\AppData\Roaming\Spotify\pdf.dll

2015-03-11 13:36 - 2015-04-07 23:42 - 00990776 _____ () C:\Users\****\AppData\Roaming\Spotify\ffmpegsumo.dll
 

==================== Alternate Data Streams (whitelisted) =========
 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 

AlternateDataStreams: C:\ProgramData\Temp:87A3A233

AlternateDataStreams: C:\Users\****\OneDrive:ms-properties
 

==================== Safe Mode (whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 

==================== EXE Association (whitelisted) ===============
 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 

==================== Other Areas ============================
 

(Currently there is no automatic fix for this section.)
 

HKU\S-1-5-21-3718987256-3696895883-2711694715-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\****\Desktop\****\****3.jpg

HKU\User-3\Control Panel\Desktop\\Wallpaper -> 

DNS Servers: 192.168.0.1 - 192.168.0.2
 

==================== MSCONFIG/TASK MANAGER disabled items ==
 

(Currently there is no automatic fix for this section.)
 

HKLM\...\StartupApproved\StartupFolder: => "AsusVibeLauncher.lnk"

HKLM\...\StartupApproved\Run32: => "iTunesHelper"
 

==================== Accounts: =============================
 

Administrator (S-1-5-21-3718987256-3696895883-2711694715-500 - Administrator - Disabled)

Gast (S-1-5-21-3718987256-3696895883-2711694715-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-3718987256-3696895883-2711694715-1006 - Limited - Enabled)

**** (S-1-5-21-3718987256-3696895883-2711694715-1002 - Administrator - Enabled) => C:\Users\****

UpdatusUser (S-1-5-21-3718987256-3696895883-2711694715-1001 - Limited - Enabled) => C:\Users\UpdatusUser
 

==================== Faulty Device Manager Devices =============
 
 

==================== Event log errors: =========================
 

Application errors:

==================

Error: (04/13/2015 05:56:07 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: Programm LiveComm.exe, Version 17.5.9600.20498 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
 

Prozess-ID: 1b1c
 

Startzeit: 01d076019f6bd852
 

Endzeit: 4294967295
 

Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\LiveComm.exe
 

Berichts-ID: 96bb8662-e1f5-11e4-bec6-08606e055dfd
 

Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe
 

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1
 

Error: (04/13/2015 02:51:42 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 37.0.1.5570, Zeitstempel: 0x551e23ee

Name des fehlerhaften Moduls: mozalloc.dll, Version: 37.0.1.5570, Zeitstempel: 0x551e1536

Ausnahmecode: 0x80000003

Fehleroffset: 0x00001aa1

ID des fehlerhaften Prozesses: 0xc54

Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0

Pfad der fehlerhaften Anwendung: plugin-container.exe1

Pfad des fehlerhaften Moduls: plugin-container.exe2

Berichtskennung: plugin-container.exe3

Vollständiger Name des fehlerhaften Pakets: plugin-container.exe4

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: plugin-container.exe5
 

Error: (04/13/2015 02:51:42 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: Programm firefox.exe, Version 37.0.1.5570 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
 

Prozess-ID: ac
 

Startzeit: 01d075e813a522d1
 

Endzeit: 20
 

Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
 

Berichts-ID: d1ecf22b-e1db-11e4-bec6-08606e055dfd
 

Vollständiger Name des fehlerhaften Pakets: 
 

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
 

Error: (04/13/2015 02:46:57 PM) (Source: MsiInstaller) (EventID: 11925) (User: ****)

Description: Produkt: Microsoft Visual C++ 2005 Redistributable -- Error 1925.Sie besitzen keine ausreichenden Berechtigungen, um diese Installation für alle Benutzer dieses Computers auszuführen. Melden Sie sich als Administrator an, und wiederh****n Sie diese Installation.
 

Error: (04/13/2015 02:46:31 PM) (Source: MsiInstaller) (EventID: 1041) (User: ****)

Description: Fehler beim Starten einer Windows Installer-Transaktion: C:\Users\****~1\AppData\Local\Temp\nsa56D2.tmp\vcredist.msi. Fehler 1618 beim Starten der Transaktion.
 

Error: (04/13/2015 02:38:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 6164109
 

Error: (04/13/2015 02:38:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 6164109
 

Error: (04/13/2015 02:38:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second
 

Error: (04/13/2015 00:55:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 1062
 

Error: (04/13/2015 00:55:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 1062
 
 

System errors:

=============

Error: (04/13/2015 04:02:46 PM) (Source: DCOM) (EventID: 10010) (User: ****)

Description: {ED1D0FDF-4414-470A-A56D-CFB68623FC58}
 

Error: (04/13/2015 02:47:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 

%%1069
 

Error: (04/13/2015 02:47:09 PM) (Source: Service Control Manager) (EventID: 7038) (User: )

Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 

%%1326
 

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Cons**** (MMC).
 

Error: (04/13/2015 02:44:18 PM) (Source: EventLog) (EventID: 6008) (User: )

Description: Das System wurde zuvor am ‎13.‎04.‎2015 um 12:48:29 unerwartet heruntergefahren.
 

Error: (03/28/2015 09:31:48 AM) (Source: DCOM) (EventID: 10010) (User: ****)

Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca
 

Error: (03/28/2015 09:31:48 AM) (Source: DCOM) (EventID: 10001) (User: ****)

Description: "C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\LiveComm.exe" -ServerName:Microsoft.WindowsLive.Platform.Server31Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mcaNicht verfügbarNicht verfügbar
 

Error: (03/27/2015 08:39:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 

%%1069
 

Error: (03/27/2015 08:39:15 PM) (Source: Service Control Manager) (EventID: 7038) (User: )

Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 

%%1326
 

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Cons**** (MMC).
 

Error: (03/17/2015 07:58:11 PM) (Source: Ntfs) (EventID: 55) (User: NT-AUTORITÄT)

Description: In der Dateisystemstruktur auf Volume "OS" wurde eine Beschädigung erkannt.
 

Die Masterdateitabelle (MFT) beinhaltet einen beschädigten Dateidatensatz. Die Dateireferenznummer ist 0x3200000004222c. Der Name der Datei ist "<Dateiname kann nicht bestimmt werden>".
 

Error: (03/17/2015 10:32:18 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 

%%1069
 
 

Microsoft Office Sessions:

=========================

Error: (04/13/2015 05:56:07 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: LiveComm.exe17.5.9600.204981b1c01d076019f6bd8524294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\LiveComm.exe96bb8662-e1f5-11e4-bec6-08606e055dfdmicrosoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
 

Error: (04/13/2015 02:51:42 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: plugin-container.exe37.0.1.5570551e23eemozalloc.dll37.0.1.5570551e15368000000300001aa1c5401d075e828cc029eC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dlld4d2ce69-e1db-11e4-bec6-08606e055dfd
 

Error: (04/13/2015 02:51:42 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: firefox.exe37.0.1.5570ac01d075e813a522d120C:\Program Files (x86)\Mozilla Firefox\firefox.exed1ecf22b-e1db-11e4-bec6-08606e055dfd
 

Error: (04/13/2015 02:46:57 PM) (Source: MsiInstaller) (EventID: 11925) (User: ****)

Description: Produkt: Microsoft Visual C++ 2005 Redistributable -- Error 1925.Sie besitzen keine ausreichenden Berechtigungen, um diese Installation für alle Benutzer dieses Computers auszuführen. Melden Sie sich als Administrator an, und wiederholen Sie diese Installation.(NULL)(NULL)(NULL)(NULL)(NULL)
 

Error: (04/13/2015 02:46:31 PM) (Source: MsiInstaller) (EventID: 1041) (User: ****)

Description: C:\Users\****\AppData\Local\Temp\nsa56D2.tmp\vcredist.msi1618(NULL)(NULL)(NULL)(NULL)
 

Error: (04/13/2015 02:38:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 6164109
 

Error: (04/13/2015 02:38:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 6164109
 

Error: (04/13/2015 02:38:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second
 

Error: (04/13/2015 00:55:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 1062
 

Error: (04/13/2015 00:55:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 1062
 
 

==================== Memory info =========================== 
 

Processor: Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz

Percentage of memory in use: 45%

Total physical RAM: 6029.48 MB

Available physical RAM: 3311.49 MB

Total Pagefile: 6989.48 MB

Available Pagefile: 3504.51 MB

Total Virtual: 131072 MB

Available Virtual: 131071.79 MB
 

==================== Drives ================================
 

Drive c: (OS) (Fixed) (Total:185.86 GB) (Free:84.58 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Drive d: (Data) (Fixed) (Total:258.15 GB) (Free:214.99 GB) NTFS

Drive e: (EN_110402) (CDROM) (Total:7.35 GB) (Free:0 GB) UDF
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (Size: 465.8 GB) (Disk ID: 663C8AE8)
 

Partition: GPT Partition Type.
 

==================== End Of Log ============================

Danke für deine Antwort. Von chip.de wird nichts mehr heruntergeladen!

1. Logfile MBAM:

Code:

Malwarebytes Anti-Malware

www.malwarebytes.org
 

Suchlauf Datum: 14/04/2015

Suchlauf-Zeit: 10:09:24

Logdatei: mbam.txt

Administrator: Ja
 

Version: 2.01.4.1018

Malware Datenbank: v2015.04.14.02

Rootkit Datenbank: v2015.03.31.01

Lizenz: Testversion

Malware Schutz: Aktiviert

Bösartiger Webseiten Schutz: Aktiviert

Selbstschutz: Deaktiviert
 

Betriebssystem: Windows 8.1

CPU: x64

Dateisystem: NTFS

Benutzer: ****
 

Suchlauf-Art: Bedrohungs-Suchlauf

Ergebnis: Abgeschlossen

Durchsuchte Objekte: 404613

Verstrichene Zeit: 44 Min, 36 Sek
 

Speicher: Aktiviert

Autostart: Aktiviert

Dateisystem: Aktiviert

Archive: Aktiviert

Rootkits: Deaktiviert

Heuristik: Aktiviert

PUP: Aktiviert

PUM: Aktiviert
 

Prozesse: 0

(Keine schädliche Elemente gefunden)
 

Module: 0

(Keine schädliche Elemente gefunden)
 

Registrierungsschlüssel: 27

PUP.Optional.PiccShare.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{553318DA-D010-469E-84B1-496563CAE1C0}, In Quarantäne, [88f2511bf694e55192d3e3599e65e61a], 

PUP.Optional.PiccShare.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{553318DA-D010-469E-84B1-496563CAE1C0}, In Quarantäne, [88f2511bf694e55192d3e3599e65e61a], 

PUP.Optional.PiccShare.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{671F1846-80F2-4ED8-B183-A921E6A4D5D5}, In Quarantäne, [88f2511bf694e55192d3e3599e65e61a], 

PUP.Optional.PiccShare.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{41DF0821-AF9A-4246-B01E-DB43C0E7A775}, In Quarantäne, [88f2511bf694e55192d3e3599e65e61a], 

PUP.Optional.PiccShare.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{41DF0821-AF9A-4246-B01E-DB43C0E7A775}, In Quarantäne, [88f2511bf694e55192d3e3599e65e61a], 

PUP.Optional.PiccShare.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{41DF0821-AF9A-4246-B01E-DB43C0E7A775}, In Quarantäne, [88f2511bf694e55192d3e3599e65e61a], 

PUP.Optional.PiccShare.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{671F1846-80F2-4ED8-B183-A921E6A4D5D5}, In Quarantäne, [88f2511bf694e55192d3e3599e65e61a], 

PUP.Optional.PiccShare.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{671F1846-80F2-4ED8-B183-A921E6A4D5D5}, In Quarantäne, [88f2511bf694e55192d3e3599e65e61a], 

PUP.Optional.PiccShare.A, HKLM\SOFTWARE\CLASSES\PiccShare.BHO.1, In Quarantäne, [88f2511bf694e55192d3e3599e65e61a], 

PUP.Optional.PiccShare.A, HKLM\SOFTWARE\CLASSES\PiccShare.BHO, In Quarantäne, [88f2511bf694e55192d3e3599e65e61a], 

PUP.Optional.PiccShare.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PiccShare.BHO, In Quarantäne, [88f2511bf694e55192d3e3599e65e61a], 

PUP.Optional.PiccShare.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\PiccShare.BHO, In Quarantäne, [88f2511bf694e55192d3e3599e65e61a], 

PUP.Optional.PiccShare.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{553318DA-D010-469E-84B1-496563CAE1C0}, In Quarantäne, [88f2511bf694e55192d3e3599e65e61a], 

PUP.Optional.PiccShare.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PiccShare.BHO.1, In Quarantäne, [88f2511bf694e55192d3e3599e65e61a], 

PUP.Optional.PiccShare.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\PiccShare.BHO.1, In Quarantäne, [88f2511bf694e55192d3e3599e65e61a], 

PUP.Optional.PiccShare.A, HKU\S-1-5-21-3718987256-3696895883-2711694715-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{553318DA-D010-469E-84B1-496563CAE1C0}, In Quarantäne, [88f2511bf694e55192d3e3599e65e61a], 

PUP.Optional.PiccShare.A, HKU\S-1-5-21-3718987256-3696895883-2711694715-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{553318DA-D010-469E-84B1-496563CAE1C0}, In Quarantäne, [88f2511bf694e55192d3e3599e65e61a], 

PUP.Optional.PiccShare.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{553318DA-D010-469E-84B1-496563CAE1C0}, In Quarantäne, [88f2511bf694e55192d3e3599e65e61a], 

PUP.Optional.OfferMosquito, HKU\S-1-5-21-3718987256-3696895883-2711694715-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{82B16A3D-F03E-4565-A532-666B219C9A53}, In Quarantäne, [532727454149ba7c2ac8c0823fc47e82], 

PUP.Optional.OfferMosquito.A, HKCU\SOFTWARE\CLASSES\TYPELIB\{B83C16AE-3C3D-5362-85D6-D19F9FB51262}, In Quarantäne, [16641557305a3bfbb3e330f0e11ff40c], 

PUP.Optional.OfferMosquito.A, HKCU\SOFTWARE\CLASSES\INTERFACE\{2C0830EC-8559-5E15-9DC7-5BB830020064}, In Quarantäne, [16641557305a3bfbb3e330f0e11ff40c], 

PUP.Optional.OfferMosquito.A, HKCU\SOFTWARE\CLASSES\INTERFACE\{A384AB73-46D8-570B-982A-776E7DED115A}, In Quarantäne, [16641557305a3bfbb3e330f0e11ff40c], 

PUP.Optional.OfferMosquito.A, HKCU\SOFTWARE\CLASSES\INTERFACE\{E4BC2DD7-8F3D-5254-8B4C-D2C3888D2A38}, In Quarantäne, [16641557305a3bfbb3e330f0e11ff40c], 

PUP.Optional.OfferMosquito.A, HKU\S-1-5-21-3718987256-3696895883-2711694715-1002\SOFTWARE\OfferMosquito, In Quarantäne, [661417554149e84ed57f0446e61f946c], 

PUP.Optional.SimpleNewTab.A, HKU\S-1-5-21-3718987256-3696895883-2711694715-1002\SOFTWARE\SimpleNewTab, In Quarantäne, [e5957eee8a00c17593928871976c4db3], 

PUP.Optional.AlexaTB.A, HKU\S-1-5-21-3718987256-3696895883-2711694715-1002\SOFTWARE\DISTROMATIC\Toolbars, In Quarantäne, [df9b6408e2a8e551d4f27bb09e674eb2], 

PUP.Optional.OfferMosquito.A, HKU\S-1-5-21-3718987256-3696895883-2711694715-1002\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\gbmdkmlcnbapgegninelmjbfibaghdmk, In Quarantäne, [9bdfa4c8206a80b69a8d10e9ac57af51], 
 

Registrierungswerte: 3

PUP.Optional.DataMgr.A, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|DataMgr, "C:\Users\****\AppData\Roaming\DataMgr\DataMgr.exe", In Quarantäne, [512970fc2466999d7fbd745342c17d83]

PUP.Optional.OfferMosquito, HKU\S-1-5-21-3718987256-3696895883-2711694715-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|OMESupervisor, "C:\Users\****\AppData\Local\omesuperv.exe", In Quarantäne, [5e1cd09cc3c72214d3682717d4312fd1]

PUP.Optional.OfferMosquito, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|OMESupervisor, "C:\Users\****\AppData\Local\omesuperv.exe", In Quarantäne, [5e1cd09cc3c72214d3682717d4312fd1]
 

Registrierungsdaten: 0

(Keine schädliche Elemente gefunden)
 

Ordner: 10

PUP.Optional.DataMgr.A, C:\Users\****\AppData\Roaming\DataMgr, In Quarantäne, [512970fc2466999d7fbd745342c17d83], 

PUP.Optional.SimpleNewTab.A, C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmgkeimkiojpjcoiiipekfjaopchhjga, In Quarantäne, [b6c43b31602a51e5bc79d7c07a8947b9], 

PUP.Optional.SimpleNewTab.A, C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmgkeimkiojpjcoiiipekfjaopchhjga\1.0.1_0, In Quarantäne, [b6c43b31602a51e5bc79d7c07a8947b9], 

PUP.Optional.SimpleNewTab.A, C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmgkeimkiojpjcoiiipekfjaopchhjga\1.0.1_0\_metadata, In Quarantäne, [b6c43b31602a51e5bc79d7c07a8947b9], 

PUP.Optional.SimpleNewTab.A, C:\Users\****\AppData\Local\simple_new_tab, In Quarantäne, [21590f5d8406092d6cca9ff834cfd828], 

PUP.Optional.SimpleNewTab.A, C:\Users\****\AppData\Local\simple_new_tab\htmls, In Quarantäne, [21590f5d8406092d6cca9ff834cfd828], 

PUP.Optional.OfferMosquito.A, C:\Users\****\AppData\Local\ext_offermosquito, In Quarantäne, [e69493d998f275c1c474dcbb3ac92ed2], 

PUP.Optional.OfferMosquito.A, C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\ext_offermosquito, In Quarantäne, [3743076557333501ad8d277015ee55ab], 

PUP.Optional.PiccShare.A, C:\Users\****\AppData\Local\ext_piccshare, In Quarantäne, [26545c10d3b7a88e45e9435e4ab96f91], 

PUP.Optional.PicShare.A, C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\ext_piccshare, In Quarantäne, [087227454743cd69318f8534fb08aa56], 
 

Dateien: 22

PUP.Optional.PiccShare.A, C:\Users\****\AppData\Local\ext_piccshare\ext_piccshare.dll, In Quarantäne, [88f2511bf694e55192d3e3599e65e61a], 

PUP.Optional.Softonic, C:\Users\****\Downloads\SoftonicDownloader_fuer_****.exe, In Quarantäne, [8ceeb3b92e5cba7c897bfa3b28d94bb5], 

PUP.Optional.RegCleanerPro, C:\Users\****\Downloads\rcpsetup_chip_de_chip_de.exe, In Quarantäne, [2e4c58144c3e81b5e95548f3db26c739], 

PUP.Optional.OfferMosquito.A, C:\Users\****\AppData\Local\ext_offermosquito\npOfferMosquitoIEHelper.dll, In Quarantäne, [16641557305a3bfbb3e330f0e11ff40c], 

PUP.Optional.DataMgr.A, C:\Users\****\AppData\Roaming\DataMgr\DataMgr.exe, In Quarantäne, [512970fc2466999d7fbd745342c17d83], 

PUP.Optional.DataMgr.A, C:\Users\****\AppData\Roaming\DataMgr\version.txt, In Quarantäne, [512970fc2466999d7fbd745342c17d83], 

PUP.Optional.OfferMosquito, C:\Users\****\AppData\Local\omesuperv.exe, In Quarantäne, [5e1cd09cc3c72214d3682717d4312fd1], 

PUP.Optional.SimpleNewTab.A, C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmgkeimkiojpjcoiiipekfjaopchhjga\1.0.1_0\manifest.json, In Quarantäne, [b6c43b31602a51e5bc79d7c07a8947b9], 

PUP.Optional.SimpleNewTab.A, C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmgkeimkiojpjcoiiipekfjaopchhjga\1.0.1_0\newtab.js, In Quarantäne, [b6c43b31602a51e5bc79d7c07a8947b9], 

PUP.Optional.SimpleNewTab.A, C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmgkeimkiojpjcoiiipekfjaopchhjga\1.0.1_0\options.html, In Quarantäne, [b6c43b31602a51e5bc79d7c07a8947b9], 

PUP.Optional.SimpleNewTab.A, C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmgkeimkiojpjcoiiipekfjaopchhjga\1.0.1_0\options.js, In Quarantäne, [b6c43b31602a51e5bc79d7c07a8947b9], 

PUP.Optional.SimpleNewTab.A, C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmgkeimkiojpjcoiiipekfjaopchhjga\1.0.1_0\snt.html, In Quarantäne, [b6c43b31602a51e5bc79d7c07a8947b9], 

PUP.Optional.SimpleNewTab.A, C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmgkeimkiojpjcoiiipekfjaopchhjga\1.0.1_0\snt.js, In Quarantäne, [b6c43b31602a51e5bc79d7c07a8947b9], 

PUP.Optional.SimpleNewTab.A, C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmgkeimkiojpjcoiiipekfjaopchhjga\1.0.1_0\_metadata\computed_hashes.json, In Quarantäne, [b6c43b31602a51e5bc79d7c07a8947b9], 

PUP.Optional.SimpleNewTab.A, C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmgkeimkiojpjcoiiipekfjaopchhjga\1.0.1_0\_metadata\verified_contents.json, In Quarantäne, [b6c43b31602a51e5bc79d7c07a8947b9], 

PUP.Optional.SimpleNewTab.A, C:\Users\****\AppData\Local\simple_new_tab\simple_new_tab.dll, In Quarantäne, [21590f5d8406092d6cca9ff834cfd828], 

PUP.Optional.SimpleNewTab.A, C:\Users\****\AppData\Local\simple_new_tab\htmls\index.html, In Quarantäne, [21590f5d8406092d6cca9ff834cfd828], 

PUP.Optional.OfferMosquito.A, C:\Users\****\AppData\Local\ext_offermosquito\atl100.dll, In Quarantäne, [e69493d998f275c1c474dcbb3ac92ed2], 

PUP.Optional.OfferMosquito.A, C:\Users\****\AppData\Local\ext_offermosquito\msvcr100d.dll, In Quarantäne, [e69493d998f275c1c474dcbb3ac92ed2], 

PUP.Optional.OfferMosquito.A, C:\Users\****\AppData\Local\ext_offermosquito\OfferMosquitoIEPlaceholder.dll, In Quarantäne, [e69493d998f275c1c474dcbb3ac92ed2], 

PUP.Optional.OfferMosquito.A, C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\ext_offermosquito\ext_offermosquito.crx, In Quarantäne, [3743076557333501ad8d277015ee55ab], 

PUP.Optional.PicShare.A, C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\ext_piccshare\ext_piccshare.crx, In Quarantäne, [087227454743cd69318f8534fb08aa56], 
 

Physische Sektoren: 0

(Keine schädliche Elemente gefunden)
 
 

(end)

2. Logdatei AdwCleaner:

Code:

# AdwCleaner v4.201 - Bericht erstellt 14/04/2015 um 11:09:23

# Aktualisiert 08/04/2015 von Xplode

# Datenbank : 2015-04-08.1 [Server]

# Betriebssystem : Windows 8.1  (x64)

# Benutzername : **** - ****

# Gestarted von : C:\Users\********\Downloads\AdwCleaner_4.201.exe

# Option : Löschen
 

***** [ Dienste ] *****
 
 

***** [ Dateien / Ordner ] *****
 

Ordner Gelöscht : C:\ProgramData\apn

Ordner Gelöscht : C:\Users\********\AppData\Roaming\Common\LuaRT

Ordner Gelöscht : C:\Users\********\AppData\Roaming\fbDownloader

Ordner Gelöscht : C:\Users\********\AppData\Roaming\Intermediate

Ordner Gelöscht : C:\Users\********\AppData\Roaming\SCheck

Ordner Gelöscht : C:\Users\********\AppData\Roaming\Seventh

Ordner Gelöscht : C:\Users\********\AppData\Roaming\Sixth

Ordner Gelöscht : C:\Users\********\AppData\Roaming\Snz

Ordner Gelöscht : C:\Users\********\AppData\Roaming\SSync

Ordner Gelöscht : C:\Users\********\AppData\Roaming\Systweak

Ordner Gelöscht : C:\Users\********\AppData\Roaming\Windows Net Data

Ordner Gelöscht : C:\Users\********\AppData\Local\Google\Chrome\User Data\Default\Extensions\llpnaddghmkpkmnghbdpahlgncpieofn

Datei Gelöscht : C:\Users\********\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gbmdkmlcnbapgegninelmjbfibaghdmk_0.localstorage

Datei Gelöscht : C:\Users\********\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pbjikboenpfhbbejgkoklgkhjpfogcam_0.localstorage

Datei Gelöscht : C:\Users\********\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pbjikboenpfhbbejgkoklgkhjpfogcam_0.localstorage-journal

Datei Gelöscht : C:\Users\********\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pmgkeimkiojpjcoiiipekfjaopchhjga_0.localstorage

Datei Gelöscht : C:\Users\********\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_llpnaddghmkpkmnghbdpahlgncpieofn_0.localstorage

Datei Gelöscht : C:\WINDOWS\System32\roboot64.exe

Datei Gelöscht : C:\Users\********\AppData\Local\ext_piccshare_uninst.exe

Datei Gelöscht : C:\Users\********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\net.lnk

Datei Gelöscht : C:\Users\********\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.fbdownloader.com_0.localstorage

Datei Gelöscht : C:\Users\********\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.fbdownloader.com_0.localstorage-journal
 

***** [ Geplante Tasks ] *****
 
 

***** [ Verknüpfungen ] *****
 
 

***** [ Registrierungsdatenbank ] *****
 

Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\docfnddcclkgokdfpnmngpiliiachclb

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\mkcedibhemacmilmkpndpkoidlnmgngg

Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Intermediate]

Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [scheck]

Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Seventh]

Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Sixth]

Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Snoozer]

Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [ssync]

Schlüssel Gelöscht : HKCU\Software\MozillaPlugins\bebomedia.com/OfferMosquitoIEHelper

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3BC93E76-92F8-5FDA-B676-5AFEE3735BF1}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3BC93E76-92F8-5FDA-B676-5AFEE3735BF1}

Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{D8278076-BC68-4484-9233-6E7F1628B56C}]

Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

Schlüssel Gelöscht : HKCU\Software\Alexa Internet

Schlüssel Gelöscht : HKCU\Software\distromatic

Schlüssel Gelöscht : HKCU\Software\httogroup

Schlüssel Gelöscht : HKCU\Software\InstallCore

Schlüssel Gelöscht : HKCU\Software\OCS

Schlüssel Gelöscht : HKCU\Software\piccshare

Schlüssel Gelöscht : HKCU\Software\Protector

Schlüssel Gelöscht : HKCU\Software\Softonic

Schlüssel Gelöscht : HKCU\Software\DriverTuner_Init

Schlüssel Gelöscht : HKCU\Software\DriverTuner

Schlüssel Gelöscht : HKLM\SOFTWARE\systweak

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\piccshare

Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
 

***** [ Internetbrowser ] *****
 

-\\ Internet Explorer v11.0.9600.17416
 

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
 

-\\ Mozilla Firefox v37.0.1 (x86 de)
 

[ca3qt68x.default-1415723533465\prefs.js] - Zeile Gelöscht : user_pref("browser.search.defaulturl", "hxxp://search.fbdownloader.com/search.php?channel=fpo&q=");

[ca3qt68x.default-1415723533465\prefs.js] - Zeile Gelöscht : user_pref("keyword.URL", "hxxp://search.fbdownloader.com/search.php?channel=fpo&q=");

[ca3qt68x.default-1415723533465\prefs.js] - Zeile Gelöscht : user_pref("simplenewtab.url", "hxxp://search.fbdownloader.com/?channel=fpo_nt");
 

-\\ Google Chrome v41.0.2272.118
 

[C:\Users\********\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}

[C:\Users\********\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://search.fbdownloader.com/search.php?channel=fpo&q={searchTerms}

[C:\Users\********\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Gelöscht [Homepage] : hxxp:\/\/search.fbdownloader.com\/?channel=fpo

[C:\Users\********\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Gelöscht [Startup_URLs] : hxxp:\/\/search.fbdownloader.com\/?channel=fpo
 

*************************
 

AdwCleaner[R0].txt - [6873 Bytes] - [14/04/2015 11:07:24]

AdwCleaner[S0].txt - [6010 Bytes] - [14/04/2015 11:09:23]
 

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6069  Bytes] ##########

3. Logfile JRT:

Code:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.5.4 (04.13.2015:1)

OS: Windows 8.1 x64

Ran by Maxi Muster on 14/04/2015 at 11:17:09.93

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 

~~~ Services
 
 
 

~~~ Registry Values
 
 
 

~~~ Registry Keys
 
 
 

~~~ Files
 
 
 

~~~ Folders
 
 
 

~~~ FireFox
 

Emptied folder: C:\Users\behrv_000\AppData\Roaming\mozilla\firefox\profiles\ca3qt68x.default-1415723533465\minidumps [2 files]
 
 
 

~~~ Event Viewer Logs were cleared
 
 
 
 
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 14/04/2015 at 11:19:37.87

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

4. Logdateien FRST:

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-04-2015

Ran by *** (administrator) on *** on 14-04-2015 11:35:15

Running from C:\Users\***\Desktop

Loaded Profiles: *** (Available profiles: UpdatusUser & ***)

Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)

Internet Explorer Version 11 (Default browser: FF)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 

==================== Processes (Whitelisted) =================
 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

(Microsoft Corporation) C:\Windows\System32\alg.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

(Microsoft Corporation) C:\Windows\System32\dasHost.exe

(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe

(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 

==================== Registry (Whitelisted) ==================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13192848 2012-08-20] (Realtek Semiconductor)

HKLM\...\Run: [AuditSHD] => C:\windows\system32\oobe\auditshd.exe [30208 2014-10-29] (Microsoft Corporation)

HKLM\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [107192 2012-08-24] (ASUS)

HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3331312 2012-08-17] (ASUSTek Computer Inc.)

HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.6.112\AsusWSPanel.exe [3411328 2012-07-24] (ASUS Cloud Corporation)

HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)

HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [726320 2015-04-01] (Avira Operations GmbH & Co. KG)

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)

HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)

HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)

Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)

HKU\S-1-5-21-3718987256-3696895883-2711694715-1002\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-10-17] (Apple Inc.)

HKU\S-1-5-21-3718987256-3696895883-2711694715-1002\...\Run: [Spotify Web Helper] => C:\Users\***\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2018360 2015-04-07] (Spotify Ltd)

HKU\S-1-5-21-3718987256-3696895883-2711694715-1002\...\Run: [Spotify] => C:\Users\***\AppData\Roaming\Spotify\Spotify.exe [7112248 2015-04-07] (Spotify Ltd)

HKU\S-1-5-21-3718987256-3696895883-2711694715-1002\...\Policies\Explorer: [DisallowRun] 1

HKU\S-1-5-21-3718987256-3696895883-2711694715-1002\...\MountPoints2: {053d9404-ddc4-11e3-be97-08606e055dfd} - "G:\LGAutoRun.exe" 

HKU\S-1-5-21-3718987256-3696895883-2711694715-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\SysWOW64\STANDA~1.SCR [232448 2012-06-08] ()

AppInit_DLLs: C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL => C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvStInit64.dll [18856 2012-10-02] (NVIDIA Corporation)

AppInit_DLLs: , C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-12-10] (NVIDIA Corporation)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk

ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe (ASUSTeK Computer Inc.)

ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.6.112\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)

ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.6.112\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)

ShellIconOverlayIdentifiers: [AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.6.112\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
 

==================== Internet (Whitelisted) ====================
 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 

HKU\S-1-5-21-3718987256-3696895883-2711694715-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com

HKU\S-1-5-21-3718987256-3696895883-2711694715-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.giga.de/software/

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)

BHO-x32: ChromeFrame BHO -> {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} -> C:\Program Files (x86)\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll [2014-02-02] (Google Inc.)

DPF: HKLM-x32 {82E5DF24-51E8-47CD-864A-F4BD5005AA73} https://www.icloud.com/system/iCloud.cab

Handler-x32: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll [2014-02-02] (Google Inc.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.2
 

FireFox:

========

FF ProfilePath: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\ca3qt68x.default-1415723533465

FF SelectedSearchEngine: Search

FF Homepage: hxxp://www.google.de/

FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll [2014-12-12] ()

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll [2014-12-12] ()

FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1214154.dll [2014-11-26] (Adobe Systems, Inc.)

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)

FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2012-10-02] (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2012-10-02] (NVIDIA Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)

FF Extension: Adblock Plus - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\ca3qt68x.default-1415723533465\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-11]

FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
 

Chrome: 

=======

CHR DefaultSuggestURL: Default -> 

CHR Profile: C:\Users\***\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (AdBlock) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-11-02]

CHR Extension: (Google Wallet) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-01]

CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
 

==================== Services (Whitelisted) =================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [815920 2015-04-01] (Avira Operations GmbH & Co. KG)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-04-01] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-04-01] (Avira Operations GmbH & Co. KG)

S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1004280 2015-04-01] (Avira Operations GmbH & Co. KG)

S2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)

R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)

S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)

S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)

S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)

S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)

S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272176 2012-11-15] ()

S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)

S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [1153840 2012-11-15] (Intel® Corporation)
 

==================== Drivers (Whitelisted) ====================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [61824 2012-10-31] (ASUS Corporation)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-03-04] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132120 2015-03-04] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-01-24] (Avira Operations GmbH & Co. KG)

R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43576 2015-03-04] (Avira Operations GmbH & Co. KG)

R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )

R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [136408 2015-04-14] (Malwarebytes Corporation)

R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-03-17] (Malwarebytes Corporation)

S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
 

==================== NetSvcs (Whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 

==================== One Month Created Files and Folders ========
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2015-04-14 11:35 - 2015-04-14 11:35 - 00014269 _____ () C:\Users\***\Desktop\FRST.txt

2015-04-14 11:19 - 2015-04-14 11:19 - 00000769 _____ () C:\Users\***\Desktop\JRT.txt

2015-04-14 11:17 - 2015-04-14 11:17 - 00000207 _____ () C:\WINDOWS\tweaking.com-regbackup-***-Windows-8.1-(64-bit).dat

2015-04-14 11:17 - 2015-04-14 11:17 - 00000000 ____D () C:\RegBackup

2015-04-14 11:16 - 2015-04-14 11:16 - 02687136 _____ (Thisisu) C:\Users\***\Downloads\JRT.exe

2015-04-14 11:14 - 2015-04-14 11:15 - 00006112 _____ () C:\Users\***\Desktop\AdwCleaner[S0].txt

2015-04-14 11:07 - 2015-04-14 11:09 - 00000000 ____D () C:\AdwCleaner

2015-04-14 11:06 - 2015-04-14 11:07 - 02217984 _____ () C:\Users\***\Downloads\AdwCleaner_4.201.exe

2015-04-14 11:05 - 2015-04-14 11:15 - 00011302 _____ () C:\Users\***\Desktop\mbam.txt

2015-04-14 10:07 - 2015-04-14 11:12 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys

2015-04-14 10:07 - 2015-04-14 10:07 - 00001120 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2015-04-14 10:07 - 2015-04-14 10:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-04-14 10:07 - 2015-04-14 10:07 - 00000000 ____D () C:\ProgramData\Malwarebytes

2015-04-14 10:07 - 2015-04-14 10:07 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2015-04-14 10:07 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys

2015-04-14 10:07 - 2015-03-17 06:15 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys

2015-04-14 10:07 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys

2015-04-14 10:05 - 2015-04-14 10:05 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\***\Downloads\mbam-setup-2.1.4.1018.exe

2015-04-13 21:35 - 2015-04-14 11:35 - 00000000 ____D () C:\FRST

2015-04-13 21:34 - 2015-04-13 21:34 - 02096640 _____ (Farbar) C:\Users\***\Desktop\FRST64.exe

2015-04-13 17:22 - 2015-04-13 17:22 - 00000000 ____D () C:\Users\***\Downloads\Grass__Gunter_Die_Blechtrommel_114c475ce06a3367cedf783811c32c32

2015-04-13 17:18 - 2015-04-13 17:22 - 497818663 _____ () C:\Users\***\Downloads\Grass__Gunter_Die_Blechtrommel_114c475ce06a3367cedf783811c32c32.zip

2015-04-13 12:10 - 2015-04-13 12:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2015-04-07 21:55 - 2015-04-07 21:55 - 00000000 ___SD () C:\WINDOWS\SysWOW64\GWX

2015-04-07 21:55 - 2015-04-07 21:55 - 00000000 ___SD () C:\WINDOWS\system32\GWX

2015-03-22 18:31 - 2015-03-27 20:32 - 00021364 _____ () C:\Users\***\Desktop\Einkaufsliste.odt
 

==================== One Month Modified Files and Folders =======
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2015-04-14 11:34 - 2014-11-04 23:42 - 23915520 ___SH () C:\Users\***\Downloads\Thumbs.db

2015-04-14 11:32 - 2014-11-04 19:17 - 01939033 _____ () C:\WINDOWS\WindowsUpdate.log

2015-04-14 11:21 - 2014-12-01 11:21 - 00000000 ___RD () C:\Users\***\OneDrive

2015-04-14 11:16 - 2014-09-24 08:17 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI

2015-04-14 11:16 - 2014-09-24 07:43 - 00765582 _____ () C:\WINDOWS\system32\perfh007.dat

2015-04-14 11:16 - 2014-09-24 07:43 - 00159366 _____ () C:\WINDOWS\system32\perfc007.dat

2015-04-14 11:13 - 2014-08-09 20:50 - 00000000 ____D () C:\Users\***\AppData\Local\Spotify

2015-04-14 11:12 - 2013-07-25 03:34 - 00000432 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.ics

2015-04-14 11:12 - 2013-05-04 23:50 - 00000416 _____ () C:\Users\***\AppData\Roaming\sp_data.sys

2015-04-14 11:11 - 2013-05-04 23:56 - 00001142 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

2015-04-14 11:10 - 2014-09-23 23:06 - 00238152 _____ () C:\WINDOWS\PFRO.log

2015-04-14 11:10 - 2013-08-22 16:46 - 00344244 _____ () C:\WINDOWS\setupact.log

2015-04-14 11:10 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT

2015-04-14 11:10 - 2013-03-27 10:51 - 00000000 ____D () C:\ProgramData\NVIDIA

2015-04-14 11:09 - 2013-08-22 15:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI

2015-04-14 11:09 - 2013-07-05 20:16 - 00000000 ____D () C:\Users\***\AppData\Roaming\Common

2015-04-14 11:06 - 2014-08-09 20:49 - 00000000 ____D () C:\Users\***\AppData\Roaming\Spotify

2015-04-14 10:59 - 2014-11-04 19:25 - 00000000 ____D () C:\Users\***

2015-04-14 10:59 - 2014-04-18 23:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2015-04-14 10:57 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\Resources

2015-04-14 10:44 - 2013-05-04 23:56 - 00001146 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

2015-04-14 10:13 - 2013-05-04 23:55 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3718987256-3696895883-2711694715-1002

2015-04-14 10:05 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru

2015-04-13 21:07 - 2014-05-14 15:36 - 00000000 ____D () C:\Users\***\Desktop\Ole

2015-04-13 16:10 - 2014-11-05 17:52 - 00300544 ___SH () C:\Users\***\Desktop\Thumbs.db

2015-04-09 16:22 - 2014-08-05 14:01 - 00000000 ____D () C:\ProgramData\Package Cache

2015-04-09 16:21 - 2013-07-02 16:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira

2015-04-09 16:21 - 2013-07-02 16:10 - 00000000 ____D () C:\Program Files (x86)\Avira

2015-04-07 23:42 - 2014-08-09 20:50 - 00001880 _____ () C:\Users\***\Desktop\Spotify.lnk

2015-04-07 23:42 - 2014-08-09 20:50 - 00001866 _____ () C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk

2015-04-07 21:55 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp

2015-04-03 03:45 - 2013-05-04 23:57 - 00002197 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2015-04-01 15:13 - 2013-07-02 16:16 - 00000000 ____D () C:\Users\***\AppData\Roaming\Avira

2015-04-01 15:13 - 2013-07-02 16:10 - 00000000 ____D () C:\ProgramData\Avira

2015-03-23 19:58 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\NDF

2015-03-15 20:42 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache
 

==================== Files in the root of some directories =======
 

2013-07-02 16:31 - 2013-07-02 16:31 - 0000021 _____ () C:\Users\***\AppData\Roaming\my_intel.sys

2013-05-04 23:50 - 2015-04-14 11:12 - 0000416 _____ () C:\Users\***\AppData\Roaming\sp_data.sys
 

Files to move or delete:

====================

C:\Users\Public\AlexaNSISPlugin.5188.dll
 
 

Some content of TEMP:

====================

C:\Users\***\AppData\Local\Temp\avgnt.exe

C:\Users\***\AppData\Local\Temp\Quarantine.exe

C:\Users\***\AppData\Local\Temp\sqlite3.dll
 
 

==================== Bamital & volsnap Check =================
 

(There is no automatic fix for files that do not pass verification.)
 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2015-04-13 22:45
 

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---

Code:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-04-2015

Ran by **** at 2015-04-14 11:35:37

Running from C:\Users\****\Desktop

Boot Mode: Normal

==========================================================
 
 

==================== Security Center ========================
 

(If an entry is included in the fixlist, it will be removed.)
 

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 

==================== Installed Programs ======================
 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 

Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)

Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.4.154 - Adobe Systems, Inc.)

Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

ASUS InstantOn (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 3.0.2 - ASUS)

ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.1.5 - ASUS)

ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.8 - ASUS)

ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 2.0.4 - ASUS)

ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 1.0.35 - ASUS)

ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.03.0004 - ASUS)

ASUS Tutor (HKLM-x32\...\{58172D66-2F69-4215-9AEC-ED8196023736}) (Version: 1.0.7 - ASUS)

ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.4 - ASUS)

ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.6.112 - ASUS Cloud Corporation)

ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4126.52 - CyberLink Corp.)

ASUSDVD (x32 Version: 10.0.4126.52 - CyberLink Corp.) Hidden

AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.10.168 - ASUSTEK)

ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0022 - ASUS)

Avira (HKLM-x32\...\{b5675cc4-ab8b-4945-8c1d-4c5479556d6a}) (Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG)

Avira (x32 Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG) Hidden

Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.9.504 - Avira Operations GmbH & Co. KG)

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

Canon MG5100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5100_series) (Version:  - )

Canon MP Navigator EX 4.0 (HKLM-x32\...\MP Navigator EX 4.0) (Version:  - )

CDBurnerXP (HKLM-x32\...\{909A791A-DBB0-432F-BC0E-D0C81925E340}) (Version: 4.5.3.4746 - Canneverbe Limited)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.118 - Google Inc.)

Google Chrome Frame (HKLM-x32\...\{1F0342F5-8369-3CD1-99DD-E9BC44473708}) (Version: 65.107.16500 - Google, Inc.)

Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden

iCloud (HKLM\...\{2AAF09D5-4B3F-4975-B6A9-ECE2631FC942}) (Version: 4.0.5.20 - Apple Inc.)

Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)

Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation)

Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (HKLM\...\{F13921D6-AE6D-41BF-807A-17BD99C0A4FD}) (Version: 15.5.5.0480 - Intel Corporation)

Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)

Intel® PROSet/Wireless WiFi Software (HKLM\...\{962E1735-D2E0-4813-AB9F-C6CBA09E759A}) (Version: 15.05.7000.1709 - Intel Corporation)

iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)

Malwarebytes Anti-Malware Version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)

Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)

Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)

Mozilla Firefox 37.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 37.0.1 (x86 de)) (Version: 37.0.1 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.6.0 - Mozilla)

Mystery Places - Das Geheimnis der Geisterstadt (HKLM-x32\...\Mystery Places - Das Geheimnis der Geisterstadt) (Version:  - )

Mystery Places - Das Geheimnis der Geistervilla (HKLM-x32\...\Mystery Places - Das Geheimnis der Geistervilla) (Version:  - )

NVIDIA 3D Vision Treiber 306.97 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 306.97 - NVIDIA Corporation)

NVIDIA Grafiktreiber 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation)

NVIDIA HD Audio Driver 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)

NVIDIA PhysX System Software 9.12.0613 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0613 - NVIDIA Corporation)

NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)

OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)

Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)

QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6716 - Realtek Semiconductor Corp.)

Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.8400.27023 - Realtek Semiconductor Corp.)

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)

Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)

Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)

Spotify (HKU\S-1-5-21-3718987256-3696895883-2711694715-1002\...\Spotify) (Version: 1.0.3.101.gbfa97dfe - Spotify AB)

Standard Time Version 1.1 (HKLM-x32\...\{46BF1117-D50B-4C2B-A19A-7ECD1A0EBA61}_is1) (Version: 1.1 - Datenstrudel GbR)

swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden

**** by Tangysoft (HKLM-x32\...\****by Tangysoft_is1) (Version:  - Tangysoft Ltd.)

VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)

Windows Utils (HKLM-x32\...\Windows Utils) (Version:  - )

Windows-Treiberpaket - ASUS (ATP) Mouse  (10/29/2012 1.0.0.148) (HKLM\...\C01F56FBD9B141017E63E2A1A141E59934D4DC67) (Version: 10/29/2012 1.0.0.148 - ASUS)

WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.1 - ASUS)
 

==================== Custom CLSID (selected items): ==========================
 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 

==================== Restore Points  =========================
 

27-03-2015 23:50:29 Geplanter Prüfpunkt

07-04-2015 21:54:03 Windows Update
 

==================== Hosts content: ==========================
 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 

==================== Scheduled Tasks (whitelisted) =============
 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 

Task: {13C85C41-2A7D-428D-8B34-E8BA34324025} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc

Task: {1A33D94C-82A5-4294-B3B8-6A3484753CD0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {35974AF2-E186-474E-A84B-49A92E28601F} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)

Task: {62DB4409-46A1-4995-8252-9E291939F45D} - System32\Tasks\ASUS Touchpad Launcher (x64) => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2012-10-31] (AsusTek)

Task: {8FFF272F-61D1-4B85-9141-25DD3C854834} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-04] (Google Inc.)

Task: {928DC4A9-DA8A-40B9-8F9F-9EC4ECE8C38A} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)

Task: {98397365-3B85-413F-A339-399470DB754A} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)

Task: {A8F96243-C911-4916-8EAC-22084AD9255D} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-07-25] (ASUSTeK Computer Inc.)

Task: {B53CB93E-B21F-4562-9EB7-B842DD31AF06} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-07-24] (ASUSTek Computer Inc.)

Task: {BC001EE7-60C4-4800-90EA-79492342C8AA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-04] (Google Inc.)

Task: {DD371991-91F0-4D6C-8A02-88C41D19167E} - System32\Tasks\ASUS InstantOn Config => C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe [2012-08-06] (ASUS)

Task: {DF600A1D-9DAE-411E-AED0-2D42E45644FD} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)

Task: {EEF1B76F-17DA-4689-A93C-954CE61875F0} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-08-24] (ASUS)

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 

==================== Loaded Modules (whitelisted) ==============
 

2013-12-10 09:13 - 2013-12-10 09:13 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll

2014-07-31 12:16 - 2014-07-31 12:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

2014-10-11 14:05 - 2014-10-11 14:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

2013-12-10 09:13 - 2013-12-10 09:13 - 00013088 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
 

==================== Alternate Data Streams (whitelisted) =========
 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 

AlternateDataStreams: C:\ProgramData\Temp:87A3A233

AlternateDataStreams: C:\Users\****\OneDrive:ms-properties
 

==================== Safe Mode (whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 

==================== EXE Association (whitelisted) ===============
 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 

==================== Other Areas ============================
 

(Currently there is no automatic fix for this section.)
 

HKU\S-1-5-21-3718987256-3696895883-2711694715-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\****\Desktop\Ole\****3.jpg

DNS Servers: 192.168.0.1 - 192.168.0.2
 

==================== MSCONFIG/TASK MANAGER disabled items ==
 

(Currently there is no automatic fix for this section.)
 

HKLM\...\StartupApproved\StartupFolder: => "AsusVibeLauncher.lnk"

HKLM\...\StartupApproved\Run32: => "iTunesHelper"
 

==================== Accounts: =============================
 

Administrator (S-1-5-21-3718987256-3696895883-2711694715-500 - Administrator - Disabled)

Gast (S-1-5-21-3718987256-3696895883-2711694715-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-3718987256-3696895883-2711694715-1006 - Limited - Enabled)

**** (S-1-5-21-3718987256-3696895883-2711694715-1002 - Administrator - Enabled) => C:\Users\****

UpdatusUser (S-1-5-21-3718987256-3696895883-2711694715-1001 - Limited - Enabled) => C:\Users\UpdatusUser
 

==================== Faulty Device Manager Devices =============
 
 

==================== Event log errors: =========================
 

Application errors:

==================
 

System errors:

=============
 

Microsoft Office Sessions:

=========================
 

==================== Memory info =========================== 
 

Processor: Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz

Percentage of memory in use: 25%

Total physical RAM: 6029.48 MB

Available physical RAM: 4471.58 MB

Total Pagefile: 6989.48 MB

Available Pagefile: 5290.52 MB

Total Virtual: 131072 MB

Available Virtual: 131071.82 MB
 

==================== Drives ================================
 

Drive c: (OS) (Fixed) (Total:185.86 GB) (Free:84.53 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Drive d: (Data) (Fixed) (Total:258.15 GB) (Free:214.99 GB) NTFS

Drive e: (EN_110402) (CDROM) (Total:7.35 GB) (Free:0 GB) UDF
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (Size: 465.8 GB) (Disk ID: 663C8AE8)
 

Partition: GPT Partition Type.

Sollte/kann/darf ich die CHIP-Installer.exe löschen?