Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Windows 8: Ordner werden als shortcut angezeigt, tlw. auch USB-Sticks (https://www.trojaner-board.de/167236-windows-8-ordner-shortcut-angezeigt-tlw-usb-sticks.html)

eva_mariee 24.05.2015 22:08
Windows 8: Ordner werden als shortcut angezeigt, tlw. auch USB-Sticks
 
Guten Tag, liebe Helfer!

Letzen Montag ist mir das erstemal an einem fremden PC aufgefallen, dass mein USB-Stick als Shortcut angezeigt wurde. Leider habe ich ihn angeklickt und dann auch am eigenen Laptop noch verwendet :headbang:

Ich habe mich dann gestern im Internet schlau gemacht und einiges zu einem Shortcut Virus gefunden. Ich habe dann nach dieser Anleitung versucht den Schaden zu beheben:

hxxp://www.techchore.com/flashdrive-shortcut-virus-and-two-2-methods-to-get-rid-of-it/

Mein USB-Stick scheint auch wieder ok zu sein, nur bei meinem Laptop bin ich mir nicht sicher - ich glaube, das passt noch nicht, da ich einige Male im cmd-File "access denied" bekommen habe.

ACHTUNG: nach eurem letzten LOG (Gmer) kann ich Avira Antivir nicht mehr einschalten! Ich habe zwei Fotos gemacht, eines vom Aussehen des Explorers mit seinen Shortcuts und eines von der Fehlermeldung beim Einschalten von Avira Antivier:

https://plus.google.com/photos/115128392581057048821/albums/6152550836645109201?banner=pwa

Hier nun meine Logs, die ich nach eurer Anleitung erstellt habe - vielen Dank für etwaige Hilfe und Entschuldigung, falls ich nicht immer gleich reagiere - ich lebe momentan in Guatemala = 8 Stunden Zeitverschiebung.

Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 14:21 on 24/05/2015 (eva)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-05-2015 01
Ran by eva (administrator) on ULLI-PC on 24-05-2015 14:25:05
Running from C:\Users\eva\Desktop
Loaded Profiles: eva &  (Available Profiles: eva)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Windows\System32\DptfParticipantProcessorService.exe
() C:\Windows\System32\DptfPolicyConfigTDPService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Projector\Epson USB Display V1.6\EMP_UDSA.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Diskeeper Corporation) C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe
(HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DeviceAgent.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
() C:\Users\eva\Desktop\HFV.exe
() C:\Users\eva\Desktop\HFV.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\WINDOWS\system32\DptfPolicyLpmServiceHelper.exe
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13192848 2012-08-20] (Realtek Semiconductor)
HKLM\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [107192 2012-08-24] (ASUS)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [2419512 2012-11-04] (Logitech, Inc.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-02-05] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe [3417984 2012-08-27] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [728312 2015-05-19] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-05-19] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-12] ()
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [443408 2013-09-09] (Research In Motion Limited)
HKLM-x32\...\Run: [mobilegeni daemon] => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [DBAgent] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [1533728 2015-02-13] (Seagate Technology LLC)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [EPSON_UD_START] => C:\Program Files (x86)\EPSON Projector\Epson USB Display V1.6\EMP_UD.exe [536168 2013-05-31] (SEIKO EPSON CORPORATION)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-964893997-1847190727-3478051664-1002\...\Run: [B497FBE558A0E8CF98F7051B1D4699A80CF8D4D0._service_run] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-05-13] (Google Inc.)
HKU\S-1-5-21-964893997-1847190727-3478051664-1002\...\Run: [Uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [127304 2015-02-13] (Seagate Technology LLC)
HKU\S-1-5-21-964893997-1847190727-3478051664-1002\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [25700400 2015-04-28] (Google)
HKU\S-1-5-21-964893997-1847190727-3478051664-1002\...\CurrentVersion\Windows: [Load] C:\ProgramData\msqcmfnsm.exe <===== ATTENTION
HKU\S-1-5-21-964893997-1847190727-3478051664-1002\...\MountPoints2: {9fb8d0ea-fb3a-11e4-bed1-c4850836bb94} - "E:\EMP_UDSe.exe" /autorun
HKU\S-1-5-21-964893997-1847190727-3478051664-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [B497FBE558A0E8CF98F7051B1D4699A80CF8D4D0._service_run] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-05-13] (Google Inc.)
HKU\S-1-5-21-964893997-1847190727-3478051664-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [127304 2015-02-13] (Seagate Technology LLC)
HKU\S-1-5-21-964893997-1847190727-3478051664-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [25700400 2015-04-28] (Google)
HKU\S-1-5-21-964893997-1847190727-3478051664-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\CurrentVersion\Windows: [Load] C:\ProgramData\msqcmfnsm.exe <===== ATTENTION
HKU\S-1-5-21-964893997-1847190727-3478051664-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {9fb8d0ea-fb3a-11e4-bed1-c4850836bb94} - "E:\EMP_UDSe.exe" /autorun
AppInit_DLLs: C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL => C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL File not found
AppInit_DLLs: , C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [175880 2015-04-08] (NVIDIA Corporation)
AppInit_DLLs: , C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [175880 2015-04-08] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [154256 2015-04-08] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk [2012-10-08]
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe (ASUSTeK Computer Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2012-12-30]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\eva\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk [2014-03-24]
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-964893997-1847190727-3478051664-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
HKU\S-1-5-21-964893997-1847190727-3478051664-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com
HKU\S-1-5-21-964893997-1847190727-3478051664-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
HKU\S-1-5-21-964893997-1847190727-3478051664-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com
SearchScopes: HKU\S-1-5-21-964893997-1847190727-3478051664-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-964893997-1847190727-3478051664-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2013-05-06] (DivX, LLC)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-04-14] (Oracle Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2012-11-04] (Logitech, Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-04-14] (Oracle Corporation)
DPF: HKLM-x32 {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553571000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 172.20.10.1

FireFox:
========
FF ProfilePath: C:\Users\eva\AppData\Roaming\Mozilla\Firefox\Profiles\4qvbq2lp.default
FF SelectedSearchEngine:
FF Homepage: hxxp://www.portal.at/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll [2014-12-12] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll [2014-12-12] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll [2013-05-06] (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2013-04-02] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-04-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-04-14] (Oracle Corporation)
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2013-11-06] ()
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll [2012-12-03] (RocketLife, LLP)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\eva\AppData\Roaming\Mozilla\Firefox\Profiles\4qvbq2lp.default\user.js [2014-01-16]
FF Extension: anonymoX - C:\Users\eva\AppData\Roaming\Mozilla\Firefox\Profiles\4qvbq2lp.default\Extensions\client@anonymox.net.xpi [2013-06-25]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2012-12-30]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &video& - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-06-24]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [not found]

Chrome:
=======
CHR Profile: C:\Users\eva\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-24]
CHR Extension: (Google Drive) - C:\Users\eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-24]
CHR Extension: (YouTube) - C:\Users\eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-24]
CHR Extension: (GeoGebra) - C:\Users\eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnbaboaihhkjoaolfnfoablhllahjnee [2015-04-08]
CHR Extension: (Google Search) - C:\Users\eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-24]
CHR Extension: (Logitech SetPoint) - C:\Users\eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd [2014-08-24]
CHR Extension: (Bookmark Manager) - C:\Users\eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-21]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-16]
CHR Extension: (Google Wallet) - C:\Users\eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-24]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2014-08-24]
CHR Extension: (Bitdefender QuickScan) - C:\Users\eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie [2014-12-11]
CHR Extension: (Gmail) - C:\Users\eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-24]
CHR HKU\S-1-5-21-964893997-1847190727-3478051664-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-964893997-1847190727-3478051664-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [edaibbiobngpbmeonadpbfafbkimjbdd] - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx [2012-12-30]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-05-06]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [827640 2015-05-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-05-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-05-19] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1185584 2015-05-19] (Avira Operations GmbH & Co. KG)
R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)
R3 BlackBerry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [585728 2013-09-09] (Research In Motion Limited) []
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
R2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [29056 2012-07-30] ()
R2 DptfPolicyConfigTDPService; C:\Windows\system32\DptfPolicyConfigTDPService.exe [30592 2012-07-30] ()
R2 EMP_UDSA; C:\Program Files (x86)\EPSON Projector\Epson USB Display V1.6\EMP_UDSA.exe [157696 2013-05-31] (SEIKO EPSON CORPORATION) []
R2 ExpressCache; C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [79664 2012-03-30] (Diskeeper Corporation)
R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [145920 2010-10-25] (HP) []
R2 HPSIService; C:\Windows\system32\HPSIsvc.exe [120832 2011-08-04] (HP) []
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) []
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-09-18] (Intel Corporation)
R2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [193576 2012-07-30] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] ()
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2013-11-14] (Hewlett-Packard) []
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-02-05] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16941856 2014-02-05] (NVIDIA Corporation)
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2013-11-14] (Hewlett-Packard) []
R2 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16216 2015-02-13] (Seagate Technology LLC)
R2 Seagate MobileBackup Service; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [157992 2015-02-13] (Seagate Technology LLC)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation)
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [61824 2012-10-31] (ASUS Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [152744 2015-05-19] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132120 2015-05-19] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-11-26] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43576 2015-03-10] (Avira Operations GmbH & Co. KG)
S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [111104 2015-01-15] (ASIX Electronics Corp.)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-07-22] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1390904 2013-09-05] (Motorola Solutions, Inc.)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-09-25] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-09-25] (Windows (R) Win 7 DDK provider)
R3 DptfDevDram; C:\Windows\system32\DRIVERS\DptfDevDram.sys [107328 2012-07-13] (Intel Corporation)
R3 DptfDevFan; C:\Windows\system32\DRIVERS\DptfDevFan.sys [42816 2012-07-13] (Intel Corporation)
R3 DptfDevGen; C:\Windows\system32\DRIVERS\DptfDevGen.sys [64832 2012-07-13] (Intel Corporation)
R3 DptfDevPch; C:\Windows\system32\DRIVERS\DptfDevPch.sys [96064 2012-07-13] (Intel Corporation)
R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [228672 2012-07-13] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [361792 2012-07-13] (Intel Corporation)
R3 eppvad_simple; C:\Windows\system32\drivers\EMP_UDAU.sys [23040 2013-05-31] (SEIKO EPSON CORPORATION)
R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [23344 2012-03-30] (Diskeeper Corporation)
R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [95024 2012-03-30] (Diskeeper Corporation)
R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2012-07-30] (Intel Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-01] ( )
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\Netwew00.sys [3345376 2013-10-08] (Intel Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [79872 2013-06-27] (Research In Motion Limited)
R3 RimVSerPort; C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
R3 SensorsAlsDriver; C:\Windows\System32\drivers\WUDFRd.sys [226304 2014-10-28] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
S3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188384 2012-08-09] (Windows (R) Win 7 DDK provider)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-24 14:25 - 2015-05-24 14:25 - 00031619 _____ () C:\Users\eva\Desktop\FRST.txt
2015-05-24 14:24 - 2015-05-24 14:25 - 00000000 ____D () C:\FRST
2015-05-24 14:23 - 2015-05-24 14:23 - 02108416 _____ (Farbar) C:\Users\eva\Desktop\FRST64.exe
2015-05-24 14:21 - 2015-05-24 14:21 - 00000468 _____ () C:\Users\eva\Desktop\defogger_disable.log
2015-05-24 14:21 - 2015-05-24 14:21 - 00000000 _____ () C:\Users\eva\defogger_reenable
2015-05-24 14:19 - 2015-05-24 14:19 - 00050477 _____ () C:\Users\eva\Desktop\Defogger.exe
2015-05-24 13:14 - 2015-05-24 13:15 - 00003342 ____N () C:\Users\eva\Desktop\ShortcutVirusRemover.bat
2015-05-24 13:01 - 2015-05-24 13:25 - 00000094 ____N () C:\Users\eva\Desktop\removevirus.bat
2015-05-24 09:08 - 2015-05-24 09:08 - 00000320 _____ () C:\WINDOWS\SysWOW64\win_hcleaner.ini
2015-05-24 09:07 - 2015-05-24 09:07 - 00706893 ____N () C:\Users\eva\Desktop\HFV.exe
2015-05-24 06:25 - 2015-05-24 06:25 - 00000000 ____D () C:\Users\eva\Desktop\Heuriger 2015
2015-05-23 23:09 - 2015-05-23 23:09 - 00003700 ____N () C:\WINDOWS\System32\Tasks\eva Merge
2015-05-23 23:09 - 2015-05-23 23:09 - 00003684 ____N () C:\WINDOWS\System32\Tasks\eva
2015-05-23 23:06 - 2015-05-23 23:06 - 00000000 ____D () C:\WINDOWS\LastGood
2015-05-22 07:03 - 2015-05-22 07:03 - 00000000 ____D () C:\Users\Public\Documents\Hewlett-Packard
2015-05-22 07:01 - 2015-05-22 07:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Projector
2015-05-22 07:01 - 2015-05-22 07:01 - 00000000 ____D () C:\Program Files (x86)\EPSON Projector
2015-05-22 07:01 - 2013-05-31 16:33 - 00023040 ____N (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\Drivers\EMP_UDAU.sys
2015-05-22 06:55 - 2015-05-22 06:55 - 00000000 ____N () C:\WINDOWS\system32\Drivers\Msft_Kernel_ax88772_01011.Wdf
2015-05-18 17:43 - 2015-05-18 17:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macromedia
2015-05-18 17:43 - 2015-05-18 17:43 - 00000000 ____D () C:\ProgramData\Macromedia
2015-05-18 17:43 - 2015-05-18 17:43 - 00000000 ____D () C:\Program Files (x86)\Macromedia
2015-05-18 17:41 - 2015-05-18 17:41 - 00000000 ____D () C:\WINDOWS\Downloaded Installations
2015-05-18 17:39 - 2015-05-18 17:56 - 00000000 ____D () C:\Users\eva\Desktop\Macromedia 8
2015-05-16 19:05 - 2015-05-16 19:05 - 00000000 ____D () C:\Users\eva\Documents\ASUS
2015-05-16 19:05 - 2015-05-16 19:05 - 00000000 ____D () C:\ProgramData\ASUS
2015-05-09 13:08 - 2015-05-09 13:08 - 00000000 ____D () C:\Users\Default\AppData\Local\Google
2015-05-09 13:08 - 2015-05-09 13:08 - 00000000 ____D () C:\Users\Default User\AppData\Local\Google

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-24 14:21 - 2014-01-14 01:48 - 00000000 ____D () C:\Users\eva
2015-05-24 14:12 - 2013-05-28 20:06 - 00000922 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-24 14:02 - 2012-12-30 13:46 - 00000350 _____ () C:\WINDOWS\Tasks\HP Photo Creations Communicator.job
2015-05-24 14:00 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-05-24 13:01 - 2013-11-14 01:28 - 00863592 ____N () C:\WINDOWS\system32\PerfStringBackup.INI
2015-05-24 11:46 - 2012-12-15 19:29 - 00003598 ____N () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-964893997-1847190727-3478051664-1002
2015-05-24 10:57 - 2014-01-14 01:43 - 01553697 _____ () C:\WINDOWS\WindowsUpdate.log
2015-05-24 10:16 - 2014-08-26 06:54 - 00136408 ____N (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-05-24 06:20 - 2013-08-22 08:46 - 00388858 _____ () C:\WINDOWS\setupact.log
2015-05-24 06:19 - 2015-02-10 19:43 - 00000000 ____D () C:\Users\eva\Desktop\div_sticks
2015-05-23 23:08 - 2015-01-16 14:49 - 00003480 ____N () C:\WINDOWS\System32\Tasks\eva DBAgent 2 0
2015-05-23 23:07 - 2015-04-08 18:41 - 00000000 ____D () C:\Users\eva\Google Drive
2015-05-23 23:07 - 2014-01-14 05:26 - 00000000 ___DO () C:\Users\eva\SkyDrive
2015-05-23 23:07 - 2013-05-28 20:06 - 00000918 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-23 23:05 - 2015-04-19 08:47 - 00000000 ____D () C:\WINDOWS\SysWOW64\NV
2015-05-23 23:05 - 2015-04-19 08:47 - 00000000 ____D () C:\WINDOWS\system32\NV
2015-05-23 23:05 - 2013-11-14 01:20 - 00236396 _____ () C:\WINDOWS\PFRO.log
2015-05-23 23:05 - 2013-08-22 08:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-05-23 23:05 - 2013-08-22 08:44 - 00492528 ____N () C:\WINDOWS\system32\FNTCACHE.DAT
2015-05-23 23:04 - 2013-08-22 07:25 - 01048576 _____ () C:\WINDOWS\system32\config\BBI
2015-05-23 20:50 - 2014-08-26 06:54 - 00001116 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-23 20:50 - 2014-08-26 06:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-23 20:50 - 2014-08-26 06:53 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-23 19:47 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-05-23 17:10 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-05-22 06:54 - 2015-04-19 08:45 - 00000000 ____D () C:\WINDOWS\LastGood.Tmp
2015-05-21 20:34 - 2012-08-04 19:42 - 03497316 _____ () C:\WINDOWS\AsDebug.log
2015-05-21 20:34 - 2012-08-04 19:42 - 00573596 _____ () C:\WINDOWS\AsCDProc.log
2015-05-21 19:47 - 2013-01-07 21:43 - 00123256 ____N () C:\Users\eva\AppData\Local\GDIPFONTCACHEV1.DAT
2015-05-20 18:40 - 2013-05-15 06:40 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-19 15:49 - 2014-04-01 07:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-05-19 15:47 - 2013-03-31 10:07 - 00152744 ____N (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2015-05-19 15:47 - 2013-03-31 10:07 - 00132120 ____N (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2015-05-18 17:50 - 2012-12-15 20:00 - 00000000 ____D () C:\Users\eva\AppData\Roaming\Macromedia
2015-05-17 20:07 - 2013-05-28 20:06 - 00003894 ____N () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-17 20:07 - 2013-05-28 20:06 - 00003658 ____N () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-17 17:32 - 2013-01-09 20:43 - 00000000 ____D () C:\Users\Public\Documents\Personalvertretung
2015-05-16 19:05 - 2012-12-15 19:19 - 00000000 ____D () C:\Users\eva\AppData\Local\ASUS
2015-05-09 13:09 - 2015-04-08 18:39 - 00002060 _____ () C:\Users\Public\Desktop\Google Slides.lnk
2015-05-09 13:09 - 2015-04-08 18:39 - 00002058 _____ () C:\Users\Public\Desktop\Google Sheets.lnk
2015-05-09 13:09 - 2015-04-08 18:39 - 00002048 _____ () C:\Users\Public\Desktop\Google Docs.lnk
2015-05-09 13:09 - 2015-04-08 18:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-05-06 14:07 - 2015-02-02 14:07 - 00000338 _____ () C:\WINDOWS\Tasks\SuperEasyDriverUpdater_UPDATES.job
2015-05-03 19:39 - 2012-12-30 11:25 - 00000000 ____D () C:\Users\eva\AppData\Roaming\HpUpdate

==================== Files in the root of some directories =======

2013-01-02 20:14 - 2013-01-02 20:14 - 0000021 ____N () C:\Users\eva\AppData\Roaming\my_intel.sys
2013-09-06 20:07 - 2014-06-02 11:21 - 0001001 ____N () C:\Users\eva\AppData\Roaming\Rim.Desktop.Exception.log
2013-09-06 20:06 - 2013-09-06 20:06 - 0001092 ____N () C:\Users\eva\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2013-09-06 20:07 - 2014-06-02 11:21 - 0001001 ____N () C:\Users\eva\AppData\Roaming\Rim.DesktopHelper.Exception.log
2012-12-15 19:22 - 2015-04-05 15:20 - 0000401 ____N () C:\Users\eva\AppData\Roaming\sp_data.sys
2014-10-04 23:41 - 2014-10-04 23:41 - 0004634 ____N () C:\Users\eva\AppData\Local\recently-used.xbel
2012-12-30 13:37 - 2014-09-23 20:10 - 0005807 _____ () C:\ProgramData\hpzinstall.log
2014-12-26 10:17 - 2014-10-28 19:52 - 98635776 ____N (Linoma Software) C:\ProgramData\msqcmfnsm.exe
2012-08-04 19:42 - 2012-07-30 00:03 - 0000217 _____ () C:\ProgramData\SetStretch.cmd
2012-08-04 19:42 - 2009-07-22 04:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe

Files to move or delete:
====================
C:\ProgramData\msqcmfnsm.exe
C:\ProgramData\SetStretch.exe


Some files in TEMP:
====================
C:\Users\eva\AppData\Local\Temp\5e015ba4-1ce8-44f6-aa10-3710366e46ae.setup.exe
C:\Users\eva\AppData\Local\Temp\avgnt.exe
C:\Users\eva\AppData\Local\Temp\cdo3012836724.dll
C:\Users\eva\AppData\Local\Temp\cdo3469322610.dll
C:\Users\eva\AppData\Local\Temp\cdo3566297938.dll
C:\Users\eva\AppData\Local\Temp\cdo397585490.dll
C:\Users\eva\AppData\Local\Temp\FileSystemView.dll
C:\Users\eva\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\eva\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe
C:\Users\eva\AppData\Local\Temp\setup.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-23 23:56

==================== End of log ============================

Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-05-2015 01
Ran by eva at 2015-05-24 14:25:54
Running from C:\Users\eva\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-964893997-1847190727-3478051664-500 - Administrator - Disabled)
eva (S-1-5-21-964893997-1847190727-3478051664-1002 - Administrator - Enabled) => C:\Users\eva
Guest (S-1-5-21-964893997-1847190727-3478051664-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 16.2.1 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS Instant Connect (HKLM-x32\...\{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}) (Version: 1.2.8 - ASUS)
ASUS InstantOn (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 3.0.2 - ASUS)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.1.5 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.8 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 2.0.4 - ASUS)
ASUS Screen Saver (HKLM\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.1 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 1.0.35 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.03.0004 - ASUS)
ASUS Tutor (HKLM-x32\...\{58172D66-2F69-4215-9AEC-ED8196023736}) (Version: 1.0.6 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.4 - ASUS)
ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.9.120 - ASUS Cloud Corporation)
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.10.168 - ASUSTEK)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0022 - ASUS)
Avira (HKLM-x32\...\{b5675cc4-ab8b-4945-8c1d-4c5479556d6a}) (Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.10.434 - Avira Operations GmbH & Co. KG)
BlackBerry Desktop Software 7.1 (HKLM-x32\...\BlackBerry_Desktop) (Version: 7.1.0.41 - Research in Motion Ltd.)
BlackBerry Desktop Software 7.1 (x32 Version: 7.1.0.41 - Research in Motion Ltd.) Hidden
BlackBerry Device Software Updater (HKLM-x32\...\{334147DC-B3C8-4626-A985-4AEA8A36DAB6}) (Version: 8.0.0.41 - Research In Motion Ltd)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
CoffeeCup Free HTML Editor (HKU\S-1-5-21-964893997-1847190727-3478051664-1002\...\CoffeeCup Free HTML Editor) (Version:  - )
CoffeeCup Free HTML Editor (HKU\S-1-5-21-964893997-1847190727-3478051664-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\CoffeeCup Free HTML Editor) (Version:  - )
D110 (x32 Version: 140.0.353.000 - Hewlett-Packard) Hidden
Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.44 - DivX, LLC)
Epson USB Display (HKLM-x32\...\{7650F538-6274-44EA-8F50-843479073333}) (Version: 1.62.000 - SEIKO EPSON CORPORATION)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ExpressCache (HKLM\...\{2EBEFDA8-F905-4C39-AC1C-D5ABE7B3E0AE}) (Version: 1.0.86 - Diskeeper Corporation)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
GeoGebra (HKLM-x32\...\GeoGebra) (Version: 4.0.30.0 - International GeoGebra Institute)
GIMP 2.8.2 (HKLM\...\GIMP-2_is1) (Version: 2.8.2 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.65 - Google Inc.)
Google Drive (HKLM-x32\...\{35574F09-89F9-4B16-B69B-64F3E25901B8}) (Version: 1.21.9226.6034 - Google, Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP LaserJet Professional CP1020 Series (HKLM-x32\...\{F2918DE9-8F79-44c8-85D8-CAD1245B95D3}) (Version:  - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.12412 - HP Photo Creations Powered by RocketLife)
HP Photosmart D110 All-In-One Driver Software 14.0 Rel. 6 (HKLM\...\{A5E2418D-B360-419D-AAAD-0D8F2E98FBF6}) (Version: 14.0 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPAppStudio (x32 Version: 140.0.95.000 - Hewlett-Packard) Hidden
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPLaserJetHelp_LearnCenter (HKLM-x32\...\{66012C7F-D4FD-4C8D-8FBA-D0A680B1C149}) (Version: 1.02.0000 - Hewlett-Packard)
HPLJUT (x32 Version: 1.00.0012 - HP) Hidden
hppCP1020LaserJetService (x32 Version: 001.008.00477 - Hewlett-Packard) Hidden
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
hppLaserJetService (x32 Version: 002.015.00599 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 6.0.5.1080 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{302600C1-6BDF-4FD1-1309-148929CC1385}) (Version: 3.1.1309.0390 - Intel Corporation)
Intel(R) Rapid Start Technology (HKLM-x32\...\3D073343-CEEB-4ce7-85AC-A69A7631B5D6) (Version: 2.1.0.1002 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel(R) Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{EDBA2433-0910-4C72-8C5B-8FEDAE3EF18E}) (Version: 3.5.34.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{c9967fbd-e3c3-4ed0-992a-5b33260f2944}) (Version: 16.1.5 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version:  - )
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.550 - Oracle)
Logitech SetPoint 6.51 (HKLM\...\sp6) (Version: 6.51.8 - Logitech)
Macromedia Dreamweaver 8 (HKLM-x32\...\{0837A661-FEC3-48B3-876C-91E7D32048A9}) (Version: 8.0.0.2734 - Macromedia)
Macromedia Extension Manager (HKLM-x32\...\{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}) (Version: 1.7.240 - Macromedia, Inc.)
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme (HKLM-x32\...\{90120000-00B2-0407-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Network64 (Version: 140.0.306.000 - Hewlett-Packard) Hidden
Nur Entfernen der CopyTrans Suite möglich (HKU\S-1-5-21-964893997-1847190727-3478051664-1002\...\CopyTrans Suite) (Version: 2.37 - WindSolutions)
Nur Entfernen der CopyTrans Suite möglich (HKU\S-1-5-21-964893997-1847190727-3478051664-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\CopyTrans Suite) (Version: 2.37 - WindSolutions)
NVIDIA GeForce Experience 1.8.2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.2.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 350.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 350.12 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0324 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0324 - NVIDIA Corporation)
NVIDIA Virtual Audio 1.2.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.20 - NVIDIA Corporation)
Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}) (Version: 3.60.0 - dotPDN LLC)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PS_AIO_07_D110_SW_Min (x32 Version: 140.0.365.000 - Hewlett-Packard) Hidden
QuickTransfer (x32 Version: 140.0.98.000 - Hewlett-Packard) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6710 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
Seagate Dashboard (HKLM-x32\...\{EA266F00-A8E7-43A0-8DED-FBFE3F076934}) (Version: 4.0.1902.0 - Seagate)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SHIELD Streaming (Version: 1.7.321 - NVIDIA Corporation) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
Sublime Text 2.0.2 (HKLM\...\Sublime Text 2_is1) (Version:  - )
SUPER © Version 2010.bld.37 (Jan 2, 2010) (HKLM-x32\...\SUPER ©) (Version: Version 2010.bld.37 (Jan 2, 2010) - eRightSoft)
TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.30992 - TeamViewer)
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
Windows Driver Package - ASUS (ATP) Mouse  (10/29/2012 1.0.0.148) (HKLM\...\C01F56FBD9B141017E63E2A1A141E59934D4DC67) (Version: 10/29/2012 1.0.0.148 - ASUS)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.1 - ASUS)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

04-05-2015 20:11:22 Scheduled Checkpoint
13-05-2015 17:43:42 Scheduled Checkpoint
18-05-2015 17:43:07 Installed Macromedia Dreamweaver 8

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 07:25 - 2013-08-22 07:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {023417BE-10B3-4661-BD22-B8CF42195E3C} - System32\Tasks\{AB276CEB-C1A2-4370-99E9-903C8E7626F1} => Chrome.exe hxxp://ui.skype.com/ui/0/7.0.0.102/en/abandoninstall?page=tsMain
Task: {036BBF42-E7E6-4608-A51C-2BFD0973F31F} - System32\Tasks\Seagate_Install_Launch => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe [2015-02-13] (Seagate Technology LLC)
Task: {04D3D92E-0BDE-45CB-9121-030F9E2A28F6} - System32\Tasks\{0E7401C2-FC9C-41EB-8F4D-27299929021B} => pcalua.exe -a C:\Users\eva\AppData\Local\BeamriseUninstall\Bootstrapper{1.4BR2gpTP.100}.exe -c uninstall –slot=1 –bagKey=yikAakHwZJ8U
Task: {11F247F4-96AE-42BC-AC9C-D0EA67929A1C} - System32\Tasks\SuperEasyDriverUpdaterRunAtStartup => C:\Program Files (x86)\SuperEasy Software\Driver Updater\supereasydu.exe
Task: {18E683ED-5BC5-4276-AB05-6D1EB05A0B5F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {1D189FBA-F98A-4916-B000-CCE4E9337DCA} - System32\Tasks\ASUS Touchpad Launcher (x64) => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2012-10-31] (AsusTek)
Task: {23131080-1C79-41EA-8A08-0CDFFDB01746} - System32\Tasks\eva Merge => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2015-02-13] (Seagate Technology LLC)
Task: {245749BD-F7E4-4E88-9E8F-F8AD903DCEDD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-28] (Google Inc.)
Task: {35656B35-E85E-4C6A-9B8D-5EC52D675717} - System32\Tasks\eva => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2015-02-13] (Seagate Technology LLC)
Task: {42DBDD1E-4E71-4A40-B3E9-EA0FE0E7E87C} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {5634D503-D8D5-4A9F-8C32-6B892A801A72} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {5AE3412E-FE4F-4321-9757-2564CB7BB64B} - System32\Tasks\HPLJCustParticipation => C:\Program Files (x86)\HP\HPLJUT\HPLJUTSCH.exe [2010-09-22] (Hewlett Packard)
Task: {60F4703E-DEC6-415F-9332-D7F342331CE8} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {66ECB3A6-E689-424E-8C2A-A59EAADE18C6} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {706EF7A2-97FB-416C-A1DC-4FAB69D9C5CE} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\Communicator.exe [2012-12-30] ()
Task: {8876534E-C15B-4F96-991D-8D05A6ADDF35} - System32\Tasks\eva DBAgent 2 0 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [2015-02-13] (Seagate Technology LLC)
Task: {8B2368B4-6ABD-4F21-909D-A0996E083497} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-28] (Google Inc.)
Task: {8BCE6D0F-FFC3-4D84-87B2-DB3B19E62F7E} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-07-24] (ASUSTek Computer Inc.)
Task: {8FFF57FB-7441-4151-9599-D9BB58C58C95} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-23] (Microsoft Corporation)
Task: {98594AE4-B71D-45C6-9755-4CA12EFD2519} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {9BDDAB86-5729-4122-AE5B-209977814EDD} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {A72EB1D4-0D6B-497D-B8C7-A8C125929275} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {BC3C2220-EDBD-4A5F-814B-F6D3753B57DE} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {C41A826B-0CD1-4A6E-A06F-E8CE4A1D08E7} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-08-24] (ASUS)
Task: {CA563CBE-3913-4085-B26B-F7E803503895} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {CDC0FE9F-6CB9-4A2E-B92A-23840B25F391} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-07-25] (ASUSTeK Computer Inc.)
Task: {E419F02F-4791-4CFC-8C44-8E3B2236F936} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {E6BD8F1F-8383-4A8D-BF0A-FAE5F031BA8B} - System32\Tasks\SuperEasyDriverUpdater_UPDATES => C:\Program Files (x86)\SuperEasy Software\Driver Updater\supereasydu.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\Communicator.exe
Task: C:\WINDOWS\Tasks\SuperEasyDriverUpdater_UPDATES.job => C:\Program Files (x86)\SuperEasy Software\Driver Updater\supereasydu.exe

==================== Loaded Modules (Whitelisted) ==============

2014-01-14 01:43 - 2015-04-08 15:30 - 00116552 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-12-24 06:53 - 2012-12-24 06:53 - 00129024 ____N () C:\WINDOWS\System32\HPCP1020LM.DLL
2012-08-30 01:35 - 2012-07-30 05:26 - 00029056 ____N () C:\WINDOWS\system32\DptfParticipantProcessorService.exe
2012-08-30 01:35 - 2012-07-30 05:27 - 00030592 ____N () C:\WINDOWS\system32\DptfPolicyConfigTDPService.exe
2012-08-24 18:26 - 2012-08-24 18:26 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2012-11-04 11:42 - 2012-11-04 11:42 - 00071992 _____ () C:\Program Files\Logitech\SetPointP\WinRTProxy.DLL
2012-08-30 01:33 - 2012-08-15 11:52 - 00094208 ____N () C:\Windows\System32\IccLibDll_x64.dll
2015-05-24 09:07 - 2015-05-24 09:07 - 00706893 ____N () C:\Users\eva\Desktop\HFV.exe
2014-07-31 12:16 - 2014-07-31 12:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-10-08 04:34 - 2012-06-25 11:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2015-05-22 12:14 - 2015-05-13 10:48 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.65\libglesv2.dll
2015-05-22 12:14 - 2015-05-13 10:48 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.65\libegl.dll
2015-05-22 12:14 - 2015-05-13 10:48 - 14982472 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.65\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\eva\SkyDrive:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-964893997-1847190727-3478051664-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\eva\Pictures\2013\Hawaii 0613\DSCN4234.JPG
HKU\S-1-5-21-964893997-1847190727-3478051664-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\eva\Pictures\2013\Hawaii 0613\DSCN4234.JPG
DNS Servers: 172.20.10.1

==================== MSCONFIG/TASK MANAGER Error getting ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "AsusVibeLauncher.lnk"
HKLM\...\StartupApproved\Run: => "ACMON"
HKLM\...\StartupApproved\Run32: => "DivXMediaServer"
HKLM\...\StartupApproved\Run32: => "DivXUpdate"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "DBAgent"
HKU\S-1-5-21-964893997-1847190727-3478051664-1002\...\StartupApproved\StartupFolder: => "OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk"
HKU\S-1-5-21-964893997-1847190727-3478051664-1002\...\StartupApproved\Run: => "Uploader"
HKU\S-1-5-21-964893997-1847190727-3478051664-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\StartupFolder: => "OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk"
HKU\S-1-5-21-964893997-1847190727-3478051664-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "Uploader"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{D8DAD5D1-1F06-4852-BB73-7B4278961884}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{3EACD543-70F3-4831-8C2A-A380D71DDC7E}] => (Allow) LPort=4482
FirewallRules: [{9D23796F-42F7-4D51-A623-9ADB51FD7F94}] => (Allow) LPort=4482
FirewallRules: [{B50E7D48-D4A5-430C-BAA2-EA6E3548AEEE}] => (Allow) LPort=4481
FirewallRules: [{4EFF1B9B-0D5A-4DA5-9858-15F30BDECB06}] => (Allow) LPort=4481
FirewallRules: [{D1D4F05A-9B5E-4254-A67A-9EDBA99DD92B}] => (Allow) C:\Program Files (x86)\BlackBerry Desktop\Rim.Desktop.exe
FirewallRules: [{B3275FE2-402E-4974-9F15-DF7FBD9392C8}] => (Allow) C:\Program Files (x86)\BlackBerry Desktop\Rim.Desktop.exe
FirewallRules: [{EF2F7E10-DC3E-44DD-AC06-962107218977}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{7FB06B69-0145-457B-8515-95E4D7928483}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{8379195E-12BE-415A-9270-E058B0D1855C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{B160BA9B-350A-4FC2-8466-A11CC0A637C9}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{4E9632B1-8A9F-47E6-A4B7-022DC04B15B2}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{9762F22F-037D-4546-8872-0D88C5F935CE}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{D1D5CEDE-3A4C-45BA-AD94-52077F44A01D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{33A33B8C-30EF-4177-9261-35E4042FE61E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{EE3DB352-4315-4A5C-A829-00F796B30733}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{4331D622-2D3A-4EC7-B751-7331269EEEE8}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{57A47C89-72FC-46BD-BFDB-5A8564569EBB}] => (Allow) C:\Users\eva\AppData\Local\Beamrise\Application\31.0.1650.7639\services\windows-x86-skypekit.exe
FirewallRules: [{4CD96E01-16D9-4C23-87A8-B670171E6A56}] => (Allow) C:\Users\eva\AppData\Local\Beamrise\Application\31.0.1650.7639\services\windows-x86-skypekit.exe
FirewallRules: [{291BA644-B436-4523-AF44-22CB31EC0BAC}] => (Allow) C:\Users\eva\AppData\Local\Beamrise\Application\31.0.1650.7639\windows-x86-skypekit.exe
FirewallRules: [{5762DD5A-3C03-4DB4-B103-661F078C9601}] => (Allow) C:\Users\eva\AppData\Local\Beamrise\Application\31.0.1650.7639\windows-x86-skypekit.exe
FirewallRules: [{8065A733-1D14-4A1B-B773-C3DD2B511F97}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{3BEFD9F0-1099-47BC-A19D-4199F29A289A}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{CDF323BF-A11E-4503-A2B8-ED5296601115}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{6662D437-18BE-4DCA-96DF-5DAB086DD99A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{E2B64105-2A35-44FC-9946-5DEC1FB95B60}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{51EF41A7-BAB2-4ACE-80F3-7DDD43199D4E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{7A1A014E-F774-4294-8F84-CD9F4E21ACA4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{CDA3D6A8-9DC3-459D-AB67-F629FA6B2862}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{68685F20-7A9E-455A-9E43-07C7E29E042D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F82D61C3-001D-4360-85AF-AF4AA8FE604B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D2DA6547-A1CB-4607-A8D7-B23ABF94D077}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
FirewallRules: [{14DF9E15-01E9-4FEE-8070-5970F2696559}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
FirewallRules: [{7FDE5B33-7032-495B-B7B5-CDC1706EC7D3}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
FirewallRules: [{699861EE-6C4D-40DE-997F-F6C10787E2E0}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
FirewallRules: [{953C0655-4803-4F56-BD0E-6C3C913A0C80}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{1A6AED7F-F488-410A-8F4D-FA4A6FDBAC8C}] => (Allow) E:\Installer\hpbcsiInstaller.exe
FirewallRules: [{B361681B-84A6-4C81-9CC7-34AB4833A203}] => (Allow) E:\Installer\hpbcsiInstaller.exe
FirewallRules: [TCP Query User{396CA64A-FEE5-4575-B62D-39F8D5FFBBFF}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe
FirewallRules: [UDP Query User{2077040E-1322-4757-AA02-686BCE692B81}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe
FirewallRules: [{14E60836-010F-4724-88AD-13634D3F1C52}] => (Allow) LPort=8888
FirewallRules: [{445249C1-BBAC-4BA9-ACFA-3ADF41817C57}] => (Allow) LPort=8888
FirewallRules: [{42CA0C55-D77A-4BFA-9A3F-865326466217}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name: USB-IF xHCI USB Host Controller
Description: USB-IF xHCI USB Host Controller
Class Guid: {8a2edc79-c759-46f2-88af-9d4efe3b5eee}
Manufacturer: Intel Corporation
Service: XHCIPort
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Photosmart D110 series
Description: Photosmart D110 series
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Photosmart D110 series
Description: Photosmart D110 series
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Photosmart D110 series
Description: Photosmart D110 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Photosmart D110 series
Description: Photosmart D110 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: HP Color LaserJet CM2320nf MFP
Description: HP Color LaserJet CM2320nf MFP
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: HP LaserJet P3010 Series
Description: HP LaserJet P3010 Series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: HP LaserJet P3010 Series
Description: HP LaserJet P3010 Series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: HP LaserJet P3010 Series
Description: HP LaserJet P3010 Series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: HP LaserJet P3010 Series
Description: HP LaserJet P3010 Series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: HP LaserJet P3010 Series
Description: HP LaserJet P3010 Series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: HP LaserJet P3010 Series
Description: HP LaserJet P3010 Series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: HP LaserJet P4014
Description: HP LaserJet P4014
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: HP Color LaserJet CM2320nf MFP
Description: HP Color LaserJet CM2320nf MFP
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: HP LaserJet P4014
Description: HP LaserJet P4014
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: HP LaserJet P4014
Description: HP LaserJet P4014
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: HP LaserJet P3010 Series
Description: HP LaserJet P3010 Series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: HP LaserJet P3010 Series
Description: HP LaserJet P3010 Series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: HP LaserJet P3010 Series
Description: HP LaserJet P3010 Series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/24/2015 08:55:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: googledrivesync.exe, version: 1.21.9226.6034, time stamp: 0x509418e4
Faulting module name: ntdll.dll, version: 6.3.9600.17668, time stamp: 0x54c846bb
Exception code: 0xc0000005
Fault offset: 0x00041eee
Faulting process id: 0x1a6c
Faulting application start time: 0xgoogledrivesync.exe0
Faulting application path: googledrivesync.exe1
Faulting module path: googledrivesync.exe2
Report Id: googledrivesync.exe3
Faulting package full name: googledrivesync.exe4
Faulting package-relative application ID: googledrivesync.exe5

Error: (05/24/2015 08:55:35 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6500

Error: (05/24/2015 08:55:35 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6500

Error: (05/24/2015 08:55:35 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/24/2015 07:51:43 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rundll32.exe, version: 6.3.9600.17415, time stamp: 0x545045a2
Faulting module name: ntdll.dll, version: 6.3.9600.17668, time stamp: 0x54c846bb
Exception code: 0xc0000005
Fault offset: 0x00027fb3
Faulting process id: 0x1284
Faulting application start time: 0xrundll32.exe0
Faulting application path: rundll32.exe1
Faulting module path: rundll32.exe2
Report Id: rundll32.exe3
Faulting package full name: rundll32.exe4
Faulting package-relative application ID: rundll32.exe5

Error: (05/24/2015 05:39:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rundll32.exe, version: 6.3.9600.17415, time stamp: 0x545045a2
Faulting module name: ntdll.dll, version: 6.3.9600.17668, time stamp: 0x54c846bb
Exception code: 0xc0000005
Fault offset: 0x00027fb3
Faulting process id: 0x104c
Faulting application start time: 0xrundll32.exe0
Faulting application path: rundll32.exe1
Faulting module path: rundll32.exe2
Report Id: rundll32.exe3
Faulting package full name: rundll32.exe4
Faulting package-relative application ID: rundll32.exe5

Error: (05/24/2015 00:33:11 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3437

Error: (05/24/2015 00:33:11 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3437

Error: (05/24/2015 00:33:11 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/24/2015 00:33:10 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2328


System errors:
=============
Error: (05/24/2015 10:20:15 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: ULLI-PC)
Description: 0x8000002a116\??\C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\S-1-5-21-964893997-1847190727-3478051664-1002-1-ntuser.dat

Error: (05/24/2015 10:19:23 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: ULLI-PC)
Description: 0x8000002a116\??\C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\S-1-5-21-964893997-1847190727-3478051664-1002-0-ntuser.dat

Error: (05/23/2015 11:04:18 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Superfetch service terminated with the following error:
%%1062

Error: (05/23/2015 08:52:20 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: ULLI-PC)
Description: 0x8000002a116\??\C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\S-1-5-21-964893997-1847190727-3478051664-1002-1-ntuser.dat

Error: (05/23/2015 08:51:32 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: ULLI-PC)
Description: 0x8000002a116\??\C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\S-1-5-21-964893997-1847190727-3478051664-1002-0-ntuser.dat

Error: (05/22/2015 07:01:12 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The EMP_UDSA service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (05/21/2015 09:06:00 PM) (Source: DCOM) (EventID: 10010) (User: ULLI-PC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (05/21/2015 09:06:00 PM) (Source: DCOM) (EventID: 10010) (User: ULLI-PC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (05/17/2015 08:54:09 PM) (Source: DCOM) (EventID: 10010) (User: ULLI-PC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (05/17/2015 08:54:09 PM) (Source: DCOM) (EventID: 10010) (User: ULLI-PC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}


Microsoft Office:
=========================
Error: (09/07/2014 00:21:12 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6700.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3887 seconds with 3360 seconds of active time.  This session ended with a crash.

Error: (08/06/2014 06:52:46 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6700.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 5469 seconds with 2760 seconds of active time.  This session ended with a crash.

Error: (07/02/2014 07:05:54 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6690.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1546 seconds with 1320 seconds of active time.  This session ended with a crash.

Error: (01/27/2014 05:12:52 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 679 seconds with 660 seconds of active time.  This session ended with a crash.

Error: (08/25/2013 00:34:20 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 563 seconds with 420 seconds of active time.  This session ended with a crash.

Error: (05/20/2013 04:14:59 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1123 seconds with 360 seconds of active time.  This session ended with a crash.

Error: (04/19/2013 03:13:22 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 34 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (04/19/2013 03:12:32 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2672 seconds with 1200 seconds of active time.  This session ended with a crash.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-3517U CPU @ 1.90GHz
Percentage of memory in use: 58%
Total physical RAM: 6029.56 MB
Available physical RAM: 2524.17 MB
Total Pagefile: 7181.56 MB
Available Pagefile: 3015.77 MB
Total Virtual: 131072 MB
Available Virtual: 131071.78 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:185.96 GB) (Free:76.88 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (DATA) (Fixed) (Total:258.45 GB) (Free:258.33 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 4F359092)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 22.4 GB) (Disk ID: 41B54F21)

Partition: GPT Partition Type.

==================== End of log ============================

GMER Logfile:
Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-05-24 14:43:27
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\00000052 Hitachi_HTS545050A7E380 rev.GG2OA6C0 465.76GB
Running: Gmer-19357.exe; Driver: C:\Users\eva\AppData\Local\Temp\pxldapod.sys


---- Kernel code sections - GMER 2.1 ----

.text  C:\WINDOWS\System32\win32k.sys!W32pServiceTable                                                                          fffff9600010fa00 15 bytes [00, 2E, F4, 01, 80, A0, 6E, ...]
.text  C:\WINDOWS\System32\win32k.sys!W32pServiceTable + 17                                                                    fffff9600010fa11 10 bytes [5E, FC, FF, 00, BB, C7, 00, ...]

---- User code sections - GMER 2.1 ----

.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[628] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleInformation  00007ffde1e33e10 7 bytes JMP 00007ffee01b0260
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[628] C:\WINDOWS\system32\KERNEL32.DLL!RegQueryValueExW          00007ffde1e33e20 7 bytes JMP 00007ffee01b0298
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[628] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExW            00007ffde1ee39b0 7 bytes JMP 00007ffee01b0340
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[628] C:\WINDOWS\system32\KERNEL32.DLL!RegDeleteValueW          00007ffde1ee3ef0 7 bytes JMP 00007ffee01b02d0
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[628] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExA            00007ffde1ee3fe0 7 bytes JMP 00007ffee01b0308
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[628] C:\WINDOWS\system32\KERNEL32.DLL!K32EnumProcessModulesEx  00007ffde1f106c0 7 bytes JMP 00007ffee01b01f0
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[628] C:\WINDOWS\system32\KERNEL32.DLL!K32GetMappedFileNameW    00007ffde1f10730 7 bytes JMP 00007ffee01b0228
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[628] C:\WINDOWS\SYSTEM32\combase.dll!CoCreateInstance          00007ffde28dd050 7 bytes JMP 00007ffee01b0500
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[628] C:\WINDOWS\SYSTEM32\combase.dll!CoSetProxyBlanket          00007ffde290b170 5 bytes JMP 00007ffee01b0538
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5820] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleInformation    00007ffde1e33e10 7 bytes JMP 00007ffee01b0260
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5820] C:\WINDOWS\system32\KERNEL32.DLL!RegQueryValueExW          00007ffde1e33e20 7 bytes JMP 00007ffee01b0298
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5820] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExW            00007ffde1ee39b0 7 bytes JMP 00007ffee01b0340
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5820] C:\WINDOWS\system32\KERNEL32.DLL!RegDeleteValueW            00007ffde1ee3ef0 7 bytes JMP 00007ffee01b02d0
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5820] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExA            00007ffde1ee3fe0 7 bytes JMP 00007ffee01b0308
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5820] C:\WINDOWS\system32\KERNEL32.DLL!K32EnumProcessModulesEx    00007ffde1f106c0 7 bytes JMP 00007ffee01b01f0
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5820] C:\WINDOWS\system32\KERNEL32.DLL!K32GetMappedFileNameW      00007ffde1f10730 7 bytes JMP 00007ffee01b0228
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5820] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary              00007ffde01c21d0 5 bytes JMP 00007ffee01b0180
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5820] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleW        00007ffde01c29d0 7 bytes JMP 00007ffee01b00d8
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5820] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleExW      00007ffde01c4310 5 bytes JMP 00007ffee01b0110
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5820] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW          00007ffde01c8d80 5 bytes JMP 00007ffee01b0148
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5820] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleFileNameExW    00007ffde023f0b0 5 bytes JMP 00007ffee01b01b8
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5820] C:\WINDOWS\system32\USER32.dll!CreateWindowExW              00007ffde2676d90 1 byte JMP 00007ffee01b0420
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5820] C:\WINDOWS\system32\USER32.dll!CreateWindowExW + 2          00007ffde2676d92 8 bytes {JMP 0xfffffffffdb39690}
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5820] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesW          00007ffde26874a0 5 bytes JMP 00007ffee01b03e8
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5820] C:\WINDOWS\system32\USER32.dll!DisplayConfigGetDeviceInfo  00007ffde2687560 9 bytes JMP 00007ffee01b0378
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5820] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExW    00007ffde2687730 5 bytes JMP 00007ffee01b0458
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5820] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesA          00007ffde2696b10 5 bytes JMP 00007ffee01b03b0
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5820] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList      00007ffde1f71500 1 byte JMP 00007ffee01b0490
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5820] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2  00007ffde1f71502 6 bytes {JMP 0xfffffffffe23ef90}
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5820] C:\WINDOWS\system32\GDI32.dll!D3DKMTQueryAdapterInfo        00007ffde1f71750 8 bytes JMP 00007ffee01b04c8
.text  C:\Windows\System32\igfxpers.exe[3560] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleInformation                          00007ffde1e33e10 7 bytes JMP 00007ffee01b0260
.text  C:\Windows\System32\igfxpers.exe[3560] C:\WINDOWS\system32\KERNEL32.DLL!RegQueryValueExW                                00007ffde1e33e20 7 bytes JMP 00007ffee01b0298
.text  C:\Windows\System32\igfxpers.exe[3560] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExW                                  00007ffde1ee39b0 7 bytes JMP 00007ffee01b0340
.text  C:\Windows\System32\igfxpers.exe[3560] C:\WINDOWS\system32\KERNEL32.DLL!RegDeleteValueW                                  00007ffde1ee3ef0 7 bytes JMP 00007ffee01b02d0
.text  C:\Windows\System32\igfxpers.exe[3560] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExA                                  00007ffde1ee3fe0 7 bytes JMP 00007ffee01b0308
.text  C:\Windows\System32\igfxpers.exe[3560] C:\WINDOWS\system32\KERNEL32.DLL!K32EnumProcessModulesEx                          00007ffde1f106c0 7 bytes JMP 00007ffee01b01f0
.text  C:\Windows\System32\igfxpers.exe[3560] C:\WINDOWS\system32\KERNEL32.DLL!K32GetMappedFileNameW                            00007ffde1f10730 7 bytes JMP 00007ffee01b0228

---- Threads - GMER 2.1 ----

Thread  C:\WINDOWS\system32\csrss.exe [732:764]                                                                                  fffff9600099f2d0
Thread  C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [5116:6824]                                              00007ffdd0fc3e0c
Thread  C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [5116:7096]                                              00007ffdcec9f5f8
Thread  C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [5116:5024]                                              00007ffdd0fc3e0c
Thread  C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [5116:7408]                                              00007ffdceb3bc60
Thread  C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [5116:5648]                                              00007ffdd0fc3e0c
Thread  C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [5116:7456]                                              00007ffdcec2cfb8
Thread  C:\WINDOWS\SysWOW64\msiexec.exe [6872:7108]                                                                              000000007e94392e
Thread  C:\WINDOWS\syswow64\wwahost.exe [4780:7384]                                                                              000000005fe250e0
Thread  C:\WINDOWS\syswow64\wwahost.exe [4780:7748]                                                                              00000000747e4ad0
Thread  C:\WINDOWS\syswow64\wwahost.exe [4780:496]                                                                              00000000747e5850

---- Disk sectors - GMER 2.1 ----

Disk    \Device\Harddisk0\DR0                                                                                                    unknown MBR code

---- EOF - GMER 2.1 ----
--- --- ---

M-K-D-B 24.05.2015 23:06
:hallo:


Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.


Bitte beachte folgende Hinweise:
  • Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.
  • Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
  • Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo. Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
  • Während der Bereinigung bitte nichts installieren oder deinstallieren, außer ich bitte dich darum!
  • Bitte beachten: Download bei filepony.de: So ladet Ihr unsere Tools richtig!
  • Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!


Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:
So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke aauf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

Danke für deine Mitarbeit!









Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument


Code:
start
CloseProcesses:
HKU\S-1-5-21-964893997-1847190727-3478051664-1002\...\CurrentVersion\Windows: [Load] C:\ProgramData\msqcmfnsm.exe <===== ATTENTION
HKU\S-1-5-21-964893997-1847190727-3478051664-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\CurrentVersion\Windows: [Load] C:\ProgramData\msqcmfnsm.exe <===== ATTENTION
C:\ProgramData\msqcmfnsm.exe
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
FF user.js: detected! => C:\Users\eva\AppData\Roaming\Mozilla\Firefox\Profiles\4qvbq2lp.default\user.js [2014-01-16]
RemoveProxy:
EmptyTemp:
end

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.








Schritt 2
  • Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
  • FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.







Bitte poste mit deiner nächsten Antwort
  • die Logdatei des FRST-Fix,
  • die beiden neuen Logdateien von FRST.

eva_mariee 24.05.2015 23:35
Log-files
 
Hier die gewünschten Files - nach dem 1. Schritt musste ich den PC neu starten und es kam mit dem Logfile noch eine andere Notepad-Meldung - ich werde sie auch posten:

Code:
Fix result of Farbar Recovery Scan Tool (x64) Version: 24-05-2015 01
Ran by eva at 2015-05-24 16:18:18 Run:1
Running from C:\Users\eva\Desktop
Loaded Profiles: eva &  (Available Profiles: eva)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CloseProcesses:
HKU\S-1-5-21-964893997-1847190727-3478051664-1002\...\CurrentVersion\Windows: [Load] C:\ProgramData\msqcmfnsm.exe <===== ATTENTION
HKU\S-1-5-21-964893997-1847190727-3478051664-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\CurrentVersion\Windows: [Load] C:\ProgramData\msqcmfnsm.exe <===== ATTENTION
C:\ProgramData\msqcmfnsm.exe
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
FF user.js: detected! => C:\Users\eva\AppData\Roaming\Mozilla\Firefox\Profiles\4qvbq2lp.default\user.js [2014-01-16]
RemoveProxy:
EmptyTemp:
end
     
*****************

Processes closed successfully.
HKU\S-1-5-21-964893997-1847190727-3478051664-1002\Software\Microsoft\Windows NT\CurrentVersion\Windows\\Load => value restored successfully
HKU\S-1-5-21-964893997-1847190727-3478051664-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows NT\CurrentVersion\Windows\\Load => value restored successfully
Could not move "C:\ProgramData\msqcmfnsm.exe" => Scheduled to move on reboot.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key Removed successfully
C:\Users\eva\AppData\Roaming\Mozilla\Firefox\Profiles\4qvbq2lp.default\user.js => Moved successfully.

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value Removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value Removed successfully
HKU\S-1-5-21-964893997-1847190727-3478051664-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value Removed successfully
HKU\S-1-5-21-964893997-1847190727-3478051664-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value Removed successfully
HKU\S-1-5-21-964893997-1847190727-3478051664-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value Removed successfully
HKU\S-1-5-21-964893997-1847190727-3478051664-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value Removed successfully


========= End of RemoveProxy: =========

EmptyTemp: => Removed 1.8 GB temporary data.

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-05-24 16:21:50)<=

C:\ProgramData\msqcmfnsm.exe => Is moved successfully

==== End of Fixlog 16:21:50 ====
Code:

[.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21787
Nun die Files von Schritt 2:

Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-05-2015 01
Ran by eva (administrator) on ULLI-PC on 24-05-2015 16:26:38
Running from C:\Users\eva\Desktop
Loaded Profiles: eva (Available Profiles: eva)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Windows\System32\DptfParticipantProcessorService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\Windows\System32\DptfPolicyConfigTDPService.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Projector\Epson USB Display V1.6\EMP_UDSA.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Diskeeper Corporation) C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe
(HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler64.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\WINDOWS\system32\DptfPolicyLpmServiceHelper.exe
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13192848 2012-08-20] (Realtek Semiconductor)
HKLM\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [107192 2012-08-24] (ASUS)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [2419512 2012-11-04] (Logitech, Inc.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-02-05] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe [3417984 2012-08-27] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [728312 2015-05-19] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-05-19] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-12] ()
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [443408 2013-09-09] (Research In Motion Limited)
HKLM-x32\...\Run: [mobilegeni daemon] => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [DBAgent] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [1533728 2015-02-13] (Seagate Technology LLC)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [EPSON_UD_START] => C:\Program Files (x86)\EPSON Projector\Epson USB Display V1.6\EMP_UD.exe [536168 2013-05-31] (SEIKO EPSON CORPORATION)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-964893997-1847190727-3478051664-1002\...\Run: [B497FBE558A0E8CF98F7051B1D4699A80CF8D4D0._service_run] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-05-13] (Google Inc.)
HKU\S-1-5-21-964893997-1847190727-3478051664-1002\...\Run: [Uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [127304 2015-02-13] (Seagate Technology LLC)
HKU\S-1-5-21-964893997-1847190727-3478051664-1002\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [25700400 2015-04-28] (Google)
HKU\S-1-5-21-964893997-1847190727-3478051664-1002\...\MountPoints2: {9fb8d0ea-fb3a-11e4-bed1-c4850836bb94} - "E:\EMP_UDSe.exe" /autorun
AppInit_DLLs: C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL => C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL File not found
AppInit_DLLs: , C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [175880 2015-04-08] (NVIDIA Corporation)
AppInit_DLLs: , C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [175880 2015-04-08] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [154256 2015-04-08] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk [2012-10-08]
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe (ASUSTeK Computer Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2012-12-30]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\eva\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk [2014-03-24]
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-964893997-1847190727-3478051664-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
HKU\S-1-5-21-964893997-1847190727-3478051664-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com
SearchScopes: HKU\S-1-5-21-964893997-1847190727-3478051664-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2013-05-06] (DivX, LLC)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-04-14] (Oracle Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2012-11-04] (Logitech, Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-04-14] (Oracle Corporation)
DPF: HKLM-x32 {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553571000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 216.230.147.90 216.230.128.3

FireFox:
========
FF ProfilePath: C:\Users\eva\AppData\Roaming\Mozilla\Firefox\Profiles\4qvbq2lp.default
FF SelectedSearchEngine:
FF Homepage: hxxp://www.portal.at/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll [2014-12-12] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll [2014-12-12] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll [2013-05-06] (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2013-04-02] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-04-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-04-14] (Oracle Corporation)
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2013-11-06] ()
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll [2012-12-03] (RocketLife, LLP)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Extension: anonymoX - C:\Users\eva\AppData\Roaming\Mozilla\Firefox\Profiles\4qvbq2lp.default\Extensions\client@anonymox.net.xpi [2013-06-25]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2012-12-30]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &video& - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-06-24]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [not found]

Chrome:
=======
CHR Profile: C:\Users\eva\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-24]
CHR Extension: (Google Drive) - C:\Users\eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-24]
CHR Extension: (YouTube) - C:\Users\eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-24]
CHR Extension: (GeoGebra) - C:\Users\eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnbaboaihhkjoaolfnfoablhllahjnee [2015-04-08]
CHR Extension: (Google Search) - C:\Users\eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-24]
CHR Extension: (Logitech SetPoint) - C:\Users\eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd [2014-08-24]
CHR Extension: (Bookmark Manager) - C:\Users\eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-21]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-16]
CHR Extension: (Google Wallet) - C:\Users\eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-24]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2014-08-24]
CHR Extension: (Bitdefender QuickScan) - C:\Users\eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie [2014-12-11]
CHR Extension: (Gmail) - C:\Users\eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-24]
CHR HKU\S-1-5-21-964893997-1847190727-3478051664-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [edaibbiobngpbmeonadpbfafbkimjbdd] - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx [2012-12-30]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-05-06]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [827640 2015-05-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-05-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-05-19] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1185584 2015-05-19] (Avira Operations GmbH & Co. KG)
R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)
R3 BlackBerry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [585728 2013-09-09] (Research In Motion Limited) []
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
R2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [29056 2012-07-30] ()
R2 DptfPolicyConfigTDPService; C:\Windows\system32\DptfPolicyConfigTDPService.exe [30592 2012-07-30] ()
R2 EMP_UDSA; C:\Program Files (x86)\EPSON Projector\Epson USB Display V1.6\EMP_UDSA.exe [157696 2013-05-31] (SEIKO EPSON CORPORATION) []
R2 ExpressCache; C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [79664 2012-03-30] (Diskeeper Corporation)
R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [145920 2010-10-25] (HP) []
R2 HPSIService; C:\Windows\system32\HPSIsvc.exe [120832 2011-08-04] (HP) []
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) []
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-09-18] (Intel Corporation)
R2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [193576 2012-07-30] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] ()
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2013-11-14] (Hewlett-Packard) []
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-02-05] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16941856 2014-02-05] (NVIDIA Corporation)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2013-11-14] (Hewlett-Packard) []
R2 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16216 2015-02-13] (Seagate Technology LLC)
R2 Seagate MobileBackup Service; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [157992 2015-02-13] (Seagate Technology LLC)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation)
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [61824 2012-10-31] (ASUS Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [152744 2015-05-19] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132120 2015-05-19] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-11-26] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43576 2015-03-10] (Avira Operations GmbH & Co. KG)
S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [111104 2015-01-15] (ASIX Electronics Corp.)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-07-22] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1390904 2013-09-05] (Motorola Solutions, Inc.)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-09-25] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-09-25] (Windows (R) Win 7 DDK provider)
R3 DptfDevDram; C:\Windows\system32\DRIVERS\DptfDevDram.sys [107328 2012-07-13] (Intel Corporation)
R3 DptfDevFan; C:\Windows\system32\DRIVERS\DptfDevFan.sys [42816 2012-07-13] (Intel Corporation)
R3 DptfDevGen; C:\Windows\system32\DRIVERS\DptfDevGen.sys [64832 2012-07-13] (Intel Corporation)
R3 DptfDevPch; C:\Windows\system32\DRIVERS\DptfDevPch.sys [96064 2012-07-13] (Intel Corporation)
R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [228672 2012-07-13] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [361792 2012-07-13] (Intel Corporation)
R3 eppvad_simple; C:\Windows\system32\drivers\EMP_UDAU.sys [23040 2013-05-31] (SEIKO EPSON CORPORATION)
R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [23344 2012-03-30] (Diskeeper Corporation)
R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [95024 2012-03-30] (Diskeeper Corporation)
R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2012-07-30] (Intel Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-01] ( )
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\Netwew00.sys [3345376 2013-10-08] (Intel Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [79872 2013-06-27] (Research In Motion Limited)
R3 RimVSerPort; C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
R3 SensorsAlsDriver; C:\Windows\System32\drivers\WUDFRd.sys [226304 2014-10-28] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
S3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188384 2012-08-09] (Windows (R) Win 7 DDK provider)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-24 14:43 - 2015-05-24 14:43 - 00009119 _____ () C:\Users\eva\Desktop\Gmer.txt
2015-05-24 14:36 - 2015-05-24 14:36 - 00380416 _____ () C:\Users\eva\Desktop\Gmer-19357.exe
2015-05-24 14:25 - 2015-05-24 16:26 - 00029316 _____ () C:\Users\eva\Desktop\FRST.txt
2015-05-24 14:25 - 2015-05-24 14:26 - 00046604 _____ () C:\Users\eva\Desktop\Addition.txt
2015-05-24 14:24 - 2015-05-24 16:26 - 00000000 ____D () C:\FRST
2015-05-24 14:23 - 2015-05-24 14:23 - 02108416 _____ (Farbar) C:\Users\eva\Desktop\FRST64.exe
2015-05-24 14:21 - 2015-05-24 14:21 - 00000468 _____ () C:\Users\eva\Desktop\defogger_disable.log
2015-05-24 14:21 - 2015-05-24 14:21 - 00000000 _____ () C:\Users\eva\defogger_reenable
2015-05-24 14:19 - 2015-05-24 14:19 - 00050477 _____ () C:\Users\eva\Desktop\Defogger.exe
2015-05-24 13:14 - 2015-05-24 13:15 - 00003342 ____N () C:\Users\eva\Desktop\ShortcutVirusRemover.bat
2015-05-24 13:01 - 2015-05-24 13:25 - 00000094 ____N () C:\Users\eva\Desktop\removevirus.bat
2015-05-24 09:08 - 2015-05-24 09:08 - 00000320 _____ () C:\WINDOWS\SysWOW64\win_hcleaner.ini
2015-05-24 09:07 - 2015-05-24 09:07 - 00706893 ____N () C:\Users\eva\Desktop\HFV.exe
2015-05-23 23:09 - 2015-05-23 23:09 - 00003700 ____N () C:\WINDOWS\System32\Tasks\eva Merge
2015-05-23 23:09 - 2015-05-23 23:09 - 00003684 ____N () C:\WINDOWS\System32\Tasks\eva
2015-05-23 23:06 - 2015-05-23 23:06 - 00000000 ____D () C:\WINDOWS\LastGood
2015-05-22 07:03 - 2015-05-22 07:03 - 00000000 ____D () C:\Users\Public\Documents\Hewlett-Packard
2015-05-22 07:01 - 2015-05-22 07:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Projector
2015-05-22 07:01 - 2015-05-22 07:01 - 00000000 ____D () C:\Program Files (x86)\EPSON Projector
2015-05-22 07:01 - 2013-05-31 16:33 - 00023040 ____N (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\Drivers\EMP_UDAU.sys
2015-05-22 06:55 - 2015-05-22 06:55 - 00000000 ____N () C:\WINDOWS\system32\Drivers\Msft_Kernel_ax88772_01011.Wdf
2015-05-18 17:43 - 2015-05-18 17:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macromedia
2015-05-18 17:43 - 2015-05-18 17:43 - 00000000 ____D () C:\ProgramData\Macromedia
2015-05-18 17:43 - 2015-05-18 17:43 - 00000000 ____D () C:\Program Files (x86)\Macromedia
2015-05-18 17:41 - 2015-05-18 17:41 - 00000000 ____D () C:\WINDOWS\Downloaded Installations
2015-05-18 17:39 - 2015-05-18 17:56 - 00000000 ____D () C:\Users\eva\Desktop\Macromedia 8
2015-05-16 19:05 - 2015-05-16 19:05 - 00000000 ____D () C:\Users\eva\Documents\ASUS
2015-05-16 19:05 - 2015-05-16 19:05 - 00000000 ____D () C:\ProgramData\ASUS
2015-05-09 13:08 - 2015-05-09 13:08 - 00000000 ____D () C:\Users\Default\AppData\Local\Google
2015-05-09 13:08 - 2015-05-09 13:08 - 00000000 ____D () C:\Users\Default User\AppData\Local\Google

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-24 16:24 - 2015-04-08 18:41 - 00000000 ___RD () C:\Users\eva\Google Drive
2015-05-24 16:22 - 2014-01-14 05:26 - 00000000 ___DO () C:\Users\eva\SkyDrive
2015-05-24 16:21 - 2013-05-28 20:06 - 00000918 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-24 16:20 - 2013-08-22 08:46 - 00389089 _____ () C:\WINDOWS\setupact.log
2015-05-24 16:19 - 2013-08-22 08:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-05-24 16:19 - 2013-08-22 07:25 - 01048576 _____ () C:\WINDOWS\system32\config\BBI
2015-05-24 16:12 - 2013-05-28 20:06 - 00000922 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-24 16:02 - 2012-12-30 13:46 - 00000350 _____ () C:\WINDOWS\Tasks\HP Photo Creations Communicator.job
2015-05-24 16:00 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-05-24 15:58 - 2014-01-14 01:43 - 01606609 _____ () C:\WINDOWS\WindowsUpdate.log
2015-05-24 15:37 - 2013-11-14 01:28 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-05-24 15:13 - 2013-02-27 17:18 - 00000000 ____D () C:\Users\eva\AppData\Local\Paint.NET
2015-05-24 15:11 - 2015-02-10 19:43 - 00000000 ____D () C:\Users\eva\Desktop\div_sticks
2015-05-24 14:21 - 2014-01-14 01:48 - 00000000 ____D () C:\Users\eva
2015-05-24 11:46 - 2012-12-15 19:29 - 00003598 ____N () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-964893997-1847190727-3478051664-1002
2015-05-24 10:16 - 2014-08-26 06:54 - 00136408 ____N (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-05-23 23:08 - 2015-01-16 14:49 - 00003480 ____N () C:\WINDOWS\System32\Tasks\eva DBAgent 2 0
2015-05-23 23:05 - 2015-04-19 08:47 - 00000000 ____D () C:\WINDOWS\SysWOW64\NV
2015-05-23 23:05 - 2015-04-19 08:47 - 00000000 ____D () C:\WINDOWS\system32\NV
2015-05-23 23:05 - 2013-11-14 01:20 - 00236396 _____ () C:\WINDOWS\PFRO.log
2015-05-23 23:05 - 2013-08-22 08:44 - 00492528 ____N () C:\WINDOWS\system32\FNTCACHE.DAT
2015-05-23 20:50 - 2014-08-26 06:54 - 00001116 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-23 20:50 - 2014-08-26 06:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-23 20:50 - 2014-08-26 06:53 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-23 19:47 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-05-23 17:10 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-05-22 06:54 - 2015-04-19 08:45 - 00000000 ____D () C:\WINDOWS\LastGood.Tmp
2015-05-21 20:34 - 2012-08-04 19:42 - 03497316 _____ () C:\WINDOWS\AsDebug.log
2015-05-21 20:34 - 2012-08-04 19:42 - 00573596 _____ () C:\WINDOWS\AsCDProc.log
2015-05-21 19:47 - 2013-01-07 21:43 - 00123256 ____N () C:\Users\eva\AppData\Local\GDIPFONTCACHEV1.DAT
2015-05-20 18:40 - 2013-05-15 06:40 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-19 15:49 - 2014-04-01 07:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-05-19 15:47 - 2013-03-31 10:07 - 00152744 ____N (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2015-05-19 15:47 - 2013-03-31 10:07 - 00132120 ____N (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2015-05-18 17:50 - 2012-12-15 20:00 - 00000000 ____D () C:\Users\eva\AppData\Roaming\Macromedia
2015-05-17 20:07 - 2013-05-28 20:06 - 00003894 ____N () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-17 20:07 - 2013-05-28 20:06 - 00003658 ____N () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-17 17:32 - 2013-01-09 20:43 - 00000000 ____D () C:\Users\Public\Documents\Personalvertretung
2015-05-16 19:05 - 2012-12-15 19:19 - 00000000 ____D () C:\Users\eva\AppData\Local\ASUS
2015-05-09 13:09 - 2015-04-08 18:39 - 00002060 _____ () C:\Users\Public\Desktop\Google Slides.lnk
2015-05-09 13:09 - 2015-04-08 18:39 - 00002058 _____ () C:\Users\Public\Desktop\Google Sheets.lnk
2015-05-09 13:09 - 2015-04-08 18:39 - 00002048 _____ () C:\Users\Public\Desktop\Google Docs.lnk
2015-05-09 13:09 - 2015-04-08 18:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-05-06 14:07 - 2015-02-02 14:07 - 00000338 _____ () C:\WINDOWS\Tasks\SuperEasyDriverUpdater_UPDATES.job
2015-05-03 19:39 - 2012-12-30 11:25 - 00000000 ____D () C:\Users\eva\AppData\Roaming\HpUpdate

==================== Files in the root of some directories =======

2013-01-02 20:14 - 2013-01-02 20:14 - 0000021 ____N () C:\Users\eva\AppData\Roaming\my_intel.sys
2013-09-06 20:07 - 2014-06-02 11:21 - 0001001 ____N () C:\Users\eva\AppData\Roaming\Rim.Desktop.Exception.log
2013-09-06 20:06 - 2013-09-06 20:06 - 0001092 ____N () C:\Users\eva\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2013-09-06 20:07 - 2014-06-02 11:21 - 0001001 ____N () C:\Users\eva\AppData\Roaming\Rim.DesktopHelper.Exception.log
2012-12-15 19:22 - 2015-04-05 15:20 - 0000401 ____N () C:\Users\eva\AppData\Roaming\sp_data.sys
2014-10-04 23:41 - 2014-10-04 23:41 - 0004634 ____N () C:\Users\eva\AppData\Local\recently-used.xbel
2012-12-30 13:37 - 2014-09-23 20:10 - 0005807 _____ () C:\ProgramData\hpzinstall.log
2012-08-04 19:42 - 2012-07-30 00:03 - 0000217 _____ () C:\ProgramData\SetStretch.cmd
2012-08-04 19:42 - 2009-07-22 04:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe

Files to move or delete:
====================
C:\ProgramData\SetStretch.exe


Some files in TEMP:
====================
C:\Users\eva\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-23 23:56

==================== End of log ============================
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-05-2015 01
Ran by eva at 2015-05-24 16:27:17
Running from C:\Users\eva\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-964893997-1847190727-3478051664-500 - Administrator - Disabled)
eva (S-1-5-21-964893997-1847190727-3478051664-1002 - Administrator - Enabled) => C:\Users\eva
Guest (S-1-5-21-964893997-1847190727-3478051664-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 16.2.1 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS Instant Connect (HKLM-x32\...\{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}) (Version: 1.2.8 - ASUS)
ASUS InstantOn (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 3.0.2 - ASUS)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.1.5 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.8 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 2.0.4 - ASUS)
ASUS Screen Saver (HKLM\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.1 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 1.0.35 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.03.0004 - ASUS)
ASUS Tutor (HKLM-x32\...\{58172D66-2F69-4215-9AEC-ED8196023736}) (Version: 1.0.6 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.4 - ASUS)
ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.9.120 - ASUS Cloud Corporation)
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.10.168 - ASUSTEK)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0022 - ASUS)
Avira (HKLM-x32\...\{b5675cc4-ab8b-4945-8c1d-4c5479556d6a}) (Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.10.434 - Avira Operations GmbH & Co. KG)
BlackBerry Desktop Software 7.1 (HKLM-x32\...\BlackBerry_Desktop) (Version: 7.1.0.41 - Research in Motion Ltd.)
BlackBerry Desktop Software 7.1 (x32 Version: 7.1.0.41 - Research in Motion Ltd.) Hidden
BlackBerry Device Software Updater (HKLM-x32\...\{334147DC-B3C8-4626-A985-4AEA8A36DAB6}) (Version: 8.0.0.41 - Research In Motion Ltd)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
CoffeeCup Free HTML Editor (HKU\S-1-5-21-964893997-1847190727-3478051664-1002\...\CoffeeCup Free HTML Editor) (Version:  - )
D110 (x32 Version: 140.0.353.000 - Hewlett-Packard) Hidden
Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.44 - DivX, LLC)
Epson USB Display (HKLM-x32\...\{7650F538-6274-44EA-8F50-843479073333}) (Version: 1.62.000 - SEIKO EPSON CORPORATION)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ExpressCache (HKLM\...\{2EBEFDA8-F905-4C39-AC1C-D5ABE7B3E0AE}) (Version: 1.0.86 - Diskeeper Corporation)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
GeoGebra (HKLM-x32\...\GeoGebra) (Version: 4.0.30.0 - International GeoGebra Institute)
GIMP 2.8.2 (HKLM\...\GIMP-2_is1) (Version: 2.8.2 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.65 - Google Inc.)
Google Drive (HKLM-x32\...\{35574F09-89F9-4B16-B69B-64F3E25901B8}) (Version: 1.21.9226.6034 - Google, Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP LaserJet Professional CP1020 Series (HKLM-x32\...\{F2918DE9-8F79-44c8-85D8-CAD1245B95D3}) (Version:  - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.12412 - HP Photo Creations Powered by RocketLife)
HP Photosmart D110 All-In-One Driver Software 14.0 Rel. 6 (HKLM\...\{A5E2418D-B360-419D-AAAD-0D8F2E98FBF6}) (Version: 14.0 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPAppStudio (x32 Version: 140.0.95.000 - Hewlett-Packard) Hidden
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPLaserJetHelp_LearnCenter (HKLM-x32\...\{66012C7F-D4FD-4C8D-8FBA-D0A680B1C149}) (Version: 1.02.0000 - Hewlett-Packard)
HPLJUT (x32 Version: 1.00.0012 - HP) Hidden
hppCP1020LaserJetService (x32 Version: 001.008.00477 - Hewlett-Packard) Hidden
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
hppLaserJetService (x32 Version: 002.015.00599 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 6.0.5.1080 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{302600C1-6BDF-4FD1-1309-148929CC1385}) (Version: 3.1.1309.0390 - Intel Corporation)
Intel(R) Rapid Start Technology (HKLM-x32\...\3D073343-CEEB-4ce7-85AC-A69A7631B5D6) (Version: 2.1.0.1002 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel(R) Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{EDBA2433-0910-4C72-8C5B-8FEDAE3EF18E}) (Version: 3.5.34.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{c9967fbd-e3c3-4ed0-992a-5b33260f2944}) (Version: 16.1.5 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version:  - )
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.550 - Oracle)
Logitech SetPoint 6.51 (HKLM\...\sp6) (Version: 6.51.8 - Logitech)
Macromedia Dreamweaver 8 (HKLM-x32\...\{0837A661-FEC3-48B3-876C-91E7D32048A9}) (Version: 8.0.0.2734 - Macromedia)
Macromedia Extension Manager (HKLM-x32\...\{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}) (Version: 1.7.240 - Macromedia, Inc.)
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme (HKLM-x32\...\{90120000-00B2-0407-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Network64 (Version: 140.0.306.000 - Hewlett-Packard) Hidden
Nur Entfernen der CopyTrans Suite möglich (HKU\S-1-5-21-964893997-1847190727-3478051664-1002\...\CopyTrans Suite) (Version: 2.37 - WindSolutions)
NVIDIA GeForce Experience 1.8.2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.2.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 350.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 350.12 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0324 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0324 - NVIDIA Corporation)
NVIDIA Virtual Audio 1.2.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.20 - NVIDIA Corporation)
Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}) (Version: 3.60.0 - dotPDN LLC)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PS_AIO_07_D110_SW_Min (x32 Version: 140.0.365.000 - Hewlett-Packard) Hidden
QuickTransfer (x32 Version: 140.0.98.000 - Hewlett-Packard) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6710 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
Seagate Dashboard (HKLM-x32\...\{EA266F00-A8E7-43A0-8DED-FBFE3F076934}) (Version: 4.0.1902.0 - Seagate)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SHIELD Streaming (Version: 1.7.321 - NVIDIA Corporation) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
Sublime Text 2.0.2 (HKLM\...\Sublime Text 2_is1) (Version:  - )
SUPER © Version 2010.bld.37 (Jan 2, 2010) (HKLM-x32\...\SUPER ©) (Version: Version 2010.bld.37 (Jan 2, 2010) - eRightSoft)
TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.30992 - TeamViewer)
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
Windows Driver Package - ASUS (ATP) Mouse  (10/29/2012 1.0.0.148) (HKLM\...\C01F56FBD9B141017E63E2A1A141E59934D4DC67) (Version: 10/29/2012 1.0.0.148 - ASUS)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.1 - ASUS)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

04-05-2015 20:11:22 Scheduled Checkpoint
13-05-2015 17:43:42 Scheduled Checkpoint
18-05-2015 17:43:07 Installed Macromedia Dreamweaver 8

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 07:25 - 2013-08-22 07:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {023417BE-10B3-4661-BD22-B8CF42195E3C} - System32\Tasks\{AB276CEB-C1A2-4370-99E9-903C8E7626F1} => Chrome.exe hxxp://ui.skype.com/ui/0/7.0.0.102/en/abandoninstall?page=tsMain
Task: {036BBF42-E7E6-4608-A51C-2BFD0973F31F} - System32\Tasks\Seagate_Install_Launch => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe [2015-02-13] (Seagate Technology LLC)
Task: {04D3D92E-0BDE-45CB-9121-030F9E2A28F6} - System32\Tasks\{0E7401C2-FC9C-41EB-8F4D-27299929021B} => pcalua.exe -a C:\Users\eva\AppData\Local\BeamriseUninstall\Bootstrapper{1.4BR2gpTP.100}.exe -c uninstall –slot=1 –bagKey=yikAakHwZJ8U
Task: {11F247F4-96AE-42BC-AC9C-D0EA67929A1C} - System32\Tasks\SuperEasyDriverUpdaterRunAtStartup => C:\Program Files (x86)\SuperEasy Software\Driver Updater\supereasydu.exe
Task: {18E683ED-5BC5-4276-AB05-6D1EB05A0B5F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {1D189FBA-F98A-4916-B000-CCE4E9337DCA} - System32\Tasks\ASUS Touchpad Launcher (x64) => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2012-10-31] (AsusTek)
Task: {23131080-1C79-41EA-8A08-0CDFFDB01746} - System32\Tasks\eva Merge => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2015-02-13] (Seagate Technology LLC)
Task: {245749BD-F7E4-4E88-9E8F-F8AD903DCEDD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-28] (Google Inc.)
Task: {35656B35-E85E-4C6A-9B8D-5EC52D675717} - System32\Tasks\eva => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2015-02-13] (Seagate Technology LLC)
Task: {42DBDD1E-4E71-4A40-B3E9-EA0FE0E7E87C} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {5634D503-D8D5-4A9F-8C32-6B892A801A72} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {5AE3412E-FE4F-4321-9757-2564CB7BB64B} - System32\Tasks\HPLJCustParticipation => C:\Program Files (x86)\HP\HPLJUT\HPLJUTSCH.exe [2010-09-22] (Hewlett Packard)
Task: {60F4703E-DEC6-415F-9332-D7F342331CE8} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {66ECB3A6-E689-424E-8C2A-A59EAADE18C6} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {706EF7A2-97FB-416C-A1DC-4FAB69D9C5CE} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\Communicator.exe [2012-12-30] ()
Task: {8876534E-C15B-4F96-991D-8D05A6ADDF35} - System32\Tasks\eva DBAgent 2 0 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [2015-02-13] (Seagate Technology LLC)
Task: {8B2368B4-6ABD-4F21-909D-A0996E083497} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-28] (Google Inc.)
Task: {8BCE6D0F-FFC3-4D84-87B2-DB3B19E62F7E} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-07-24] (ASUSTek Computer Inc.)
Task: {8FFF57FB-7441-4151-9599-D9BB58C58C95} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-23] (Microsoft Corporation)
Task: {98594AE4-B71D-45C6-9755-4CA12EFD2519} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {9BDDAB86-5729-4122-AE5B-209977814EDD} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {A72EB1D4-0D6B-497D-B8C7-A8C125929275} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {BC3C2220-EDBD-4A5F-814B-F6D3753B57DE} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {C41A826B-0CD1-4A6E-A06F-E8CE4A1D08E7} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-08-24] (ASUS)
Task: {CA563CBE-3913-4085-B26B-F7E803503895} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {CDC0FE9F-6CB9-4A2E-B92A-23840B25F391} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-07-25] (ASUSTeK Computer Inc.)
Task: {E419F02F-4791-4CFC-8C44-8E3B2236F936} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {E6BD8F1F-8383-4A8D-BF0A-FAE5F031BA8B} - System32\Tasks\SuperEasyDriverUpdater_UPDATES => C:\Program Files (x86)\SuperEasy Software\Driver Updater\supereasydu.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\Communicator.exe
Task: C:\WINDOWS\Tasks\SuperEasyDriverUpdater_UPDATES.job => C:\Program Files (x86)\SuperEasy Software\Driver Updater\supereasydu.exe

==================== Loaded Modules (Whitelisted) ==============

2014-01-14 01:43 - 2015-04-08 15:30 - 00116552 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-12-24 06:53 - 2012-12-24 06:53 - 00129024 ____N () C:\WINDOWS\System32\HPCP1020LM.DLL
2012-08-30 01:35 - 2012-07-30 05:26 - 00029056 ____N () C:\WINDOWS\system32\DptfParticipantProcessorService.exe
2012-08-30 01:35 - 2012-07-30 05:27 - 00030592 ____N () C:\WINDOWS\system32\DptfPolicyConfigTDPService.exe
2012-08-24 18:26 - 2012-08-24 18:26 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2012-11-04 11:42 - 2012-11-04 11:42 - 00071992 _____ () C:\Program Files\Logitech\SetPointP\WinRTProxy.DLL
2012-08-30 01:33 - 2012-08-15 11:52 - 00094208 ____N () C:\Windows\System32\IccLibDll_x64.dll
2014-07-31 12:16 - 2014-07-31 12:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-05-24 16:22 - 2015-05-24 16:22 - 00098816 _____ () C:\Users\eva\AppData\Local\Temp\_MEI51562\win32api.pyd
2015-05-24 16:22 - 2015-05-24 16:22 - 00110080 _____ () C:\Users\eva\AppData\Local\Temp\_MEI51562\pywintypes27.dll
2015-05-24 16:22 - 2015-05-24 16:22 - 00364544 _____ () C:\Users\eva\AppData\Local\Temp\_MEI51562\pythoncom27.dll
2015-05-24 16:22 - 2015-05-24 16:22 - 00045568 _____ () C:\Users\eva\AppData\Local\Temp\_MEI51562\_socket.pyd
2015-05-24 16:22 - 2015-05-24 16:22 - 01161216 _____ () C:\Users\eva\AppData\Local\Temp\_MEI51562\_ssl.pyd
2015-05-24 16:22 - 2015-05-24 16:22 - 00320512 _____ () C:\Users\eva\AppData\Local\Temp\_MEI51562\win32com.shell.shell.pyd
2015-05-24 16:22 - 2015-05-24 16:22 - 00713216 _____ () C:\Users\eva\AppData\Local\Temp\_MEI51562\_hashlib.pyd
2015-05-24 16:22 - 2015-05-24 16:22 - 01175040 _____ () C:\Users\eva\AppData\Local\Temp\_MEI51562\wx._core_.pyd
2015-05-24 16:22 - 2015-05-24 16:22 - 00805888 _____ () C:\Users\eva\AppData\Local\Temp\_MEI51562\wx._gdi_.pyd
2015-05-24 16:22 - 2015-05-24 16:22 - 00811008 _____ () C:\Users\eva\AppData\Local\Temp\_MEI51562\wx._windows_.pyd
2015-05-24 16:22 - 2015-05-24 16:22 - 01062400 _____ () C:\Users\eva\AppData\Local\Temp\_MEI51562\wx._controls_.pyd
2015-05-24 16:22 - 2015-05-24 16:22 - 00735232 _____ () C:\Users\eva\AppData\Local\Temp\_MEI51562\wx._misc_.pyd
2015-05-24 16:22 - 2015-05-24 16:22 - 00682496 _____ () C:\Users\eva\AppData\Local\Temp\_MEI51562\pysqlite2._sqlite.pyd
2015-05-24 16:22 - 2015-05-24 16:22 - 00128512 _____ () C:\Users\eva\AppData\Local\Temp\_MEI51562\_elementtree.pyd
2015-05-24 16:22 - 2015-05-24 16:22 - 00127488 _____ () C:\Users\eva\AppData\Local\Temp\_MEI51562\pyexpat.pyd
2015-05-24 16:22 - 2015-05-24 16:22 - 00087552 _____ () C:\Users\eva\AppData\Local\Temp\_MEI51562\_ctypes.pyd
2015-05-24 16:22 - 2015-05-24 16:22 - 00119808 _____ () C:\Users\eva\AppData\Local\Temp\_MEI51562\win32file.pyd
2015-05-24 16:22 - 2015-05-24 16:22 - 00108544 _____ () C:\Users\eva\AppData\Local\Temp\_MEI51562\win32security.pyd
2015-05-24 16:22 - 2015-05-24 16:22 - 00007168 _____ () C:\Users\eva\AppData\Local\Temp\_MEI51562\hashobjs_ext.pyd
2015-05-24 16:22 - 2015-05-24 16:22 - 00017408 _____ () C:\Users\eva\AppData\Local\Temp\_MEI51562\usb_ext.pyd
2015-05-24 16:22 - 2015-05-24 16:22 - 00167936 _____ () C:\Users\eva\AppData\Local\Temp\_MEI51562\win32gui.pyd
2015-05-24 16:22 - 2015-05-24 16:22 - 00018432 _____ () C:\Users\eva\AppData\Local\Temp\_MEI51562\win32event.pyd
2015-05-24 16:22 - 2015-05-24 16:22 - 00013824 _____ () C:\Users\eva\AppData\Local\Temp\_MEI51562\common.time34.pyd
2015-05-24 16:22 - 2015-05-24 16:22 - 00036864 _____ () C:\Users\eva\AppData\Local\Temp\_MEI51562\_psutil_windows.pyd
2015-05-24 16:22 - 2015-05-24 16:22 - 00038912 _____ () C:\Users\eva\AppData\Local\Temp\_MEI51562\win32inet.pyd
2015-05-24 16:22 - 2015-05-24 16:22 - 00011264 _____ () C:\Users\eva\AppData\Local\Temp\_MEI51562\win32crypt.pyd
2015-05-24 16:22 - 2015-05-24 16:22 - 00070656 _____ () C:\Users\eva\AppData\Local\Temp\_MEI51562\wx._html2.pyd
2015-05-24 16:22 - 2015-05-24 16:22 - 00027136 _____ () C:\Users\eva\AppData\Local\Temp\_MEI51562\_multiprocessing.pyd
2015-05-24 16:22 - 2015-05-24 16:22 - 00020480 _____ () C:\Users\eva\AppData\Local\Temp\_MEI51562\_yappi.pyd
2015-05-24 16:22 - 2015-05-24 16:22 - 00035840 _____ () C:\Users\eva\AppData\Local\Temp\_MEI51562\win32process.pyd
2015-05-24 16:22 - 2015-05-24 16:22 - 00686080 _____ () C:\Users\eva\AppData\Local\Temp\_MEI51562\unicodedata.pyd
2015-05-24 16:22 - 2015-05-24 16:22 - 00122368 _____ () C:\Users\eva\AppData\Local\Temp\_MEI51562\wx._wizard.pyd
2015-05-24 16:22 - 2015-05-24 16:22 - 00024064 _____ () C:\Users\eva\AppData\Local\Temp\_MEI51562\win32pipe.pyd
2015-05-24 16:22 - 2015-05-24 16:22 - 00010240 _____ () C:\Users\eva\AppData\Local\Temp\_MEI51562\select.pyd
2015-05-24 16:22 - 2015-05-24 16:22 - 00025600 _____ () C:\Users\eva\AppData\Local\Temp\_MEI51562\win32pdh.pyd
2015-05-24 16:22 - 2015-05-24 16:22 - 00525640 _____ () C:\Users\eva\AppData\Local\Temp\_MEI51562\windows._lib_cacheinvalidation.pyd
2015-05-24 16:22 - 2015-05-24 16:22 - 00017408 _____ () C:\Users\eva\AppData\Local\Temp\_MEI51562\win32profile.pyd
2015-05-24 16:22 - 2015-05-24 16:22 - 00022528 _____ () C:\Users\eva\AppData\Local\Temp\_MEI51562\win32ts.pyd
2015-05-24 16:22 - 2015-05-24 16:22 - 00078336 _____ () C:\Users\eva\AppData\Local\Temp\_MEI51562\wx._animate.pyd
2012-10-08 04:34 - 2012-06-25 11:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2015-05-22 12:14 - 2015-05-13 10:48 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.65\libglesv2.dll
2015-05-22 12:14 - 2015-05-13 10:48 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.65\libegl.dll
2015-05-22 12:14 - 2015-05-13 10:48 - 14982472 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.65\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\eva\SkyDrive:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-964893997-1847190727-3478051664-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\eva\Pictures\2013\Hawaii 0613\DSCN4234.JPG
DNS Servers: 216.230.147.90 - 216.230.128.3

==================== MSCONFIG/TASK MANAGER Error getting ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "AsusVibeLauncher.lnk"
HKLM\...\StartupApproved\Run: => "ACMON"
HKLM\...\StartupApproved\Run32: => "DivXMediaServer"
HKLM\...\StartupApproved\Run32: => "DivXUpdate"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "DBAgent"
HKU\S-1-5-21-964893997-1847190727-3478051664-1002\...\StartupApproved\StartupFolder: => "OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk"
HKU\S-1-5-21-964893997-1847190727-3478051664-1002\...\StartupApproved\Run: => "Uploader"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{D8DAD5D1-1F06-4852-BB73-7B4278961884}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{3EACD543-70F3-4831-8C2A-A380D71DDC7E}] => (Allow) LPort=4482
FirewallRules: [{9D23796F-42F7-4D51-A623-9ADB51FD7F94}] => (Allow) LPort=4482
FirewallRules: [{B50E7D48-D4A5-430C-BAA2-EA6E3548AEEE}] => (Allow) LPort=4481
FirewallRules: [{4EFF1B9B-0D5A-4DA5-9858-15F30BDECB06}] => (Allow) LPort=4481
FirewallRules: [{D1D4F05A-9B5E-4254-A67A-9EDBA99DD92B}] => (Allow) C:\Program Files (x86)\BlackBerry Desktop\Rim.Desktop.exe
FirewallRules: [{B3275FE2-402E-4974-9F15-DF7FBD9392C8}] => (Allow) C:\Program Files (x86)\BlackBerry Desktop\Rim.Desktop.exe
FirewallRules: [{EF2F7E10-DC3E-44DD-AC06-962107218977}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{7FB06B69-0145-457B-8515-95E4D7928483}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{8379195E-12BE-415A-9270-E058B0D1855C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{B160BA9B-350A-4FC2-8466-A11CC0A637C9}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{4E9632B1-8A9F-47E6-A4B7-022DC04B15B2}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{9762F22F-037D-4546-8872-0D88C5F935CE}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{D1D5CEDE-3A4C-45BA-AD94-52077F44A01D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{33A33B8C-30EF-4177-9261-35E4042FE61E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{EE3DB352-4315-4A5C-A829-00F796B30733}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{4331D622-2D3A-4EC7-B751-7331269EEEE8}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{57A47C89-72FC-46BD-BFDB-5A8564569EBB}] => (Allow) C:\Users\eva\AppData\Local\Beamrise\Application\31.0.1650.7639\services\windows-x86-skypekit.exe
FirewallRules: [{4CD96E01-16D9-4C23-87A8-B670171E6A56}] => (Allow) C:\Users\eva\AppData\Local\Beamrise\Application\31.0.1650.7639\services\windows-x86-skypekit.exe
FirewallRules: [{291BA644-B436-4523-AF44-22CB31EC0BAC}] => (Allow) C:\Users\eva\AppData\Local\Beamrise\Application\31.0.1650.7639\windows-x86-skypekit.exe
FirewallRules: [{5762DD5A-3C03-4DB4-B103-661F078C9601}] => (Allow) C:\Users\eva\AppData\Local\Beamrise\Application\31.0.1650.7639\windows-x86-skypekit.exe
FirewallRules: [{8065A733-1D14-4A1B-B773-C3DD2B511F97}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{3BEFD9F0-1099-47BC-A19D-4199F29A289A}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{CDF323BF-A11E-4503-A2B8-ED5296601115}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{6662D437-18BE-4DCA-96DF-5DAB086DD99A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{E2B64105-2A35-44FC-9946-5DEC1FB95B60}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{51EF41A7-BAB2-4ACE-80F3-7DDD43199D4E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{7A1A014E-F774-4294-8F84-CD9F4E21ACA4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{CDA3D6A8-9DC3-459D-AB67-F629FA6B2862}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{68685F20-7A9E-455A-9E43-07C7E29E042D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F82D61C3-001D-4360-85AF-AF4AA8FE604B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D2DA6547-A1CB-4607-A8D7-B23ABF94D077}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
FirewallRules: [{14DF9E15-01E9-4FEE-8070-5970F2696559}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
FirewallRules: [{7FDE5B33-7032-495B-B7B5-CDC1706EC7D3}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
FirewallRules: [{699861EE-6C4D-40DE-997F-F6C10787E2E0}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
FirewallRules: [{953C0655-4803-4F56-BD0E-6C3C913A0C80}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{1A6AED7F-F488-410A-8F4D-FA4A6FDBAC8C}] => (Allow) E:\Installer\hpbcsiInstaller.exe
FirewallRules: [{B361681B-84A6-4C81-9CC7-34AB4833A203}] => (Allow) E:\Installer\hpbcsiInstaller.exe
FirewallRules: [TCP Query User{396CA64A-FEE5-4575-B62D-39F8D5FFBBFF}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe
FirewallRules: [UDP Query User{2077040E-1322-4757-AA02-686BCE692B81}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe
FirewallRules: [{14E60836-010F-4724-88AD-13634D3F1C52}] => (Allow) LPort=8888
FirewallRules: [{445249C1-BBAC-4BA9-ACFA-3ADF41817C57}] => (Allow) LPort=8888
FirewallRules: [{42CA0C55-D77A-4BFA-9A3F-865326466217}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name: USB-IF xHCI USB Host Controller
Description: USB-IF xHCI USB Host Controller
Class Guid: {8a2edc79-c759-46f2-88af-9d4efe3b5eee}
Manufacturer: Intel Corporation
Service: XHCIPort
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Photosmart D110 series
Description: Photosmart D110 series
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Photosmart D110 series
Description: Photosmart D110 series
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Photosmart D110 series
Description: Photosmart D110 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: HP Color LaserJet CM2320nf MFP
Description: HP Color LaserJet CM2320nf MFP
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/24/2015 08:55:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: googledrivesync.exe, version: 1.21.9226.6034, time stamp: 0x509418e4
Faulting module name: ntdll.dll, version: 6.3.9600.17668, time stamp: 0x54c846bb
Exception code: 0xc0000005
Fault offset: 0x00041eee
Faulting process id: 0x1a6c
Faulting application start time: 0xgoogledrivesync.exe0
Faulting application path: googledrivesync.exe1
Faulting module path: googledrivesync.exe2
Report Id: googledrivesync.exe3
Faulting package full name: googledrivesync.exe4
Faulting package-relative application ID: googledrivesync.exe5

Error: (05/24/2015 08:55:35 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6500

Error: (05/24/2015 08:55:35 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6500

Error: (05/24/2015 08:55:35 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/24/2015 07:51:43 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rundll32.exe, version: 6.3.9600.17415, time stamp: 0x545045a2
Faulting module name: ntdll.dll, version: 6.3.9600.17668, time stamp: 0x54c846bb
Exception code: 0xc0000005
Fault offset: 0x00027fb3
Faulting process id: 0x1284
Faulting application start time: 0xrundll32.exe0
Faulting application path: rundll32.exe1
Faulting module path: rundll32.exe2
Report Id: rundll32.exe3
Faulting package full name: rundll32.exe4
Faulting package-relative application ID: rundll32.exe5

Error: (05/24/2015 05:39:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rundll32.exe, version: 6.3.9600.17415, time stamp: 0x545045a2
Faulting module name: ntdll.dll, version: 6.3.9600.17668, time stamp: 0x54c846bb
Exception code: 0xc0000005
Fault offset: 0x00027fb3
Faulting process id: 0x104c
Faulting application start time: 0xrundll32.exe0
Faulting application path: rundll32.exe1
Faulting module path: rundll32.exe2
Report Id: rundll32.exe3
Faulting package full name: rundll32.exe4
Faulting package-relative application ID: rundll32.exe5

Error: (05/24/2015 00:33:11 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3437

Error: (05/24/2015 00:33:11 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3437

Error: (05/24/2015 00:33:11 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/24/2015 00:33:10 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2328


System errors:
=============
Error: (05/24/2015 04:18:57 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\WINDOWS\System32\IWMSSvc.dll

Error: (05/24/2015 04:18:57 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\WINDOWS\System32\IWMSSvc.dll

Error: (05/24/2015 04:18:54 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\WINDOWS\System32\IWMSSvc.dll

Error: (05/24/2015 04:18:53 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
%%1056

Error: (05/24/2015 04:18:23 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Seagate MobileBackup Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (05/24/2015 04:18:23 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HP LaserJet Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (05/24/2015 04:18:23 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) PROSet/Wireless Event Log service terminated unexpectedly.  It has done this 1 time(s).

Error: (05/24/2015 04:18:23 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The BlackBerry Device Manager service terminated unexpectedly.  It has done this 1 time(s).

Error: (05/24/2015 04:18:23 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (05/24/2015 04:18:23 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) PROSet/Wireless Zero Configuration Service service terminated unexpectedly.  It has done this 1 time(s).


Microsoft Office:
=========================
Error: (09/07/2014 00:21:12 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6700.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3887 seconds with 3360 seconds of active time.  This session ended with a crash.

Error: (08/06/2014 06:52:46 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6700.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 5469 seconds with 2760 seconds of active time.  This session ended with a crash.

Error: (07/02/2014 07:05:54 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6690.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1546 seconds with 1320 seconds of active time.  This session ended with a crash.

Error: (01/27/2014 05:12:52 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 679 seconds with 660 seconds of active time.  This session ended with a crash.

Error: (08/25/2013 00:34:20 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 563 seconds with 420 seconds of active time.  This session ended with a crash.

Error: (05/20/2013 04:14:59 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1123 seconds with 360 seconds of active time.  This session ended with a crash.

Error: (04/19/2013 03:13:22 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 34 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (04/19/2013 03:12:32 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2672 seconds with 1200 seconds of active time.  This session ended with a crash.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-3517U CPU @ 1.90GHz
Percentage of memory in use: 49%
Total physical RAM: 6029.56 MB
Available physical RAM: 3061.96 MB
Total Pagefile: 7181.56 MB
Available Pagefile: 3878.09 MB
Total Virtual: 131072 MB
Available Virtual: 131071.81 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:185.96 GB) (Free:78.78 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (DATA) (Fixed) (Total:258.45 GB) (Free:258.33 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 4F359092)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 22.4 GB) (Disk ID: 41B54F21)

Partition: GPT Partition Type.

==================== End of log ============================

Ich hoffe, ich konnte die Schritte wie gewünscht umsetzten - und danke für die rasche Antwort!

M-K-D-B 24.05.2015 23:37
Servus,


werden Ordner immer noch als Shortcut angezeigt?



Schritt 1
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).






Schritt 2
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.







Schritt 3

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.







Schritt 4
  • Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
  • FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.






Bitte poste mit deiner nächsten Antwort
  • die Logdatei von AdwCleaner,
  • die Logdatei von MBAM,
  • die Logdatei von JRT,
  • die beiden neuen Logdateien von FRST.

eva_mariee 25.05.2015 00:55
Hallo,

ja, die Ordner werden immer noch so wie im untenstehenden Fotolink dargestellt:

https://plus.google.com/photos/115128392581057048821/albums/6152550836645109201

Nach einem der scans hat sich auch wieder avira antivirus selbst eingeschalten.

Hier die Logs:

Schritt 1:

AdwCleaner Logfile:
Code:
# AdwCleaner v4.205 - Logfile created 24/05/2015 at 16:52:23
# Updated 21/05/2015 by Xplode
# Database : 2015-05-24.1 [Server]
# Operating system : Windows 8.1  (x64)
# Username : eva - ULLI-PC
# Running from : C:\Users\eva\Desktop\AdwCleaner_4.205.exe
# Option : Cleaning

***** [ Services ] *****

[#] Service Deleted : DptfParticipantProcessorService
[#] Service Deleted : DptfPolicyConfigTDPService

***** [ Files / Folders ] *****

Folder Deleted : C:\rei
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\Program Files (x86)\Mobogenie
Folder Deleted : C:\Users\eva\AppData\Local\Beamrise
Folder Deleted : C:\Users\eva\AppData\Local\BeamriseUninstall
Folder Deleted : C:\Users\eva\AppData\Local\cool_mirage
Folder Deleted : C:\Users\eva\AppData\Local\genienext
Folder Deleted : C:\Users\eva\AppData\Local\Mobogenie
Folder Deleted : C:\Users\eva\AppData\LocalLow\Delta
Folder Deleted : C:\Users\eva\AppData\LocalLow\IminentToolbar
Folder Deleted : C:\Users\eva\AppData\Roaming\Babylon
Folder Deleted : C:\Users\eva\AppData\Roaming\SuperEasy Software
Folder Deleted : C:\Users\eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd
File Deleted : C:\END
File Deleted : C:\WINDOWS\Reimage.ini
File Deleted : C:\WINDOWS\System32\DptfParticipantProcessorService.exe
File Deleted : C:\WINDOWS\System32\DptfPolicyConfigTDPService.exe
File Deleted : C:\Users\eva\daemonprocess.txt
File Deleted : C:\Users\eva\AppData\Roaming\Mozilla\Firefox\Profiles\4qvbq2lp.default\invalidprefs.js

***** [ Scheduled tasks ] *****

Task Deleted : SuperEasyDriverUpdater_UPDATES

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Key Deleted : HKLM\SOFTWARE\5b55d888e769b845
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : HKCU\Software\BABSOLUTION
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\OCS
Key Deleted : HKCU\Software\SuperEasy Software
Key Deleted : HKCU\Software\Appscion
Key Deleted : HKLM\SOFTWARE\SuperEasy Software
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Key Deleted : [x64] HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar
Key Deleted : [x64] HKLM\SOFTWARE\Reimage
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Reimage Repair
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\en.softonic.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonic.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonic.de
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.softonic.de

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Mozilla Firefox v34.0.5 (x86 de)

[4qvbq2lp.default\prefs.js] - Line Deleted : user_pref("iminent.enabledAds", "false");

-\\ Google Chrome v43.0.2357.65


*************************

AdwCleaner[R0].txt - [12090 bytes] - [24/05/2015 16:50:27]
AdwCleaner[S0].txt - [11886 bytes] - [24/05/2015 16:52:23]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [11946  bytes] ##########

Schritt 2:

Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 24-May-15
Suchlauf-Zeit: 4:59:52 PM
Logdatei: mbam.txt
Administrator: Ja

Version: 2.01.6.1022
Malware Datenbank: v2015.05.24.03
Rootkit Datenbank: v2015.05.16.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: eva

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 380624
Verstrichene Zeit: 26 Min, 42 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente gefunden)

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 0
(Keine schädliche Elemente gefunden)

Registrierungswerte: 0
(Keine schädliche Elemente gefunden)

Registrierungsdaten: 0
(Keine schädliche Elemente gefunden)

Ordner: 0
(Keine schädliche Elemente gefunden)

Dateien: 0
(Keine schädliche Elemente gefunden)

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)
Schritt 3:

Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.7.9 (05.24.2015:1)
OS: Windows 8.1 x64
Ran by eva on 24-May-15 at 17:33:30.71
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks

Successfully deleted: [Task] C:\WINDOWS\system32\tasks\Optimize Start Menu Cache Files-S-1-5-21-964893997-1847190727-3478051664-1002
Successfully deleted: [Task] C:\WINDOWS\system32\tasks\SuperEasyDriverUpdaterRunAtStartup



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 24-May-15 at 17:35:52.85
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
und Schritt 4:

Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-05-2015 01
Ran by eva (administrator) on ULLI-PC on 24-05-2015 17:37:09
Running from C:\Users\eva\Desktop
Loaded Profiles: eva &  (Available Profiles: eva)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\WINDOWS\system32\DptfPolicyLpmServiceHelper.exe
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13192848 2012-08-20] (Realtek Semiconductor)
HKLM\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [107192 2012-08-24] (ASUS)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [2419512 2012-11-04] (Logitech, Inc.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-02-05] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe [3417984 2012-08-27] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [728312 2015-05-19] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-05-19] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-12] ()
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [443408 2013-09-09] (Research In Motion Limited)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [DBAgent] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [1533728 2015-02-13] (Seagate Technology LLC)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [EPSON_UD_START] => C:\Program Files (x86)\EPSON Projector\Epson USB Display V1.6\EMP_UD.exe [536168 2013-05-31] (SEIKO EPSON CORPORATION)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-964893997-1847190727-3478051664-1002\...\Run: [B497FBE558A0E8CF98F7051B1D4699A80CF8D4D0._service_run] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-05-13] (Google Inc.)
HKU\S-1-5-21-964893997-1847190727-3478051664-1002\...\Run: [Uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [127304 2015-02-13] (Seagate Technology LLC)
HKU\S-1-5-21-964893997-1847190727-3478051664-1002\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [25700400 2015-04-28] (Google)
HKU\S-1-5-21-964893997-1847190727-3478051664-1002\...\MountPoints2: {9fb8d0ea-fb3a-11e4-bed1-c4850836bb94} - "E:\EMP_UDSe.exe" /autorun
HKU\S-1-5-21-964893997-1847190727-3478051664-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [B497FBE558A0E8CF98F7051B1D4699A80CF8D4D0._service_run] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-05-13] (Google Inc.)
HKU\S-1-5-21-964893997-1847190727-3478051664-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [127304 2015-02-13] (Seagate Technology LLC)
HKU\S-1-5-21-964893997-1847190727-3478051664-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [25700400 2015-04-28] (Google)
HKU\S-1-5-21-964893997-1847190727-3478051664-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {9fb8d0ea-fb3a-11e4-bed1-c4850836bb94} - "E:\EMP_UDSe.exe" /autorun
AppInit_DLLs: C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL => C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL File not found
AppInit_DLLs: , C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [175880 2015-04-08] (NVIDIA Corporation)
AppInit_DLLs: , C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [175880 2015-04-08] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [154256 2015-04-08] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk [2012-10-08]
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe (ASUSTeK Computer Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2012-12-30]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\eva\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk [2014-03-24]
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-964893997-1847190727-3478051664-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
HKU\S-1-5-21-964893997-1847190727-3478051664-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com
HKU\S-1-5-21-964893997-1847190727-3478051664-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
HKU\S-1-5-21-964893997-1847190727-3478051664-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2013-05-06] (DivX, LLC)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-04-14] (Oracle Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2012-11-04] (Logitech, Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-04-14] (Oracle Corporation)
DPF: HKLM-x32 {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553571000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 216.230.147.90 216.230.128.3

FireFox:
========
FF ProfilePath: C:\Users\eva\AppData\Roaming\Mozilla\Firefox\Profiles\4qvbq2lp.default
FF SelectedSearchEngine:
FF Homepage: hxxp://www.portal.at/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll [2014-12-12] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll [2014-12-12] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll [2013-05-06] (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2013-04-02] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-04-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-04-14] (Oracle Corporation)
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2013-11-06] ()
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll [2012-12-03] (RocketLife, LLP)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Extension: anonymoX - C:\Users\eva\AppData\Roaming\Mozilla\Firefox\Profiles\4qvbq2lp.default\Extensions\client@anonymox.net.xpi [2013-06-25]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2012-12-30]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &video& - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-06-24]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [not found]

Chrome:
=======
CHR Profile: C:\Users\eva\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-24]
CHR Extension: (Google Drive) - C:\Users\eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-24]
CHR Extension: (YouTube) - C:\Users\eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-24]
CHR Extension: (GeoGebra) - C:\Users\eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnbaboaihhkjoaolfnfoablhllahjnee [2015-04-08]
CHR Extension: (Google Search) - C:\Users\eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-24]
CHR Extension: (Bookmark Manager) - C:\Users\eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-21]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-16]
CHR Extension: (Google Wallet) - C:\Users\eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-24]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2014-08-24]
CHR Extension: (Bitdefender QuickScan) - C:\Users\eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie [2014-12-11]
CHR Extension: (Gmail) - C:\Users\eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-24]
CHR HKU\S-1-5-21-964893997-1847190727-3478051664-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-964893997-1847190727-3478051664-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-05-06]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [827640 2015-05-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-05-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-05-19] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1185584 2015-05-19] (Avira Operations GmbH & Co. KG)
S2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)
S3 BlackBerry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [585728 2013-09-09] (Research In Motion Limited) []
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
S2 EMP_UDSA; C:\Program Files (x86)\EPSON Projector\Epson USB Display V1.6\EMP_UDSA.exe [157696 2013-05-31] (SEIKO EPSON CORPORATION) []
S2 ExpressCache; C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [79664 2012-03-30] (Diskeeper Corporation)
S2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [145920 2010-10-25] (HP) []
R2 HPSIService; C:\Windows\system32\HPSIsvc.exe [120832 2011-08-04] (HP) []
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) []
S2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
S2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-09-18] (Intel Corporation)
S2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [193576 2012-07-30] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] ()
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2013-11-14] (Hewlett-Packard) []
S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-02-05] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16941856 2014-02-05] (NVIDIA Corporation)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2013-11-14] (Hewlett-Packard) []
R2 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16216 2015-02-13] (Seagate Technology LLC)
S2 Seagate MobileBackup Service; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [157992 2015-02-13] (Seagate Technology LLC)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation)
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [61824 2012-10-31] (ASUS Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [152744 2015-05-19] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132120 2015-05-19] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-11-26] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43576 2015-03-10] (Avira Operations GmbH & Co. KG)
S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [111104 2015-01-15] (ASIX Electronics Corp.)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-07-22] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1390904 2013-09-05] (Motorola Solutions, Inc.)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-09-25] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-09-25] (Windows (R) Win 7 DDK provider)
R3 DptfDevDram; C:\Windows\system32\DRIVERS\DptfDevDram.sys [107328 2012-07-13] (Intel Corporation)
R3 DptfDevFan; C:\Windows\system32\DRIVERS\DptfDevFan.sys [42816 2012-07-13] (Intel Corporation)
R3 DptfDevGen; C:\Windows\system32\DRIVERS\DptfDevGen.sys [64832 2012-07-13] (Intel Corporation)
R3 DptfDevPch; C:\Windows\system32\DRIVERS\DptfDevPch.sys [96064 2012-07-13] (Intel Corporation)
R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [228672 2012-07-13] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [361792 2012-07-13] (Intel Corporation)
R3 eppvad_simple; C:\Windows\system32\drivers\EMP_UDAU.sys [23040 2013-05-31] (SEIKO EPSON CORPORATION)
R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [23344 2012-03-30] (Diskeeper Corporation)
R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [95024 2012-03-30] (Diskeeper Corporation)
R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2012-07-30] (Intel Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-01] ( )
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\Netwew00.sys [3345376 2013-10-08] (Intel Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [79872 2013-06-27] (Research In Motion Limited)
R3 RimVSerPort; C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
R3 SensorsAlsDriver; C:\Windows\System32\drivers\WUDFRd.sys [226304 2014-10-28] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
S3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188384 2012-08-09] (Windows (R) Win 7 DDK provider)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-24 17:35 - 2015-05-24 17:35 - 00000812 _____ () C:\Users\eva\Desktop\JRT.txt
2015-05-24 17:33 - 2015-05-24 17:33 - 00000207 _____ () C:\WINDOWS\tweaking.com-regbackup-ULLI-PC-Windows-8.1-(64-bit).dat
2015-05-24 17:33 - 2015-05-24 17:33 - 00000000 ____D () C:\RegBackup
2015-05-24 17:32 - 2015-05-24 17:32 - 00001197 _____ () C:\Users\eva\Desktop\mbam.txt
2015-05-24 16:49 - 2015-05-24 16:52 - 00000000 ____D () C:\AdwCleaner
2015-05-24 16:46 - 2015-05-24 16:47 - 02945770 _____ (Thisisu) C:\Users\eva\Desktop\JRT.exe
2015-05-24 16:40 - 2015-05-24 16:41 - 02222592 _____ () C:\Users\eva\Desktop\AdwCleaner_4.205.exe
2015-05-24 14:43 - 2015-05-24 14:43 - 00009119 _____ () C:\Users\eva\Desktop\Gmer.txt
2015-05-24 14:36 - 2015-05-24 14:36 - 00380416 _____ () C:\Users\eva\Desktop\Gmer-19357.exe
2015-05-24 14:25 - 2015-05-24 17:37 - 00025605 _____ () C:\Users\eva\Desktop\FRST.txt
2015-05-24 14:25 - 2015-05-24 16:27 - 00045522 _____ () C:\Users\eva\Desktop\Addition.txt
2015-05-24 14:24 - 2015-05-24 17:37 - 00000000 ____D () C:\FRST
2015-05-24 14:23 - 2015-05-24 14:23 - 02108416 _____ (Farbar) C:\Users\eva\Desktop\FRST64.exe
2015-05-24 14:21 - 2015-05-24 14:21 - 00000468 _____ () C:\Users\eva\Desktop\defogger_disable.log
2015-05-24 14:21 - 2015-05-24 14:21 - 00000000 _____ () C:\Users\eva\defogger_reenable
2015-05-24 14:19 - 2015-05-24 14:19 - 00050477 _____ () C:\Users\eva\Desktop\Defogger.exe
2015-05-24 13:14 - 2015-05-24 13:15 - 00003342 ____N () C:\Users\eva\Desktop\ShortcutVirusRemover.bat
2015-05-24 13:01 - 2015-05-24 13:25 - 00000094 ____N () C:\Users\eva\Desktop\removevirus.bat
2015-05-24 09:08 - 2015-05-24 09:08 - 00000320 _____ () C:\WINDOWS\SysWOW64\win_hcleaner.ini
2015-05-24 09:07 - 2015-05-24 09:07 - 00706893 ____N () C:\Users\eva\Desktop\HFV.exe
2015-05-23 23:09 - 2015-05-23 23:09 - 00003700 ____N () C:\WINDOWS\System32\Tasks\eva Merge
2015-05-23 23:09 - 2015-05-23 23:09 - 00003684 ____N () C:\WINDOWS\System32\Tasks\eva
2015-05-23 23:06 - 2015-05-23 23:06 - 00000000 ____D () C:\WINDOWS\LastGood
2015-05-22 07:03 - 2015-05-22 07:03 - 00000000 ____D () C:\Users\Public\Documents\Hewlett-Packard
2015-05-22 07:01 - 2015-05-22 07:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Projector
2015-05-22 07:01 - 2015-05-22 07:01 - 00000000 ____D () C:\Program Files (x86)\EPSON Projector
2015-05-22 07:01 - 2013-05-31 16:33 - 00023040 ____N (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\Drivers\EMP_UDAU.sys
2015-05-22 06:55 - 2015-05-22 06:55 - 00000000 ____N () C:\WINDOWS\system32\Drivers\Msft_Kernel_ax88772_01011.Wdf
2015-05-18 17:43 - 2015-05-18 17:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macromedia
2015-05-18 17:43 - 2015-05-18 17:43 - 00000000 ____D () C:\ProgramData\Macromedia
2015-05-18 17:43 - 2015-05-18 17:43 - 00000000 ____D () C:\Program Files (x86)\Macromedia
2015-05-18 17:41 - 2015-05-18 17:41 - 00000000 ____D () C:\WINDOWS\Downloaded Installations
2015-05-18 17:39 - 2015-05-18 17:56 - 00000000 ____D () C:\Users\eva\Desktop\Macromedia 8
2015-05-16 19:05 - 2015-05-16 19:05 - 00000000 ____D () C:\Users\eva\Documents\ASUS
2015-05-16 19:05 - 2015-05-16 19:05 - 00000000 ____D () C:\ProgramData\ASUS
2015-05-09 13:08 - 2015-05-09 13:08 - 00000000 ____D () C:\Users\Default\AppData\Local\Google
2015-05-09 13:08 - 2015-05-09 13:08 - 00000000 ____D () C:\Users\Default User\AppData\Local\Google

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-24 17:12 - 2013-05-28 20:06 - 00000922 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-24 17:02 - 2012-12-30 13:46 - 00000350 _____ () C:\WINDOWS\Tasks\HP Photo Creations Communicator.job
2015-05-24 17:00 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-05-24 16:59 - 2014-08-26 06:54 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-05-24 16:57 - 2014-08-26 06:54 - 00001116 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-24 16:57 - 2014-08-26 06:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-24 16:57 - 2014-08-26 06:53 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-24 16:56 - 2015-04-08 18:41 - 00000000 ___RD () C:\Users\eva\Google Drive
2015-05-24 16:56 - 2014-01-14 05:26 - 00000000 ___DO () C:\Users\eva\SkyDrive
2015-05-24 16:54 - 2013-08-22 08:46 - 00389320 _____ () C:\WINDOWS\setupact.log
2015-05-24 16:54 - 2013-05-28 20:06 - 00000918 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-24 16:53 - 2013-08-22 08:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-05-24 16:53 - 2013-08-22 07:25 - 01048576 _____ () C:\WINDOWS\system32\config\BBI
2015-05-24 16:52 - 2014-01-14 01:48 - 00000000 ____D () C:\Users\eva
2015-05-24 16:39 - 2014-01-14 01:43 - 01637023 _____ () C:\WINDOWS\WindowsUpdate.log
2015-05-24 15:37 - 2013-11-14 01:28 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-05-24 15:13 - 2013-02-27 17:18 - 00000000 ____D () C:\Users\eva\AppData\Local\Paint.NET
2015-05-24 15:11 - 2015-02-10 19:43 - 00000000 ____D () C:\Users\eva\Desktop\div_sticks
2015-05-23 23:08 - 2015-01-16 14:49 - 00003480 ____N () C:\WINDOWS\System32\Tasks\eva DBAgent 2 0
2015-05-23 23:05 - 2015-04-19 08:47 - 00000000 ____D () C:\WINDOWS\SysWOW64\NV
2015-05-23 23:05 - 2015-04-19 08:47 - 00000000 ____D () C:\WINDOWS\system32\NV
2015-05-23 23:05 - 2013-11-14 01:20 - 00236396 _____ () C:\WINDOWS\PFRO.log
2015-05-23 23:05 - 2013-08-22 08:44 - 00492528 ____N () C:\WINDOWS\system32\FNTCACHE.DAT
2015-05-23 19:47 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-05-23 17:10 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-05-22 06:54 - 2015-04-19 08:45 - 00000000 ____D () C:\WINDOWS\LastGood.Tmp
2015-05-21 20:34 - 2012-08-04 19:42 - 03497316 _____ () C:\WINDOWS\AsDebug.log
2015-05-21 20:34 - 2012-08-04 19:42 - 00573596 _____ () C:\WINDOWS\AsCDProc.log
2015-05-21 19:47 - 2013-01-07 21:43 - 00123256 ____N () C:\Users\eva\AppData\Local\GDIPFONTCACHEV1.DAT
2015-05-20 18:40 - 2013-05-15 06:40 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-19 15:49 - 2014-04-01 07:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-05-19 15:47 - 2013-03-31 10:07 - 00152744 ____N (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2015-05-19 15:47 - 2013-03-31 10:07 - 00132120 ____N (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2015-05-18 17:50 - 2012-12-15 20:00 - 00000000 ____D () C:\Users\eva\AppData\Roaming\Macromedia
2015-05-17 20:07 - 2013-05-28 20:06 - 00003894 ____N () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-17 20:07 - 2013-05-28 20:06 - 00003658 ____N () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-17 17:32 - 2013-01-09 20:43 - 00000000 ____D () C:\Users\Public\Documents\Personalvertretung
2015-05-16 19:05 - 2012-12-15 19:19 - 00000000 ____D () C:\Users\eva\AppData\Local\ASUS
2015-05-09 13:09 - 2015-04-08 18:39 - 00002060 _____ () C:\Users\Public\Desktop\Google Slides.lnk
2015-05-09 13:09 - 2015-04-08 18:39 - 00002058 _____ () C:\Users\Public\Desktop\Google Sheets.lnk
2015-05-09 13:09 - 2015-04-08 18:39 - 00002048 _____ () C:\Users\Public\Desktop\Google Docs.lnk
2015-05-09 13:09 - 2015-04-08 18:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-05-03 19:39 - 2012-12-30 11:25 - 00000000 ____D () C:\Users\eva\AppData\Roaming\HpUpdate

==================== Files in the root of some directories =======

2013-01-02 20:14 - 2013-01-02 20:14 - 0000021 ____N () C:\Users\eva\AppData\Roaming\my_intel.sys
2013-09-06 20:07 - 2014-06-02 11:21 - 0001001 ____N () C:\Users\eva\AppData\Roaming\Rim.Desktop.Exception.log
2013-09-06 20:06 - 2013-09-06 20:06 - 0001092 ____N () C:\Users\eva\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2013-09-06 20:07 - 2014-06-02 11:21 - 0001001 ____N () C:\Users\eva\AppData\Roaming\Rim.DesktopHelper.Exception.log
2012-12-15 19:22 - 2015-04-05 15:20 - 0000401 ____N () C:\Users\eva\AppData\Roaming\sp_data.sys
2014-10-04 23:41 - 2014-10-04 23:41 - 0004634 ____N () C:\Users\eva\AppData\Local\recently-used.xbel
2012-12-30 13:37 - 2014-09-23 20:10 - 0005807 _____ () C:\ProgramData\hpzinstall.log
2012-08-04 19:42 - 2012-07-30 00:03 - 0000217 _____ () C:\ProgramData\SetStretch.cmd
2012-08-04 19:42 - 2009-07-22 04:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe

Files to move or delete:
====================
C:\ProgramData\SetStretch.exe


Some files in TEMP:
====================
C:\Users\eva\AppData\Local\Temp\avgnt.exe
C:\Users\eva\AppData\Local\Temp\Quarantine.exe
C:\Users\eva\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-23 23:56

==================== End of log ============================
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-05-2015 01
Ran by eva at 2015-05-24 17:37:44
Running from C:\Users\eva\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-964893997-1847190727-3478051664-500 - Administrator - Disabled)
eva (S-1-5-21-964893997-1847190727-3478051664-1002 - Administrator - Enabled) => C:\Users\eva
Guest (S-1-5-21-964893997-1847190727-3478051664-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 16.2.1 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS Instant Connect (HKLM-x32\...\{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}) (Version: 1.2.8 - ASUS)
ASUS InstantOn (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 3.0.2 - ASUS)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.1.5 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.8 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 2.0.4 - ASUS)
ASUS Screen Saver (HKLM\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.1 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 1.0.35 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.03.0004 - ASUS)
ASUS Tutor (HKLM-x32\...\{58172D66-2F69-4215-9AEC-ED8196023736}) (Version: 1.0.6 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.4 - ASUS)
ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.9.120 - ASUS Cloud Corporation)
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.10.168 - ASUSTEK)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0022 - ASUS)
Avira (HKLM-x32\...\{b5675cc4-ab8b-4945-8c1d-4c5479556d6a}) (Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.10.434 - Avira Operations GmbH & Co. KG)
BlackBerry Desktop Software 7.1 (HKLM-x32\...\BlackBerry_Desktop) (Version: 7.1.0.41 - Research in Motion Ltd.)
BlackBerry Desktop Software 7.1 (x32 Version: 7.1.0.41 - Research in Motion Ltd.) Hidden
BlackBerry Device Software Updater (HKLM-x32\...\{334147DC-B3C8-4626-A985-4AEA8A36DAB6}) (Version: 8.0.0.41 - Research In Motion Ltd)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
CoffeeCup Free HTML Editor (HKU\S-1-5-21-964893997-1847190727-3478051664-1002\...\CoffeeCup Free HTML Editor) (Version:  - )
CoffeeCup Free HTML Editor (HKU\S-1-5-21-964893997-1847190727-3478051664-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\CoffeeCup Free HTML Editor) (Version:  - )
D110 (x32 Version: 140.0.353.000 - Hewlett-Packard) Hidden
Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.44 - DivX, LLC)
Epson USB Display (HKLM-x32\...\{7650F538-6274-44EA-8F50-843479073333}) (Version: 1.62.000 - SEIKO EPSON CORPORATION)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ExpressCache (HKLM\...\{2EBEFDA8-F905-4C39-AC1C-D5ABE7B3E0AE}) (Version: 1.0.86 - Diskeeper Corporation)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
GeoGebra (HKLM-x32\...\GeoGebra) (Version: 4.0.30.0 - International GeoGebra Institute)
GIMP 2.8.2 (HKLM\...\GIMP-2_is1) (Version: 2.8.2 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.65 - Google Inc.)
Google Drive (HKLM-x32\...\{35574F09-89F9-4B16-B69B-64F3E25901B8}) (Version: 1.21.9226.6034 - Google, Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP LaserJet Professional CP1020 Series (HKLM-x32\...\{F2918DE9-8F79-44c8-85D8-CAD1245B95D3}) (Version:  - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.12412 - HP Photo Creations Powered by RocketLife)
HP Photosmart D110 All-In-One Driver Software 14.0 Rel. 6 (HKLM\...\{A5E2418D-B360-419D-AAAD-0D8F2E98FBF6}) (Version: 14.0 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPAppStudio (x32 Version: 140.0.95.000 - Hewlett-Packard) Hidden
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPLaserJetHelp_LearnCenter (HKLM-x32\...\{66012C7F-D4FD-4C8D-8FBA-D0A680B1C149}) (Version: 1.02.0000 - Hewlett-Packard)
HPLJUT (x32 Version: 1.00.0012 - HP) Hidden
hppCP1020LaserJetService (x32 Version: 001.008.00477 - Hewlett-Packard) Hidden
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
hppLaserJetService (x32 Version: 002.015.00599 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 6.0.5.1080 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{302600C1-6BDF-4FD1-1309-148929CC1385}) (Version: 3.1.1309.0390 - Intel Corporation)
Intel(R) Rapid Start Technology (HKLM-x32\...\3D073343-CEEB-4ce7-85AC-A69A7631B5D6) (Version: 2.1.0.1002 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel(R) Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{EDBA2433-0910-4C72-8C5B-8FEDAE3EF18E}) (Version: 3.5.34.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{c9967fbd-e3c3-4ed0-992a-5b33260f2944}) (Version: 16.1.5 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version:  - )
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.550 - Oracle)
Logitech SetPoint 6.51 (HKLM\...\sp6) (Version: 6.51.8 - Logitech)
Macromedia Dreamweaver 8 (HKLM-x32\...\{0837A661-FEC3-48B3-876C-91E7D32048A9}) (Version: 8.0.0.2734 - Macromedia)
Macromedia Extension Manager (HKLM-x32\...\{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}) (Version: 1.7.240 - Macromedia, Inc.)
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme (HKLM-x32\...\{90120000-00B2-0407-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Network64 (Version: 140.0.306.000 - Hewlett-Packard) Hidden
Nur Entfernen der CopyTrans Suite möglich (HKU\S-1-5-21-964893997-1847190727-3478051664-1002\...\CopyTrans Suite) (Version: 2.37 - WindSolutions)
Nur Entfernen der CopyTrans Suite möglich (HKU\S-1-5-21-964893997-1847190727-3478051664-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\CopyTrans Suite) (Version: 2.37 - WindSolutions)
NVIDIA GeForce Experience 1.8.2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.2.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 350.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 350.12 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0324 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0324 - NVIDIA Corporation)
NVIDIA Virtual Audio 1.2.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.20 - NVIDIA Corporation)
Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}) (Version: 3.60.0 - dotPDN LLC)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PS_AIO_07_D110_SW_Min (x32 Version: 140.0.365.000 - Hewlett-Packard) Hidden
QuickTransfer (x32 Version: 140.0.98.000 - Hewlett-Packard) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6710 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
Seagate Dashboard (HKLM-x32\...\{EA266F00-A8E7-43A0-8DED-FBFE3F076934}) (Version: 4.0.1902.0 - Seagate)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SHIELD Streaming (Version: 1.7.321 - NVIDIA Corporation) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
Sublime Text 2.0.2 (HKLM\...\Sublime Text 2_is1) (Version:  - )
SUPER © Version 2010.bld.37 (Jan 2, 2010) (HKLM-x32\...\SUPER ©) (Version: Version 2010.bld.37 (Jan 2, 2010) - eRightSoft)
TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.30992 - TeamViewer)
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
Windows Driver Package - ASUS (ATP) Mouse  (10/29/2012 1.0.0.148) (HKLM\...\C01F56FBD9B141017E63E2A1A141E59934D4DC67) (Version: 10/29/2012 1.0.0.148 - ASUS)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.1 - ASUS)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

04-05-2015 20:11:22 Scheduled Checkpoint
13-05-2015 17:43:42 Scheduled Checkpoint
18-05-2015 17:43:07 Installed Macromedia Dreamweaver 8

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 07:25 - 2013-08-22 07:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {023417BE-10B3-4661-BD22-B8CF42195E3C} - System32\Tasks\{AB276CEB-C1A2-4370-99E9-903C8E7626F1} => Chrome.exe hxxp://ui.skype.com/ui/0/7.0.0.102/en/abandoninstall?page=tsMain
Task: {036BBF42-E7E6-4608-A51C-2BFD0973F31F} - System32\Tasks\Seagate_Install_Launch => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe [2015-02-13] (Seagate Technology LLC)
Task: {04D3D92E-0BDE-45CB-9121-030F9E2A28F6} - System32\Tasks\{0E7401C2-FC9C-41EB-8F4D-27299929021B} => pcalua.exe -a C:\Users\eva\AppData\Local\BeamriseUninstall\Bootstrapper{1.4BR2gpTP.100}.exe -c uninstall –slot=1 –bagKey=yikAakHwZJ8U
Task: {11F247F4-96AE-42BC-AC9C-D0EA67929A1C} - \SuperEasyDriverUpdaterRunAtStartup No Task File <==== ATTENTION
Task: {18E683ED-5BC5-4276-AB05-6D1EB05A0B5F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {1D189FBA-F98A-4916-B000-CCE4E9337DCA} - System32\Tasks\ASUS Touchpad Launcher (x64) => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2012-10-31] (AsusTek)
Task: {23131080-1C79-41EA-8A08-0CDFFDB01746} - System32\Tasks\eva Merge => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2015-02-13] (Seagate Technology LLC)
Task: {245749BD-F7E4-4E88-9E8F-F8AD903DCEDD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-28] (Google Inc.)
Task: {35656B35-E85E-4C6A-9B8D-5EC52D675717} - System32\Tasks\eva => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2015-02-13] (Seagate Technology LLC)
Task: {42DBDD1E-4E71-4A40-B3E9-EA0FE0E7E87C} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {5634D503-D8D5-4A9F-8C32-6B892A801A72} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {5AE3412E-FE4F-4321-9757-2564CB7BB64B} - System32\Tasks\HPLJCustParticipation => C:\Program Files (x86)\HP\HPLJUT\HPLJUTSCH.exe [2010-09-22] (Hewlett Packard)
Task: {60F4703E-DEC6-415F-9332-D7F342331CE8} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {66ECB3A6-E689-424E-8C2A-A59EAADE18C6} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {706EF7A2-97FB-416C-A1DC-4FAB69D9C5CE} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\Communicator.exe [2012-12-30] ()
Task: {8876534E-C15B-4F96-991D-8D05A6ADDF35} - System32\Tasks\eva DBAgent 2 0 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [2015-02-13] (Seagate Technology LLC)
Task: {8B2368B4-6ABD-4F21-909D-A0996E083497} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-28] (Google Inc.)
Task: {8BCE6D0F-FFC3-4D84-87B2-DB3B19E62F7E} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-07-24] (ASUSTek Computer Inc.)
Task: {8FFF57FB-7441-4151-9599-D9BB58C58C95} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-23] (Microsoft Corporation)
Task: {98594AE4-B71D-45C6-9755-4CA12EFD2519} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {9BDDAB86-5729-4122-AE5B-209977814EDD} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {A72EB1D4-0D6B-497D-B8C7-A8C125929275} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {BC3C2220-EDBD-4A5F-814B-F6D3753B57DE} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {C41A826B-0CD1-4A6E-A06F-E8CE4A1D08E7} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-08-24] (ASUS)
Task: {CA563CBE-3913-4085-B26B-F7E803503895} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {CDC0FE9F-6CB9-4A2E-B92A-23840B25F391} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-07-25] (ASUSTeK Computer Inc.)
Task: {E419F02F-4791-4CFC-8C44-8E3B2236F936} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {F5B24804-A0D0-462A-9B9E-ABADD3ECA290} - \Optimize Start Menu Cache Files-S-1-5-21-964893997-1847190727-3478051664-1002 No Task File <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\Communicator.exe

==================== Loaded Modules (Whitelisted) ==============

2012-12-24 06:53 - 2012-12-24 06:53 - 00129024 ____N () C:\WINDOWS\System32\HPCP1020LM.DLL
2014-07-31 12:16 - 2014-07-31 12:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-05-22 12:14 - 2015-05-13 10:48 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.65\libglesv2.dll
2015-05-22 12:14 - 2015-05-13 10:48 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.65\libegl.dll
2015-05-22 12:14 - 2015-05-13 10:48 - 14982472 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.65\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\eva\SkyDrive:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-964893997-1847190727-3478051664-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\eva\Pictures\2013\Hawaii 0613\DSCN4234.JPG
HKU\S-1-5-21-964893997-1847190727-3478051664-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\eva\Pictures\2013\Hawaii 0613\DSCN4234.JPG
DNS Servers: 216.230.147.90 - 216.230.128.3

==================== MSCONFIG/TASK MANAGER Error getting ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "AsusVibeLauncher.lnk"
HKLM\...\StartupApproved\Run: => "ACMON"
HKLM\...\StartupApproved\Run32: => "DivXMediaServer"
HKLM\...\StartupApproved\Run32: => "DivXUpdate"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "DBAgent"
HKU\S-1-5-21-964893997-1847190727-3478051664-1002\...\StartupApproved\StartupFolder: => "OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk"
HKU\S-1-5-21-964893997-1847190727-3478051664-1002\...\StartupApproved\Run: => "Uploader"
HKU\S-1-5-21-964893997-1847190727-3478051664-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\StartupFolder: => "OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk"
HKU\S-1-5-21-964893997-1847190727-3478051664-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "Uploader"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{D8DAD5D1-1F06-4852-BB73-7B4278961884}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{3EACD543-70F3-4831-8C2A-A380D71DDC7E}] => (Allow) LPort=4482
FirewallRules: [{9D23796F-42F7-4D51-A623-9ADB51FD7F94}] => (Allow) LPort=4482
FirewallRules: [{B50E7D48-D4A5-430C-BAA2-EA6E3548AEEE}] => (Allow) LPort=4481
FirewallRules: [{4EFF1B9B-0D5A-4DA5-9858-15F30BDECB06}] => (Allow) LPort=4481
FirewallRules: [{D1D4F05A-9B5E-4254-A67A-9EDBA99DD92B}] => (Allow) C:\Program Files (x86)\BlackBerry Desktop\Rim.Desktop.exe
FirewallRules: [{B3275FE2-402E-4974-9F15-DF7FBD9392C8}] => (Allow) C:\Program Files (x86)\BlackBerry Desktop\Rim.Desktop.exe
FirewallRules: [{EF2F7E10-DC3E-44DD-AC06-962107218977}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{7FB06B69-0145-457B-8515-95E4D7928483}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{8379195E-12BE-415A-9270-E058B0D1855C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{B160BA9B-350A-4FC2-8466-A11CC0A637C9}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{4E9632B1-8A9F-47E6-A4B7-022DC04B15B2}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{9762F22F-037D-4546-8872-0D88C5F935CE}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{D1D5CEDE-3A4C-45BA-AD94-52077F44A01D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{33A33B8C-30EF-4177-9261-35E4042FE61E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{EE3DB352-4315-4A5C-A829-00F796B30733}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{4331D622-2D3A-4EC7-B751-7331269EEEE8}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{57A47C89-72FC-46BD-BFDB-5A8564569EBB}] => (Allow) C:\Users\eva\AppData\Local\Beamrise\Application\31.0.1650.7639\services\windows-x86-skypekit.exe
FirewallRules: [{4CD96E01-16D9-4C23-87A8-B670171E6A56}] => (Allow) C:\Users\eva\AppData\Local\Beamrise\Application\31.0.1650.7639\services\windows-x86-skypekit.exe
FirewallRules: [{291BA644-B436-4523-AF44-22CB31EC0BAC}] => (Allow) C:\Users\eva\AppData\Local\Beamrise\Application\31.0.1650.7639\windows-x86-skypekit.exe
FirewallRules: [{5762DD5A-3C03-4DB4-B103-661F078C9601}] => (Allow) C:\Users\eva\AppData\Local\Beamrise\Application\31.0.1650.7639\windows-x86-skypekit.exe
FirewallRules: [{8065A733-1D14-4A1B-B773-C3DD2B511F97}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{3BEFD9F0-1099-47BC-A19D-4199F29A289A}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{CDF323BF-A11E-4503-A2B8-ED5296601115}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{6662D437-18BE-4DCA-96DF-5DAB086DD99A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{E2B64105-2A35-44FC-9946-5DEC1FB95B60}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{51EF41A7-BAB2-4ACE-80F3-7DDD43199D4E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{7A1A014E-F774-4294-8F84-CD9F4E21ACA4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{CDA3D6A8-9DC3-459D-AB67-F629FA6B2862}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{68685F20-7A9E-455A-9E43-07C7E29E042D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F82D61C3-001D-4360-85AF-AF4AA8FE604B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D2DA6547-A1CB-4607-A8D7-B23ABF94D077}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
FirewallRules: [{14DF9E15-01E9-4FEE-8070-5970F2696559}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
FirewallRules: [{7FDE5B33-7032-495B-B7B5-CDC1706EC7D3}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
FirewallRules: [{699861EE-6C4D-40DE-997F-F6C10787E2E0}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
FirewallRules: [{953C0655-4803-4F56-BD0E-6C3C913A0C80}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{1A6AED7F-F488-410A-8F4D-FA4A6FDBAC8C}] => (Allow) E:\Installer\hpbcsiInstaller.exe
FirewallRules: [{B361681B-84A6-4C81-9CC7-34AB4833A203}] => (Allow) E:\Installer\hpbcsiInstaller.exe
FirewallRules: [TCP Query User{396CA64A-FEE5-4575-B62D-39F8D5FFBBFF}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe
FirewallRules: [UDP Query User{2077040E-1322-4757-AA02-686BCE692B81}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe
FirewallRules: [{14E60836-010F-4724-88AD-13634D3F1C52}] => (Allow) LPort=8888
FirewallRules: [{445249C1-BBAC-4BA9-ACFA-3ADF41817C57}] => (Allow) LPort=8888
FirewallRules: [{42CA0C55-D77A-4BFA-9A3F-865326466217}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name: USB-IF xHCI USB Host Controller
Description: USB-IF xHCI USB Host Controller
Class Guid: {8a2edc79-c759-46f2-88af-9d4efe3b5eee}
Manufacturer: Intel Corporation
Service: XHCIPort
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Photosmart D110 series
Description: Photosmart D110 series
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Photosmart D110 series
Description: Photosmart D110 series
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Photosmart D110 series
Description: Photosmart D110 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: HP Color LaserJet CM2320nf MFP
Description: HP Color LaserJet CM2320nf MFP
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/24/2015 08:55:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: googledrivesync.exe, version: 1.21.9226.6034, time stamp: 0x509418e4
Faulting module name: ntdll.dll, version: 6.3.9600.17668, time stamp: 0x54c846bb
Exception code: 0xc0000005
Fault offset: 0x00041eee
Faulting process id: 0x1a6c
Faulting application start time: 0xgoogledrivesync.exe0
Faulting application path: googledrivesync.exe1
Faulting module path: googledrivesync.exe2
Report Id: googledrivesync.exe3
Faulting package full name: googledrivesync.exe4
Faulting package-relative application ID: googledrivesync.exe5

Error: (05/24/2015 08:55:35 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6500

Error: (05/24/2015 08:55:35 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6500

Error: (05/24/2015 08:55:35 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/24/2015 07:51:43 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rundll32.exe, version: 6.3.9600.17415, time stamp: 0x545045a2
Faulting module name: ntdll.dll, version: 6.3.9600.17668, time stamp: 0x54c846bb
Exception code: 0xc0000005
Fault offset: 0x00027fb3
Faulting process id: 0x1284
Faulting application start time: 0xrundll32.exe0
Faulting application path: rundll32.exe1
Faulting module path: rundll32.exe2
Report Id: rundll32.exe3
Faulting package full name: rundll32.exe4
Faulting package-relative application ID: rundll32.exe5

Error: (05/24/2015 05:39:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rundll32.exe, version: 6.3.9600.17415, time stamp: 0x545045a2
Faulting module name: ntdll.dll, version: 6.3.9600.17668, time stamp: 0x54c846bb
Exception code: 0xc0000005
Fault offset: 0x00027fb3
Faulting process id: 0x104c
Faulting application start time: 0xrundll32.exe0
Faulting application path: rundll32.exe1
Faulting module path: rundll32.exe2
Report Id: rundll32.exe3
Faulting package full name: rundll32.exe4
Faulting package-relative application ID: rundll32.exe5

Error: (05/24/2015 00:33:11 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3437

Error: (05/24/2015 00:33:11 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3437

Error: (05/24/2015 00:33:11 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/24/2015 00:33:10 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2328


System errors:
=============
Error: (05/24/2015 05:33:58 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) Management and Security Application User Notification Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (05/24/2015 05:33:58 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) ME Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (05/24/2015 05:33:58 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (05/24/2015 05:33:58 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Intel® Centrino® Wireless Bluetooth® + High Speed Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (05/24/2015 05:33:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The BlackBerry Device Manager service terminated unexpectedly.  It has done this 1 time(s).

Error: (05/24/2015 05:33:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Bluetooth OBEX Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (05/24/2015 05:33:54 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) PROSet/Wireless Zero Configuration Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (05/24/2015 05:33:54 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Seagate MobileBackup Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (05/24/2015 05:33:54 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) PROSet/Wireless Registry Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (05/24/2015 05:33:54 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Streamer Service service terminated unexpectedly.  It has done this 1 time(s).


Microsoft Office:
=========================
Error: (09/07/2014 00:21:12 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6700.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3887 seconds with 3360 seconds of active time.  This session ended with a crash.

Error: (08/06/2014 06:52:46 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6700.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 5469 seconds with 2760 seconds of active time.  This session ended with a crash.

Error: (07/02/2014 07:05:54 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6690.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1546 seconds with 1320 seconds of active time.  This session ended with a crash.

Error: (01/27/2014 05:12:52 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 679 seconds with 660 seconds of active time.  This session ended with a crash.

Error: (08/25/2013 00:34:20 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 563 seconds with 420 seconds of active time.  This session ended with a crash.

Error: (05/20/2013 04:14:59 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1123 seconds with 360 seconds of active time.  This session ended with a crash.

Error: (04/19/2013 03:13:22 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 34 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (04/19/2013 03:12:32 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2672 seconds with 1200 seconds of active time.  This session ended with a crash.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-3517U CPU @ 1.90GHz
Percentage of memory in use: 45%
Total physical RAM: 6029.56 MB
Available physical RAM: 3267.35 MB
Total Pagefile: 7181.56 MB
Available Pagefile: 4135.56 MB
Total Virtual: 131072 MB
Available Virtual: 131071.82 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:185.96 GB) (Free:78.1 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (DATA) (Fixed) (Total:258.45 GB) (Free:258.33 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 4F359092)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 22.4 GB) (Disk ID: 41B54F21)

Partition: GPT Partition Type.

==================== End of log ============================
und das hier ist auch wieder erschienen:

Code:

[.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21787
ich hoffe, es passt so - bis zum nächsten mal!

M-K-D-B 25.05.2015 11:55
Servus,



Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument


Code:
start
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-964893997-1847190727-3478051664-1002\...\MountPoints2: {9fb8d0ea-fb3a-11e4-bed1-c4850836bb94} - "E:\EMP_UDSe.exe" /autorun
AppInit_DLLs: C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL => C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL File not found
FF SelectedSearchEngine:
Task: {04D3D92E-0BDE-45CB-9121-030F9E2A28F6} - System32\Tasks\{0E7401C2-FC9C-41EB-8F4D-27299929021B} => pcalua.exe -a C:\Users\eva\AppData\Local\BeamriseUninstall\Bootstrapper{1.4BR2gpTP.100}.exe -c uninstall –slot=1 –bagKey=yikAakHwZJ8U
Task: {11F247F4-96AE-42BC-AC9C-D0EA67929A1C} - \SuperEasyDriverUpdaterRunAtStartup No Task File <==== ATTENTION
Task: {F5B24804-A0D0-462A-9B9E-ABADD3ECA290} - \Optimize Start Menu Cache Files-S-1-5-21-964893997-1847190727-3478051664-1002 No Task File <==== ATTENTION
FirewallRules: [{57A47C89-72FC-46BD-BFDB-5A8564569EBB}] => (Allow) C:\Users\eva\AppData\Local\Beamrise\Application\31.0.1650.7639\services\windows-x86-skypekit.exe
FirewallRules: [{4CD96E01-16D9-4C23-87A8-B670171E6A56}] => (Allow) C:\Users\eva\AppData\Local\Beamrise\Application\31.0.1650.7639\services\windows-x86-skypekit.exe
FirewallRules: [{291BA644-B436-4523-AF44-22CB31EC0BAC}] => (Allow) C:\Users\eva\AppData\Local\Beamrise\Application\31.0.1650.7639\windows-x86-skypekit.exe
FirewallRules: [{5762DD5A-3C03-4DB4-B103-661F078C9601}] => (Allow) C:\Users\eva\AppData\Local\Beamrise\Application\31.0.1650.7639\windows-x86-skypekit.exe
RemoveProxy:
EmptyTemp:
end

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.







Schritt 2
Downloade dir bitte Shortcut Cleaner (by Grinler) auf deinen Desktop.
  • Starte die sc-cleaner.exe mit einem Doppelclick.
  • Bestätige die Meldung Shortcut Cleaner Finished am Ende des Suchlaufs mit Ok.
  • Eine Logdatei wird sich öffnen (sc-cleaner.txt).
  • Poste den Inhalt mit deiner nächsten Antwort.





Schritt 3
  • Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
  • FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.





Schritt 4
  • Starte FRST erneut. Kopiere den Inhalt der folgenden Code-Box oben in die Zeile:
    Code:
    Beamrise;Mobogenie;SuperEasy Software;Reimage;softonic;
  • Drücke auf Search Registry.
  • FRST beginnt mit dem Suchlauf und erstellt am Ende eine Textdatei Search.txt.
  • Poste mir deren Inhalt mit deiner nächsten Antwort.





Schritt 5
Downloade dir Microsoft's Fix-It auf den Desktop, führe das Tool aus, folge den Anweisungen und starte deinen Rechner im Abschluss neu auf.







Bitte poste mit deiner nächsten Antwort
  • die Logdatei des FRST-Fix,
  • die Logdatei von Shortcut-Cleaner,
  • die drei neuen Logdateien von FRST.

eva_mariee 25.05.2015 12:58
Guten Morgen (hier ist es 5:50)!

Hier die Logs, ich werde erst wieder in etwa 7 Stunden auf diesem Rechner sein, muss in die Arbeit.

Schritt 1:

Code:
Fix result of Farbar Recovery Scan Tool (x64) Version: 24-05-2015 01
Ran by eva at 2015-05-25 05:23:17 Run:2
Running from C:\Users\eva\Desktop
Loaded Profiles: eva (Available Profiles: eva)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-964893997-1847190727-3478051664-1002\...\MountPoints2: {9fb8d0ea-fb3a-11e4-bed1-c4850836bb94} - "E:\EMP_UDSe.exe" /autorun
AppInit_DLLs: C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL => C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL File not found
FF SelectedSearchEngine:
Task: {04D3D92E-0BDE-45CB-9121-030F9E2A28F6} - System32\Tasks\{0E7401C2-FC9C-41EB-8F4D-27299929021B} => pcalua.exe -a C:\Users\eva\AppData\Local\BeamriseUninstall\Bootstrapper{1.4BR2gpTP.100}.exe -c uninstall –slot=1 –bagKey=yikAakHwZJ8U
Task: {11F247F4-96AE-42BC-AC9C-D0EA67929A1C} - \SuperEasyDriverUpdaterRunAtStartup No Task File <==== ATTENTION
Task: {F5B24804-A0D0-462A-9B9E-ABADD3ECA290} - \Optimize Start Menu Cache Files-S-1-5-21-964893997-1847190727-3478051664-1002 No Task File <==== ATTENTION
FirewallRules: [{57A47C89-72FC-46BD-BFDB-5A8564569EBB}] => (Allow) C:\Users\eva\AppData\Local\Beamrise\Application\31.0.1650.7639\services\windows-x86-skypekit.exe
FirewallRules: [{4CD96E01-16D9-4C23-87A8-B670171E6A56}] => (Allow) C:\Users\eva\AppData\Local\Beamrise\Application\31.0.1650.7639\services\windows-x86-skypekit.exe
FirewallRules: [{291BA644-B436-4523-AF44-22CB31EC0BAC}] => (Allow) C:\Users\eva\AppData\Local\Beamrise\Application\31.0.1650.7639\windows-x86-skypekit.exe
FirewallRules: [{5762DD5A-3C03-4DB4-B103-661F078C9601}] => (Allow) C:\Users\eva\AppData\Local\Beamrise\Application\31.0.1650.7639\windows-x86-skypekit.exe
RemoveProxy:
EmptyTemp:
end
       
*****************

Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value Removed successfully
"HKU\S-1-5-21-964893997-1847190727-3478051664-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9fb8d0ea-fb3a-11e4-bed1-c4850836bb94}" => key Removed successfully
HKCR\CLSID\{9fb8d0ea-fb3a-11e4-bed1-c4850836bb94} => key not found.
"C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL" => value data Removed successfully.
Firefox SelectedSearchEngine Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{04D3D92E-0BDE-45CB-9121-030F9E2A28F6}" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{04D3D92E-0BDE-45CB-9121-030F9E2A28F6}" => key Removed successfully
C:\Windows\System32\Tasks\{0E7401C2-FC9C-41EB-8F4D-27299929021B} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{0E7401C2-FC9C-41EB-8F4D-27299929021B}" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{11F247F4-96AE-42BC-AC9C-D0EA67929A1C}" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{11F247F4-96AE-42BC-AC9C-D0EA67929A1C}" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SuperEasyDriverUpdaterRunAtStartup" => key Removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F5B24804-A0D0-462A-9B9E-ABADD3ECA290} => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Optimize Start Menu Cache Files-S-1-5-21-964893997-1847190727-3478051664-1002" => key Removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{57A47C89-72FC-46BD-BFDB-5A8564569EBB} => value Removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4CD96E01-16D9-4C23-87A8-B670171E6A56} => value Removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{291BA644-B436-4523-AF44-22CB31EC0BAC} => value Removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5762DD5A-3C03-4DB4-B103-661F078C9601} => value Removed successfully

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value Removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value Removed successfully
HKU\S-1-5-21-964893997-1847190727-3478051664-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value Removed successfully
HKU\S-1-5-21-964893997-1847190727-3478051664-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value Removed successfully


========= End of RemoveProxy: =========

EmptyTemp: => Removed 212.1 MB temporary data.


The system needed a reboot.

==== End of Fixlog 05:23:35 ====
Schritt 2:

Code:
Shortcut Cleaner 1.3.8 by Lawrence Abrams (Grinler)
hxxp://www.bleepingcomputer.com/
Copyright 2008-2015 BleepingComputer.com
More Information about Shortcut Cleaner can be found at this link:
 hxxp://www.bleepingcomputer.com/download/shortcut-cleaner/

Windows Version: Windows 8.1
Program started at: 05/25/2015 05:28:58 AM.

Scanning for registry hijacks:

 * No issues found in the Registry.

Searching for Hijacked Shortcuts:

Searching C:\Users\eva\AppData\Roaming\Microsoft\Windows\Start Menu\

Searching C:\ProgramData\Microsoft\Windows\Start Menu\

Searching C:\Users\eva\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\

Searching C:\Users\Public\Desktop\

Searching C:\Users\eva\Desktop\

Searching C:\Users\Public\Desktop\


0 bad shortcuts found.

Program finished at: 05/25/2015 05:29:39 AM
Execution time: 0 hours(s), 0 minute(s), and 40 seconds(s)
Schritt 3:

Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-05-2015 01
Ran by eva (administrator) on ULLI-PC on 25-05-2015 05:30:31
Running from C:\Users\eva\Desktop
Loaded Profiles: eva (Available Profiles: eva)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Projector\Epson USB Display V1.6\EMP_UDSA.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Diskeeper Corporation) C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe
(HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
() C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\WINDOWS\system32\DptfPolicyLpmServiceHelper.exe
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13192848 2012-08-20] (Realtek Semiconductor)
HKLM\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [107192 2012-08-24] (ASUS)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [2419512 2012-11-04] (Logitech, Inc.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-02-05] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe [3417984 2012-08-27] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [728312 2015-05-19] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-05-19] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-12] ()
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [443408 2013-09-09] (Research In Motion Limited)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [DBAgent] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [1533728 2015-04-01] (Seagate Technology LLC)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [EPSON_UD_START] => C:\Program Files (x86)\EPSON Projector\Epson USB Display V1.6\EMP_UD.exe [536168 2013-05-31] (SEIKO EPSON CORPORATION)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-964893997-1847190727-3478051664-1002\...\Run: [B497FBE558A0E8CF98F7051B1D4699A80CF8D4D0._service_run] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-05-13] (Google Inc.)
HKU\S-1-5-21-964893997-1847190727-3478051664-1002\...\Run: [Uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [127304 2015-04-01] (Seagate Technology LLC)
HKU\S-1-5-21-964893997-1847190727-3478051664-1002\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [25700400 2015-04-28] (Google)
AppInit_DLLs: , C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [175880 2015-04-08] (NVIDIA Corporation)
AppInit_DLLs: , C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [175880 2015-04-08] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [154256 2015-04-08] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk [2012-10-08]
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe (ASUSTeK Computer Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2012-12-30]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\eva\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk [2014-03-24]
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-964893997-1847190727-3478051664-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
HKU\S-1-5-21-964893997-1847190727-3478051664-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2013-05-06] (DivX, LLC)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-04-14] (Oracle Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2012-11-04] (Logitech, Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-04-14] (Oracle Corporation)
DPF: HKLM-x32 {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553571000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\eva\AppData\Roaming\Mozilla\Firefox\Profiles\4qvbq2lp.default
FF Homepage: hxxp://www.portal.at/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll [2014-12-12] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll [2014-12-12] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll [2013-05-06] (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2013-04-02] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-04-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-04-14] (Oracle Corporation)
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2013-11-06] ()
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll [2012-12-03] (RocketLife, LLP)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Extension: anonymoX - C:\Users\eva\AppData\Roaming\Mozilla\Firefox\Profiles\4qvbq2lp.default\Extensions\client@anonymox.net.xpi [2013-06-25]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2012-12-30]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &video& - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-06-24]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [not found]

Chrome:
=======
CHR Profile: C:\Users\eva\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-24]
CHR Extension: (Google Drive) - C:\Users\eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-24]
CHR Extension: (YouTube) - C:\Users\eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-24]
CHR Extension: (GeoGebra) - C:\Users\eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnbaboaihhkjoaolfnfoablhllahjnee [2015-04-08]
CHR Extension: (Google Search) - C:\Users\eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-24]
CHR Extension: (Bookmark Manager) - C:\Users\eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-21]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-16]
CHR Extension: (Google Wallet) - C:\Users\eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-24]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2014-08-24]
CHR Extension: (Bitdefender QuickScan) - C:\Users\eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie [2014-12-11]
CHR Extension: (Gmail) - C:\Users\eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-24]
CHR HKU\S-1-5-21-964893997-1847190727-3478051664-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-05-06]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [827640 2015-05-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-05-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-05-19] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1185584 2015-05-19] (Avira Operations GmbH & Co. KG)
R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)
R3 BlackBerry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [585728 2013-09-09] (Research In Motion Limited) []
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
R2 EMP_UDSA; C:\Program Files (x86)\EPSON Projector\Epson USB Display V1.6\EMP_UDSA.exe [157696 2013-05-31] (SEIKO EPSON CORPORATION) []
R2 ExpressCache; C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [79664 2012-03-30] (Diskeeper Corporation)
R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [145920 2010-10-25] (HP) []
R2 HPSIService; C:\Windows\system32\HPSIsvc.exe [120832 2011-08-04] (HP) []
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) []
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-09-18] (Intel Corporation)
R2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [193576 2012-07-30] (Intel Corporation)
R3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] ()
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2013-11-14] (Hewlett-Packard) []
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-02-05] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16941856 2014-02-05] (NVIDIA Corporation)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2013-11-14] (Hewlett-Packard) []
R2 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16216 2015-02-13] (Seagate Technology LLC)
R2 Seagate MobileBackup Service; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [157992 2015-04-01] (Seagate Technology LLC)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation)
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [61824 2012-10-31] (ASUS Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [152744 2015-05-19] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132120 2015-05-19] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-11-26] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43576 2015-03-10] (Avira Operations GmbH & Co. KG)
S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [111104 2015-01-15] (ASIX Electronics Corp.)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-07-22] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1390904 2013-09-05] (Motorola Solutions, Inc.)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-09-25] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-09-25] (Windows (R) Win 7 DDK provider)
R3 DptfDevDram; C:\Windows\system32\DRIVERS\DptfDevDram.sys [107328 2012-07-13] (Intel Corporation)
R3 DptfDevFan; C:\Windows\system32\DRIVERS\DptfDevFan.sys [42816 2012-07-13] (Intel Corporation)
R3 DptfDevGen; C:\Windows\system32\DRIVERS\DptfDevGen.sys [64832 2012-07-13] (Intel Corporation)
R3 DptfDevPch; C:\Windows\system32\DRIVERS\DptfDevPch.sys [96064 2012-07-13] (Intel Corporation)
R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [228672 2012-07-13] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [361792 2012-07-13] (Intel Corporation)
R3 eppvad_simple; C:\Windows\system32\drivers\EMP_UDAU.sys [23040 2013-05-31] (SEIKO EPSON CORPORATION)
R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [23344 2012-03-30] (Diskeeper Corporation)
R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [95024 2012-03-30] (Diskeeper Corporation)
R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2012-07-30] (Intel Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-01] ( )
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\Netwew00.sys [3345376 2013-10-08] (Intel Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [79872 2013-06-27] (Research In Motion Limited)
R3 RimVSerPort; C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
R3 SensorsAlsDriver; C:\Windows\System32\drivers\WUDFRd.sys [226304 2014-10-28] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
S3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188384 2012-08-09] (Windows (R) Win 7 DDK provider)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-25 05:28 - 2015-05-25 05:29 - 00001814 _____ () C:\Users\eva\Desktop\sc-cleaner.txt
2015-05-25 05:28 - 2015-05-25 05:28 - 00463688 _____ (Bleeping Computer, LLC) C:\Users\eva\Desktop\sc-cleaner.exe
2015-05-24 19:41 - 2015-05-25 05:30 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-964893997-1847190727-3478051664-1002
2015-05-24 19:27 - 2015-03-03 07:17 - 00295552 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-05-24 17:35 - 2015-05-24 17:35 - 00000812 _____ () C:\Users\eva\Desktop\JRT.txt
2015-05-24 17:33 - 2015-05-24 17:33 - 00000207 _____ () C:\WINDOWS\tweaking.com-regbackup-ULLI-PC-Windows-8.1-(64-bit).dat
2015-05-24 17:33 - 2015-05-24 17:33 - 00000000 ____D () C:\RegBackup
2015-05-24 17:32 - 2015-05-24 17:32 - 00001197 _____ () C:\Users\eva\Desktop\mbam.txt
2015-05-24 16:49 - 2015-05-24 16:52 - 00000000 ____D () C:\AdwCleaner
2015-05-24 16:46 - 2015-05-24 16:47 - 02945770 _____ (Thisisu) C:\Users\eva\Desktop\JRT.exe
2015-05-24 16:40 - 2015-05-24 16:41 - 02222592 _____ () C:\Users\eva\Desktop\AdwCleaner_4.205.exe
2015-05-24 14:43 - 2015-05-24 14:43 - 00009119 _____ () C:\Users\eva\Desktop\Gmer.txt
2015-05-24 14:36 - 2015-05-24 14:36 - 00380416 _____ () C:\Users\eva\Desktop\Gmer-19357.exe
2015-05-24 14:25 - 2015-05-25 05:31 - 00028310 _____ () C:\Users\eva\Desktop\FRST.txt
2015-05-24 14:25 - 2015-05-24 17:38 - 00040945 _____ () C:\Users\eva\Desktop\Addition.txt
2015-05-24 14:24 - 2015-05-25 05:30 - 00000000 ____D () C:\FRST
2015-05-24 14:23 - 2015-05-24 14:23 - 02108416 _____ (Farbar) C:\Users\eva\Desktop\FRST64.exe
2015-05-24 14:21 - 2015-05-24 14:21 - 00000468 _____ () C:\Users\eva\Desktop\defogger_disable.log
2015-05-24 14:21 - 2015-05-24 14:21 - 00000000 _____ () C:\Users\eva\defogger_reenable
2015-05-24 14:19 - 2015-05-24 14:19 - 00050477 _____ () C:\Users\eva\Desktop\Defogger.exe
2015-05-24 13:14 - 2015-05-24 13:15 - 00003342 ____N () C:\Users\eva\Desktop\ShortcutVirusRemover.bat
2015-05-24 13:01 - 2015-05-24 13:25 - 00000094 ____N () C:\Users\eva\Desktop\removevirus.bat
2015-05-24 09:08 - 2015-05-24 09:08 - 00000320 _____ () C:\WINDOWS\SysWOW64\win_hcleaner.ini
2015-05-24 09:07 - 2015-05-24 09:07 - 00706893 ____N () C:\Users\eva\Desktop\HFV.exe
2015-05-23 23:09 - 2015-05-23 23:09 - 00003700 ____N () C:\WINDOWS\System32\Tasks\eva Merge
2015-05-23 23:09 - 2015-05-23 23:09 - 00003684 ____N () C:\WINDOWS\System32\Tasks\eva
2015-05-23 23:06 - 2015-05-23 23:06 - 00000000 ____D () C:\WINDOWS\LastGood
2015-05-22 07:03 - 2015-05-22 07:03 - 00000000 ____D () C:\Users\Public\Documents\Hewlett-Packard
2015-05-22 07:01 - 2015-05-22 07:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Projector
2015-05-22 07:01 - 2015-05-22 07:01 - 00000000 ____D () C:\Program Files (x86)\EPSON Projector
2015-05-22 07:01 - 2013-05-31 16:33 - 00023040 ____N (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\Drivers\EMP_UDAU.sys
2015-05-22 06:55 - 2015-05-22 06:55 - 00000000 ____N () C:\WINDOWS\system32\Drivers\Msft_Kernel_ax88772_01011.Wdf
2015-05-18 17:43 - 2015-05-18 17:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macromedia
2015-05-18 17:43 - 2015-05-18 17:43 - 00000000 ____D () C:\ProgramData\Macromedia
2015-05-18 17:43 - 2015-05-18 17:43 - 00000000 ____D () C:\Program Files (x86)\Macromedia
2015-05-18 17:41 - 2015-05-18 17:41 - 00000000 ____D () C:\WINDOWS\Downloaded Installations
2015-05-18 17:39 - 2015-05-18 17:56 - 00000000 ____D () C:\Users\eva\Desktop\Macromedia 8
2015-05-16 19:05 - 2015-05-16 19:05 - 00000000 ____D () C:\Users\eva\Documents\ASUS
2015-05-16 19:05 - 2015-05-16 19:05 - 00000000 ____D () C:\ProgramData\ASUS
2015-05-09 13:08 - 2015-05-09 13:08 - 00000000 ____D () C:\Users\Default\AppData\Local\Google
2015-05-09 13:08 - 2015-05-09 13:08 - 00000000 ____D () C:\Users\Default User\AppData\Local\Google

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-25 05:26 - 2015-04-08 18:41 - 00000000 ___RD () C:\Users\eva\Google Drive
2015-05-25 05:25 - 2014-01-14 05:26 - 00000000 ___DO () C:\Users\eva\SkyDrive
2015-05-25 05:25 - 2013-05-28 20:06 - 00000918 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-25 05:24 - 2013-08-22 08:46 - 00389782 _____ () C:\WINDOWS\setupact.log
2015-05-25 05:24 - 2013-08-22 08:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-05-25 05:23 - 2014-01-14 01:43 - 01822751 _____ () C:\WINDOWS\WindowsUpdate.log
2015-05-25 05:23 - 2013-08-22 07:25 - 01048576 _____ () C:\WINDOWS\system32\config\BBI
2015-05-25 05:12 - 2013-05-28 20:06 - 00000922 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-25 05:02 - 2012-12-30 13:46 - 00000350 _____ () C:\WINDOWS\Tasks\HP Photo Creations Communicator.job
2015-05-25 05:00 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-05-24 20:28 - 2013-11-14 01:28 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-05-24 19:37 - 2015-01-16 14:49 - 00003480 _____ () C:\WINDOWS\System32\Tasks\eva DBAgent 2 0
2015-05-24 19:37 - 2015-01-16 14:48 - 00003492 _____ () C:\WINDOWS\System32\Tasks\Seagate_Install_Launch
2015-05-24 19:36 - 2015-03-03 20:52 - 00002733 _____ () C:\Users\Public\Desktop\Seagate Dashboard.lnk
2015-05-24 19:36 - 2015-03-03 20:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate Dashboard
2015-05-24 19:28 - 2013-08-22 07:25 - 00262144 _____ () C:\WINDOWS\system32\config\ELAM
2015-05-24 16:59 - 2014-08-26 06:54 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-05-24 16:57 - 2014-08-26 06:54 - 00001116 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-24 16:57 - 2014-08-26 06:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-24 16:57 - 2014-08-26 06:53 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-24 16:52 - 2014-01-14 01:48 - 00000000 ____D () C:\Users\eva
2015-05-24 15:13 - 2013-02-27 17:18 - 00000000 ____D () C:\Users\eva\AppData\Local\Paint.NET
2015-05-24 15:11 - 2015-02-10 19:43 - 00000000 ____D () C:\Users\eva\Desktop\div_sticks
2015-05-23 23:05 - 2015-04-19 08:47 - 00000000 ____D () C:\WINDOWS\SysWOW64\NV
2015-05-23 23:05 - 2015-04-19 08:47 - 00000000 ____D () C:\WINDOWS\system32\NV
2015-05-23 23:05 - 2013-11-14 01:20 - 00236396 _____ () C:\WINDOWS\PFRO.log
2015-05-23 23:05 - 2013-08-22 08:44 - 00492528 ____N () C:\WINDOWS\system32\FNTCACHE.DAT
2015-05-23 19:47 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-05-23 17:10 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-05-22 06:54 - 2015-04-19 08:45 - 00000000 ____D () C:\WINDOWS\LastGood.Tmp
2015-05-21 20:34 - 2012-08-04 19:42 - 03497316 _____ () C:\WINDOWS\AsDebug.log
2015-05-21 20:34 - 2012-08-04 19:42 - 00573596 _____ () C:\WINDOWS\AsCDProc.log
2015-05-21 19:47 - 2013-01-07 21:43 - 00123256 ____N () C:\Users\eva\AppData\Local\GDIPFONTCACHEV1.DAT
2015-05-20 18:40 - 2013-05-15 06:40 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-19 15:49 - 2014-04-01 07:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-05-19 15:47 - 2013-03-31 10:07 - 00152744 ____N (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2015-05-19 15:47 - 2013-03-31 10:07 - 00132120 ____N (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2015-05-18 17:50 - 2012-12-15 20:00 - 00000000 ____D () C:\Users\eva\AppData\Roaming\Macromedia
2015-05-17 20:07 - 2013-05-28 20:06 - 00003894 ____N () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-17 20:07 - 2013-05-28 20:06 - 00003658 ____N () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-17 17:32 - 2013-01-09 20:43 - 00000000 ____D () C:\Users\Public\Documents\Personalvertretung
2015-05-16 19:05 - 2012-12-15 19:19 - 00000000 ____D () C:\Users\eva\AppData\Local\ASUS
2015-05-09 13:09 - 2015-04-08 18:39 - 00002060 _____ () C:\Users\Public\Desktop\Google Slides.lnk
2015-05-09 13:09 - 2015-04-08 18:39 - 00002058 _____ () C:\Users\Public\Desktop\Google Sheets.lnk
2015-05-09 13:09 - 2015-04-08 18:39 - 00002048 _____ () C:\Users\Public\Desktop\Google Docs.lnk
2015-05-09 13:09 - 2015-04-08 18:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-05-03 19:39 - 2012-12-30 11:25 - 00000000 ____D () C:\Users\eva\AppData\Roaming\HpUpdate

==================== Files in the root of some directories =======

2013-01-02 20:14 - 2013-01-02 20:14 - 0000021 ____N () C:\Users\eva\AppData\Roaming\my_intel.sys
2013-09-06 20:07 - 2014-06-02 11:21 - 0001001 ____N () C:\Users\eva\AppData\Roaming\Rim.Desktop.Exception.log
2013-09-06 20:06 - 2013-09-06 20:06 - 0001092 ____N () C:\Users\eva\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2013-09-06 20:07 - 2014-06-02 11:21 - 0001001 ____N () C:\Users\eva\AppData\Roaming\Rim.DesktopHelper.Exception.log
2012-12-15 19:22 - 2015-04-05 15:20 - 0000401 ____N () C:\Users\eva\AppData\Roaming\sp_data.sys
2014-10-04 23:41 - 2014-10-04 23:41 - 0004634 ____N () C:\Users\eva\AppData\Local\recently-used.xbel
2012-12-30 13:37 - 2014-09-23 20:10 - 0005807 _____ () C:\ProgramData\hpzinstall.log
2012-08-04 19:42 - 2012-07-30 00:03 - 0000217 _____ () C:\ProgramData\SetStretch.cmd
2012-08-04 19:42 - 2009-07-22 04:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe

Files to move or delete:
====================
C:\ProgramData\SetStretch.exe


Some files in TEMP:
====================
C:\Users\eva\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-23 23:56

==================== End of log ============================
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-05-2015 01
Ran by eva at 2015-05-25 05:32:39
Running from C:\Users\eva\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-964893997-1847190727-3478051664-500 - Administrator - Disabled)
eva (S-1-5-21-964893997-1847190727-3478051664-1002 - Administrator - Enabled) => C:\Users\eva
Guest (S-1-5-21-964893997-1847190727-3478051664-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 16.2.1 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS Instant Connect (HKLM-x32\...\{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}) (Version: 1.2.8 - ASUS)
ASUS InstantOn (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 3.0.2 - ASUS)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.1.5 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.8 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 2.0.4 - ASUS)
ASUS Screen Saver (HKLM\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.1 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 1.0.35 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.03.0004 - ASUS)
ASUS Tutor (HKLM-x32\...\{58172D66-2F69-4215-9AEC-ED8196023736}) (Version: 1.0.6 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.4 - ASUS)
ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.9.120 - ASUS Cloud Corporation)
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.10.168 - ASUSTEK)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0022 - ASUS)
Avira (HKLM-x32\...\{b5675cc4-ab8b-4945-8c1d-4c5479556d6a}) (Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.10.434 - Avira Operations GmbH & Co. KG)
BlackBerry Desktop Software 7.1 (HKLM-x32\...\BlackBerry_Desktop) (Version: 7.1.0.41 - Research in Motion Ltd.)
BlackBerry Desktop Software 7.1 (x32 Version: 7.1.0.41 - Research in Motion Ltd.) Hidden
BlackBerry Device Software Updater (HKLM-x32\...\{334147DC-B3C8-4626-A985-4AEA8A36DAB6}) (Version: 8.0.0.41 - Research In Motion Ltd)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
CoffeeCup Free HTML Editor (HKU\S-1-5-21-964893997-1847190727-3478051664-1002\...\CoffeeCup Free HTML Editor) (Version:  - )
D110 (x32 Version: 140.0.353.000 - Hewlett-Packard) Hidden
Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.44 - DivX, LLC)
Epson USB Display (HKLM-x32\...\{7650F538-6274-44EA-8F50-843479073333}) (Version: 1.62.000 - SEIKO EPSON CORPORATION)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ExpressCache (HKLM\...\{2EBEFDA8-F905-4C39-AC1C-D5ABE7B3E0AE}) (Version: 1.0.86 - Diskeeper Corporation)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
GeoGebra (HKLM-x32\...\GeoGebra) (Version: 4.0.30.0 - International GeoGebra Institute)
GIMP 2.8.2 (HKLM\...\GIMP-2_is1) (Version: 2.8.2 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.65 - Google Inc.)
Google Drive (HKLM-x32\...\{35574F09-89F9-4B16-B69B-64F3E25901B8}) (Version: 1.21.9226.6034 - Google, Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP LaserJet Professional CP1020 Series (HKLM-x32\...\{F2918DE9-8F79-44c8-85D8-CAD1245B95D3}) (Version:  - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.12412 - HP Photo Creations Powered by RocketLife)
HP Photosmart D110 All-In-One Driver Software 14.0 Rel. 6 (HKLM\...\{A5E2418D-B360-419D-AAAD-0D8F2E98FBF6}) (Version: 14.0 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPAppStudio (x32 Version: 140.0.95.000 - Hewlett-Packard) Hidden
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPLaserJetHelp_LearnCenter (HKLM-x32\...\{66012C7F-D4FD-4C8D-8FBA-D0A680B1C149}) (Version: 1.02.0000 - Hewlett-Packard)
HPLJUT (x32 Version: 1.00.0012 - HP) Hidden
hppCP1020LaserJetService (x32 Version: 001.008.00477 - Hewlett-Packard) Hidden
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
hppLaserJetService (x32 Version: 002.015.00599 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 6.0.5.1080 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{302600C1-6BDF-4FD1-1309-148929CC1385}) (Version: 3.1.1309.0390 - Intel Corporation)
Intel(R) Rapid Start Technology (HKLM-x32\...\3D073343-CEEB-4ce7-85AC-A69A7631B5D6) (Version: 2.1.0.1002 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel(R) Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{EDBA2433-0910-4C72-8C5B-8FEDAE3EF18E}) (Version: 3.5.34.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{c9967fbd-e3c3-4ed0-992a-5b33260f2944}) (Version: 16.1.5 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version:  - )
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.550 - Oracle)
Logitech SetPoint 6.51 (HKLM\...\sp6) (Version: 6.51.8 - Logitech)
Macromedia Dreamweaver 8 (HKLM-x32\...\{0837A661-FEC3-48B3-876C-91E7D32048A9}) (Version: 8.0.0.2734 - Macromedia)
Macromedia Extension Manager (HKLM-x32\...\{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}) (Version: 1.7.240 - Macromedia, Inc.)
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme (HKLM-x32\...\{90120000-00B2-0407-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Network64 (Version: 140.0.306.000 - Hewlett-Packard) Hidden
Nur Entfernen der CopyTrans Suite möglich (HKU\S-1-5-21-964893997-1847190727-3478051664-1002\...\CopyTrans Suite) (Version: 2.37 - WindSolutions)
NVIDIA GeForce Experience 1.8.2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.2.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 350.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 350.12 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0324 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0324 - NVIDIA Corporation)
NVIDIA Virtual Audio 1.2.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.20 - NVIDIA Corporation)
Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}) (Version: 3.60.0 - dotPDN LLC)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PS_AIO_07_D110_SW_Min (x32 Version: 140.0.365.000 - Hewlett-Packard) Hidden
QuickTransfer (x32 Version: 140.0.98.000 - Hewlett-Packard) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6710 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
Seagate Dashboard (HKLM-x32\...\{EA266F00-A8E7-43A0-8DED-FBFE3F076934}) (Version: 4.0.2102.0 - Seagate)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SHIELD Streaming (Version: 1.7.321 - NVIDIA Corporation) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
Sublime Text 2.0.2 (HKLM\...\Sublime Text 2_is1) (Version:  - )
SUPER © Version 2010.bld.37 (Jan 2, 2010) (HKLM-x32\...\SUPER ©) (Version: Version 2010.bld.37 (Jan 2, 2010) - eRightSoft)
TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.30992 - TeamViewer)
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
Windows Driver Package - ASUS (ATP) Mouse  (10/29/2012 1.0.0.148) (HKLM\...\C01F56FBD9B141017E63E2A1A141E59934D4DC67) (Version: 10/29/2012 1.0.0.148 - ASUS)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.1 - ASUS)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

04-05-2015 20:11:22 Scheduled Checkpoint
13-05-2015 17:43:42 Scheduled Checkpoint
18-05-2015 17:43:07 Installed Macromedia Dreamweaver 8

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 07:25 - 2013-08-22 07:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {023417BE-10B3-4661-BD22-B8CF42195E3C} - System32\Tasks\{AB276CEB-C1A2-4370-99E9-903C8E7626F1} => Chrome.exe hxxp://ui.skype.com/ui/0/7.0.0.102/en/abandoninstall?page=tsMain
Task: {18E683ED-5BC5-4276-AB05-6D1EB05A0B5F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {1D189FBA-F98A-4916-B000-CCE4E9337DCA} - System32\Tasks\ASUS Touchpad Launcher (x64) => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2012-10-31] (AsusTek)
Task: {23131080-1C79-41EA-8A08-0CDFFDB01746} - System32\Tasks\eva Merge => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2015-04-01] (Seagate Technology LLC)
Task: {245749BD-F7E4-4E88-9E8F-F8AD903DCEDD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-28] (Google Inc.)
Task: {35656B35-E85E-4C6A-9B8D-5EC52D675717} - System32\Tasks\eva => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2015-04-01] (Seagate Technology LLC)
Task: {42DBDD1E-4E71-4A40-B3E9-EA0FE0E7E87C} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {5634D503-D8D5-4A9F-8C32-6B892A801A72} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {5AE3412E-FE4F-4321-9757-2564CB7BB64B} - System32\Tasks\HPLJCustParticipation => C:\Program Files (x86)\HP\HPLJUT\HPLJUTSCH.exe [2010-09-22] (Hewlett Packard)
Task: {60F4703E-DEC6-415F-9332-D7F342331CE8} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {66ECB3A6-E689-424E-8C2A-A59EAADE18C6} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {68DB1BFC-BA28-46E4-9A47-047A6A2DB973} - System32\Tasks\Seagate_Install_Launch => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe [2015-04-01] (Seagate Technology LLC)
Task: {706EF7A2-97FB-416C-A1DC-4FAB69D9C5CE} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\Communicator.exe [2012-12-30] ()
Task: {8B2368B4-6ABD-4F21-909D-A0996E083497} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-28] (Google Inc.)
Task: {8BCE6D0F-FFC3-4D84-87B2-DB3B19E62F7E} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-07-24] (ASUSTek Computer Inc.)
Task: {8FFF57FB-7441-4151-9599-D9BB58C58C95} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-23] (Microsoft Corporation)
Task: {97298B33-8DF3-487A-B6C5-AEEF56116F4E} - System32\Tasks\eva DBAgent 2 0 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [2015-04-01] (Seagate Technology LLC)
Task: {98594AE4-B71D-45C6-9755-4CA12EFD2519} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {9BDDAB86-5729-4122-AE5B-209977814EDD} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {A72EB1D4-0D6B-497D-B8C7-A8C125929275} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {BC3C2220-EDBD-4A5F-814B-F6D3753B57DE} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {C41A826B-0CD1-4A6E-A06F-E8CE4A1D08E7} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-08-24] (ASUS)
Task: {CA563CBE-3913-4085-B26B-F7E803503895} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {CDC0FE9F-6CB9-4A2E-B92A-23840B25F391} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-07-25] (ASUSTeK Computer Inc.)
Task: {E419F02F-4791-4CFC-8C44-8E3B2236F936} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\Communicator.exe

==================== Loaded Modules (Whitelisted) ==============

2014-01-14 01:43 - 2015-04-08 15:30 - 00116552 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-12-24 06:53 - 2012-12-24 06:53 - 00129024 ____N () C:\WINDOWS\System32\HPCP1020LM.DLL
2012-08-24 18:26 - 2012-08-24 18:26 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2012-08-30 01:33 - 2012-08-15 11:52 - 00094208 ____N () C:\Windows\System32\IccLibDll_x64.dll
2014-02-28 11:32 - 2014-02-28 11:32 - 00174368 _____ () C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
2014-07-31 12:16 - 2014-07-31 12:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-05-25 05:25 - 2015-05-25 05:25 - 00098816 _____ () C:\Users\eva\AppData\Local\Temp\_MEI66362\win32api.pyd
2015-05-25 05:25 - 2015-05-25 05:25 - 00110080 _____ () C:\Users\eva\AppData\Local\Temp\_MEI66362\pywintypes27.dll
2015-05-25 05:25 - 2015-05-25 05:25 - 00364544 _____ () C:\Users\eva\AppData\Local\Temp\_MEI66362\pythoncom27.dll
2015-05-25 05:25 - 2015-05-25 05:25 - 00045568 _____ () C:\Users\eva\AppData\Local\Temp\_MEI66362\_socket.pyd
2015-05-25 05:25 - 2015-05-25 05:25 - 01161216 _____ () C:\Users\eva\AppData\Local\Temp\_MEI66362\_ssl.pyd
2015-05-25 05:25 - 2015-05-25 05:25 - 00320512 _____ () C:\Users\eva\AppData\Local\Temp\_MEI66362\win32com.shell.shell.pyd
2015-05-25 05:25 - 2015-05-25 05:25 - 00713216 _____ () C:\Users\eva\AppData\Local\Temp\_MEI66362\_hashlib.pyd
2015-05-25 05:25 - 2015-05-25 05:25 - 01175040 _____ () C:\Users\eva\AppData\Local\Temp\_MEI66362\wx._core_.pyd
2015-05-25 05:25 - 2015-05-25 05:25 - 00805888 _____ () C:\Users\eva\AppData\Local\Temp\_MEI66362\wx._gdi_.pyd
2015-05-25 05:25 - 2015-05-25 05:25 - 00811008 _____ () C:\Users\eva\AppData\Local\Temp\_MEI66362\wx._windows_.pyd
2015-05-25 05:25 - 2015-05-25 05:25 - 01062400 _____ () C:\Users\eva\AppData\Local\Temp\_MEI66362\wx._controls_.pyd
2015-05-25 05:25 - 2015-05-25 05:25 - 00735232 _____ () C:\Users\eva\AppData\Local\Temp\_MEI66362\wx._misc_.pyd
2015-05-25 05:25 - 2015-05-25 05:25 - 00682496 _____ () C:\Users\eva\AppData\Local\Temp\_MEI66362\pysqlite2._sqlite.pyd
2015-05-25 05:25 - 2015-05-25 05:25 - 00128512 _____ () C:\Users\eva\AppData\Local\Temp\_MEI66362\_elementtree.pyd
2015-05-25 05:25 - 2015-05-25 05:25 - 00127488 _____ () C:\Users\eva\AppData\Local\Temp\_MEI66362\pyexpat.pyd
2015-05-25 05:25 - 2015-05-25 05:25 - 00087552 _____ () C:\Users\eva\AppData\Local\Temp\_MEI66362\_ctypes.pyd
2015-05-25 05:25 - 2015-05-25 05:25 - 00119808 _____ () C:\Users\eva\AppData\Local\Temp\_MEI66362\win32file.pyd
2015-05-25 05:25 - 2015-05-25 05:25 - 00108544 _____ () C:\Users\eva\AppData\Local\Temp\_MEI66362\win32security.pyd
2015-05-25 05:25 - 2015-05-25 05:25 - 00007168 _____ () C:\Users\eva\AppData\Local\Temp\_MEI66362\hashobjs_ext.pyd
2015-05-25 05:25 - 2015-05-25 05:25 - 00017408 _____ () C:\Users\eva\AppData\Local\Temp\_MEI66362\usb_ext.pyd
2015-05-25 05:25 - 2015-05-25 05:25 - 00167936 _____ () C:\Users\eva\AppData\Local\Temp\_MEI66362\win32gui.pyd
2015-05-25 05:25 - 2015-05-25 05:25 - 00018432 _____ () C:\Users\eva\AppData\Local\Temp\_MEI66362\win32event.pyd
2015-05-25 05:25 - 2015-05-25 05:25 - 00013824 _____ () C:\Users\eva\AppData\Local\Temp\_MEI66362\common.time34.pyd
2015-05-25 05:25 - 2015-05-25 05:25 - 00036864 _____ () C:\Users\eva\AppData\Local\Temp\_MEI66362\_psutil_windows.pyd
2015-05-25 05:25 - 2015-05-25 05:25 - 00038912 _____ () C:\Users\eva\AppData\Local\Temp\_MEI66362\win32inet.pyd
2015-05-25 05:25 - 2015-05-25 05:25 - 00011264 _____ () C:\Users\eva\AppData\Local\Temp\_MEI66362\win32crypt.pyd
2015-05-25 05:25 - 2015-05-25 05:25 - 00070656 _____ () C:\Users\eva\AppData\Local\Temp\_MEI66362\wx._html2.pyd
2015-05-25 05:25 - 2015-05-25 05:25 - 00027136 _____ () C:\Users\eva\AppData\Local\Temp\_MEI66362\_multiprocessing.pyd
2015-05-25 05:25 - 2015-05-25 05:25 - 00020480 _____ () C:\Users\eva\AppData\Local\Temp\_MEI66362\_yappi.pyd
2015-05-25 05:25 - 2015-05-25 05:25 - 00035840 _____ () C:\Users\eva\AppData\Local\Temp\_MEI66362\win32process.pyd
2015-05-25 05:25 - 2015-05-25 05:25 - 00686080 _____ () C:\Users\eva\AppData\Local\Temp\_MEI66362\unicodedata.pyd
2015-05-25 05:25 - 2015-05-25 05:25 - 00122368 _____ () C:\Users\eva\AppData\Local\Temp\_MEI66362\wx._wizard.pyd
2015-05-25 05:25 - 2015-05-25 05:25 - 00024064 _____ () C:\Users\eva\AppData\Local\Temp\_MEI66362\win32pipe.pyd
2015-05-25 05:25 - 2015-05-25 05:25 - 00010240 _____ () C:\Users\eva\AppData\Local\Temp\_MEI66362\select.pyd
2015-05-25 05:25 - 2015-05-25 05:25 - 00025600 _____ () C:\Users\eva\AppData\Local\Temp\_MEI66362\win32pdh.pyd
2015-05-25 05:25 - 2015-05-25 05:25 - 00525640 _____ () C:\Users\eva\AppData\Local\Temp\_MEI66362\windows._lib_cacheinvalidation.pyd
2015-05-25 05:25 - 2015-05-25 05:25 - 00017408 _____ () C:\Users\eva\AppData\Local\Temp\_MEI66362\win32profile.pyd
2015-05-25 05:25 - 2015-05-25 05:25 - 00022528 _____ () C:\Users\eva\AppData\Local\Temp\_MEI66362\win32ts.pyd
2015-05-25 05:25 - 2015-05-25 05:25 - 00078336 _____ () C:\Users\eva\AppData\Local\Temp\_MEI66362\wx._animate.pyd
2015-05-22 12:14 - 2015-05-13 10:48 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.65\libglesv2.dll
2015-05-22 12:14 - 2015-05-13 10:48 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.65\libegl.dll
2015-05-22 12:14 - 2015-05-13 10:48 - 14982472 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.65\PepperFlash\pepflashplayer.dll
2012-10-08 04:34 - 2012-06-25 11:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\eva\SkyDrive:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-964893997-1847190727-3478051664-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\eva\Pictures\2013\Hawaii 0613\DSCN4234.JPG
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER Error getting ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "AsusVibeLauncher.lnk"
HKLM\...\StartupApproved\Run: => "ACMON"
HKLM\...\StartupApproved\Run: => "EvtMgr6"
HKLM\...\StartupApproved\Run32: => "DivXMediaServer"
HKLM\...\StartupApproved\Run32: => "DivXUpdate"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "DBAgent"
HKLM\...\StartupApproved\Run32: => "EPSON_UD_START"
HKU\S-1-5-21-964893997-1847190727-3478051664-1002\...\StartupApproved\StartupFolder: => "OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk"
HKU\S-1-5-21-964893997-1847190727-3478051664-1002\...\StartupApproved\Run: => "Uploader"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{D8DAD5D1-1F06-4852-BB73-7B4278961884}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{3EACD543-70F3-4831-8C2A-A380D71DDC7E}] => (Allow) LPort=4482
FirewallRules: [{9D23796F-42F7-4D51-A623-9ADB51FD7F94}] => (Allow) LPort=4482
FirewallRules: [{B50E7D48-D4A5-430C-BAA2-EA6E3548AEEE}] => (Allow) LPort=4481
FirewallRules: [{4EFF1B9B-0D5A-4DA5-9858-15F30BDECB06}] => (Allow) LPort=4481
FirewallRules: [{D1D4F05A-9B5E-4254-A67A-9EDBA99DD92B}] => (Allow) C:\Program Files (x86)\BlackBerry Desktop\Rim.Desktop.exe
FirewallRules: [{B3275FE2-402E-4974-9F15-DF7FBD9392C8}] => (Allow) C:\Program Files (x86)\BlackBerry Desktop\Rim.Desktop.exe
FirewallRules: [{EF2F7E10-DC3E-44DD-AC06-962107218977}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{7FB06B69-0145-457B-8515-95E4D7928483}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{8379195E-12BE-415A-9270-E058B0D1855C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{B160BA9B-350A-4FC2-8466-A11CC0A637C9}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{4E9632B1-8A9F-47E6-A4B7-022DC04B15B2}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{9762F22F-037D-4546-8872-0D88C5F935CE}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{D1D5CEDE-3A4C-45BA-AD94-52077F44A01D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{33A33B8C-30EF-4177-9261-35E4042FE61E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{EE3DB352-4315-4A5C-A829-00F796B30733}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{4331D622-2D3A-4EC7-B751-7331269EEEE8}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{8065A733-1D14-4A1B-B773-C3DD2B511F97}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{3BEFD9F0-1099-47BC-A19D-4199F29A289A}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{CDF323BF-A11E-4503-A2B8-ED5296601115}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{6662D437-18BE-4DCA-96DF-5DAB086DD99A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{E2B64105-2A35-44FC-9946-5DEC1FB95B60}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{51EF41A7-BAB2-4ACE-80F3-7DDD43199D4E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{7A1A014E-F774-4294-8F84-CD9F4E21ACA4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{CDA3D6A8-9DC3-459D-AB67-F629FA6B2862}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{68685F20-7A9E-455A-9E43-07C7E29E042D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F82D61C3-001D-4360-85AF-AF4AA8FE604B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D2DA6547-A1CB-4607-A8D7-B23ABF94D077}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
FirewallRules: [{14DF9E15-01E9-4FEE-8070-5970F2696559}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
FirewallRules: [{7FDE5B33-7032-495B-B7B5-CDC1706EC7D3}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
FirewallRules: [{699861EE-6C4D-40DE-997F-F6C10787E2E0}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
FirewallRules: [{953C0655-4803-4F56-BD0E-6C3C913A0C80}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{1A6AED7F-F488-410A-8F4D-FA4A6FDBAC8C}] => (Allow) E:\Installer\hpbcsiInstaller.exe
FirewallRules: [{B361681B-84A6-4C81-9CC7-34AB4833A203}] => (Allow) E:\Installer\hpbcsiInstaller.exe
FirewallRules: [TCP Query User{396CA64A-FEE5-4575-B62D-39F8D5FFBBFF}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe
FirewallRules: [UDP Query User{2077040E-1322-4757-AA02-686BCE692B81}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe
FirewallRules: [{14E60836-010F-4724-88AD-13634D3F1C52}] => (Allow) LPort=8888
FirewallRules: [{445249C1-BBAC-4BA9-ACFA-3ADF41817C57}] => (Allow) LPort=8888
FirewallRules: [{42CA0C55-D77A-4BFA-9A3F-865326466217}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name: USB-IF xHCI USB Host Controller
Description: USB-IF xHCI USB Host Controller
Class Guid: {8a2edc79-c759-46f2-88af-9d4efe3b5eee}
Manufacturer: Intel Corporation
Service: XHCIPort
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Photosmart D110 series
Description: Photosmart D110 series
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Photosmart D110 series
Description: Photosmart D110 series
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Photosmart D110 series
Description: Photosmart D110 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: HP Color LaserJet CM2320nf MFP
Description: HP Color LaserJet CM2320nf MFP
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/25/2015 05:15:29 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6641

Error: (05/25/2015 05:15:29 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6641

Error: (05/25/2015 05:15:29 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/24/2015 10:59:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9031

Error: (05/24/2015 10:59:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9031

Error: (05/24/2015 10:59:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/24/2015 10:58:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4465922

Error: (05/24/2015 10:58:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4465922

Error: (05/24/2015 10:58:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/24/2015 07:59:10 PM) (Source: MsiInstaller) (EventID: 10005) (User: ULLI-PC)
Description: Product: Microsoft Fix it 50641 -- This Microsoft Fix it does not apply to your operating system or application version.


System errors:
=============
Error: (05/25/2015 05:23:50 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error:
%%1069

Error: (05/25/2015 05:23:50 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error:
%%50

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (05/25/2015 05:23:44 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\WINDOWS\System32\IWMSSvc.dll

Error: (05/25/2015 05:23:44 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\WINDOWS\System32\IWMSSvc.dll

Error: (05/25/2015 05:23:42 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\WINDOWS\System32\IWMSSvc.dll

Error: (05/25/2015 05:23:21 AM) (Source: DCOM) (EventID: 10010) (User: ULLI-PC)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (05/25/2015 05:23:20 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) Management and Security Application User Notification Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (05/25/2015 05:23:20 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Seagate Dashboard Services service terminated unexpectedly.  It has done this 1 time(s).

Error: (05/25/2015 05:23:20 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Intel(R) Management and Security Application Local Management Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (05/25/2015 05:23:20 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.


Microsoft Office:
=========================
Error: (09/07/2014 00:21:12 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6700.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3887 seconds with 3360 seconds of active time.  This session ended with a crash.

Error: (08/06/2014 06:52:46 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6700.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 5469 seconds with 2760 seconds of active time.  This session ended with a crash.

Error: (07/02/2014 07:05:54 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6690.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1546 seconds with 1320 seconds of active time.  This session ended with a crash.

Error: (01/27/2014 05:12:52 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 679 seconds with 660 seconds of active time.  This session ended with a crash.

Error: (08/25/2013 00:34:20 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 563 seconds with 420 seconds of active time.  This session ended with a crash.

Error: (05/20/2013 04:14:59 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1123 seconds with 360 seconds of active time.  This session ended with a crash.

Error: (04/19/2013 03:13:22 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 34 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (04/19/2013 03:12:32 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2672 seconds with 1200 seconds of active time.  This session ended with a crash.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-3517U CPU @ 1.90GHz
Percentage of memory in use: 50%
Total physical RAM: 6029.56 MB
Available physical RAM: 2992.81 MB
Total Pagefile: 7181.56 MB
Available Pagefile: 3785.29 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:185.96 GB) (Free:77.1 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (DATA) (Fixed) (Total:258.45 GB) (Free:258.33 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 4F359092)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 22.4 GB) (Disk ID: 41B54F21)

Partition: GPT Partition Type.

==================== End of log ============================
Schritt 4:

Code:
Farbar Recovery Scan Tool (x64) Version: 24-05-2015 01
Ran by eva at 2015-05-25 05:41:22
Running from C:\Users\eva\Desktop
Boot Mode: Normal

================== Search Registry: "Beamrise;Mobogenie;SuperEasy Software;Reimage;softonic" ===========


===================== Search result for "Beamrise" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\MediaPlayer\ShimInclusionList\beamrise.exe]

[HKEY_USERS\S-1-5-21-964893997-1847190727-3478051664-1002\Software\Beamrise]

[HKEY_USERS\S-1-5-21-964893997-1847190727-3478051664-1002\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\eva\AppData\Local\Beamrise\Application\beamrise.exe"="0x534143500100000000000000070000002800000040F317000DB7180001000000000000000000030671220000975FD891C99ECE01000000000000000002000000280000000000000000000000000000000000000000000000000000004E000000000000000100000001000000"

[HKEY_USERS\S-1-5-21-964893997-1847190727-3478051664-1002\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\DefaultBrowser_NOPUBLISHERID\SplashScreen\DefaultBrowser_NOPUBLISHERID!Beamrise.EJ5R55JB6ZWQ6375H4I2DZ4V2M]

[HKEY_USERS\S-1-5-21-964893997-1847190727-3478051664-1002\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\DefaultBrowser_NOPUBLISHERID\SplashScreen\DefaultBrowser_NOPUBLISHERID!Beamrise.EJ5R55JB6ZWQ6375H4I2DZ4V2M]
"Image"="C:\Users\eva\AppData\Local\Beamrise\Application\31.0.1650.7639\VisualElements\splash-620x300.png"

[HKEY_USERS\S-1-5-21-964893997-1847190727-3478051664-1002_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\DefaultBrowser_NOPUBLISHERID\SplashScreen\DefaultBrowser_NOPUBLISHERID!Beamrise.EJ5R55JB6ZWQ6375H4I2DZ4V2M]

[HKEY_USERS\S-1-5-21-964893997-1847190727-3478051664-1002_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\DefaultBrowser_NOPUBLISHERID\SplashScreen\DefaultBrowser_NOPUBLISHERID!Beamrise.EJ5R55JB6ZWQ6375H4I2DZ4V2M]
"Image"="C:\Users\eva\AppData\Local\Beamrise\Application\31.0.1650.7639\VisualElements\splash-620x300.png"

===================== Search result for "Mobogenie" ==========

[HKEY_USERS\S-1-5-21-964893997-1847190727-3478051664-1002\Software\Microsoft\Internet Explorer\DOMStorage\mobogenie.com]

[HKEY_USERS\S-1-5-21-964893997-1847190727-3478051664-1002\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Program Files (x86)\Mobogenie\uninst.exe"="0x53414350010000000000000007000000280000000B020200A184350103000000000000000000010600010000975FD891C99ECE0100000000000000000200000028000000000000000000000000000000000000000000000000000000104E0000000000000100000001000000"

[HKEY_USERS\S-1-5-21-964893997-1847190727-3478051664-1002\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Program Files (x86)\Mobogenie]

[HKEY_USERS\S-1-5-21-964893997-1847190727-3478051664-1002\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.8.false\C:\Program Files (x86)\Mobogenie]


===================== Search result for "SuperEasy Software" ==========

[HKEY_USERS\S-1-5-21-964893997-1847190727-3478051664-1002\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Program Files (x86)\SuperEasy Software\Driver Updater\unins000.exe"="0x5341435001000000000000000700000028000000502513004B0B140003000000000000000000030600210000975FD891C99ECE01000000000000000002000000280000000000000000000000000000000000000000000000000000004D220000000000000100000001000000"


===================== Search result for "Reimage" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ActivatableClasses\CLSID\{8fd0f62a-6e71-4bb9-859b-eefbd704609b}]
"ActivatableClassId"="D3DCaptureTrackerComponent.D3DCaptureImageSource"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\Power]
"ResumeRestoreImageStartTimestamp"="0"

[HKEY_USERS\S-1-5-21-964893997-1847190727-3478051664-1002\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\eva\Desktop\ReimageRepair.exe"="0x534143500100000000000000070000002800000020D70B00E2270C0001000000000000000000010600010000975FD891C99ECE0100000000000000000200000028000000000000000000004000000000000000000000000000000000CABC0300000000000100000001000000"

[HKEY_USERS\S-1-5-21-964893997-1847190727-3478051664-1002\Software\Classes\Local Settings\MrtCache\C:%5CWINDOWS%5CSystemResources%5CWindows.UI.SettingsApp%5CWindows.UI.SettingsApp.pri\1cffc7f3fb01a3d\bde9f11d]
"@{windows?ms-resource://Windows.UI.SettingsApp/SearchResources/SystemSettings_Misc_RefreshYourPC/LowKeywords}"="erase erases;format formats;reimage;re-image;reinstate;system;wipe wipes"

[HKEY_USERS\S-1-5-21-964893997-1847190727-3478051664-1002\Software\Classes\Local Settings\MrtCache\C:%5CWINDOWS%5CSystemResources%5CWindows.UI.SettingsApp%5CWindows.UI.SettingsApp.pri\1cffc7f3fb01a3d\fac70555]
"@{windows?ms-resource://Windows.UI.SettingsApp/SearchResources/SystemSettings_Misc_RefreshYourPC/LowKeywords}"="erase erases;format formats;reimage;re-image;reinstate;system;wipe wipes"

[HKEY_USERS\S-1-5-21-964893997-1847190727-3478051664-1002_Classes\Local Settings\MrtCache\C:%5CWINDOWS%5CSystemResources%5CWindows.UI.SettingsApp%5CWindows.UI.SettingsApp.pri\1cffc7f3fb01a3d\bde9f11d]
"@{windows?ms-resource://Windows.UI.SettingsApp/SearchResources/SystemSettings_Misc_RefreshYourPC/LowKeywords}"="erase erases;format formats;reimage;re-image;reinstate;system;wipe wipes"

[HKEY_USERS\S-1-5-21-964893997-1847190727-3478051664-1002_Classes\Local Settings\MrtCache\C:%5CWINDOWS%5CSystemResources%5CWindows.UI.SettingsApp%5CWindows.UI.SettingsApp.pri\1cffc7f3fb01a3d\fac70555]
"@{windows?ms-resource://Windows.UI.SettingsApp/SearchResources/SystemSettings_Misc_RefreshYourPC/LowKeywords}"="erase erases;format formats;reimage;re-image;reinstate;system;wipe wipes"

====== End of Search ======
Schritt 5:

Microsoft fix it hat nicht funktioniert - folgende Fehlermeldung:

This Microsoft Fix it does not apply to your operating system or application version.

Verwende Windows 8.1 in der 64 bit Version.

LG, eva mariee

M-K-D-B 25.05.2015 19:59
Servus,



wir entfernen erst mal das Restliche, dann kümmern wir uns um die Shell-Meldung.



Wir entfernen die letzten Reste und kontrollieren nochmal alles. ESET kann länger (> 2 h) dauern.
Im Anschluss entfernen wir alle verwendeten Tools und ich gebe dir noch ein paar Tipps mit auf den Weg.




Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument


Code:
start
CloseProcesses:
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\MediaPlayer\ShimInclusionList\beamrise.exe
DeleteKey: HKEY_USERS\S-1-5-21-964893997-1847190727-3478051664-1002\Software\Beamrise
DeleteKey: HKEY_USERS\S-1-5-21-964893997-1847190727-3478051664-1002\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\DefaultBrowser_NOPUBLISHERID\SplashScreen\DefaultBrowser_NOPUBLISHERID!Beamrise.EJ5R55JB6ZWQ6375H4I2DZ4V2M
DeleteKey: HKEY_USERS\S-1-5-21-964893997-1847190727-3478051664-1002_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\DefaultBrowser_NOPUBLISHERID\SplashScreen\DefaultBrowser_NOPUBLISHERID!Beamrise.EJ5R55JB6ZWQ6375H4I2DZ4V2M
DeleteKey: HKEY_USERS\S-1-5-21-964893997-1847190727-3478051664-1002\Software\Microsoft\Internet Explorer\DOMStorage\mobogenie.com
DeleteKey: HKEY_USERS\S-1-5-21-964893997-1847190727-3478051664-1002\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Program Files (x86)\Mobogenie
RemoveProxy:
EmptyTemp:
end

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.






Schritt 2

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset






Schritt 3
Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.






Bitte poste mit deiner nächsten Antwort
  • die Logdatei des FRST-Fix,
  • die Logdatei von ESET,
  • die Logdatei von SecurityCheck.

eva_mariee 26.05.2015 02:47
Hallo Matthias,

jetzt scheitere ich - Schritt 1 konnte ich ausführen (den log häng ich dann dran).

Bei Schritt 2 komme ich bis zum Starten des Scans. Beim ersten Versuch hat er sich nach ca. 1,5 Stunden bei 11% aufgehängt und nichts mehr gemacht. Bis dorthin hat er eine Bedrohung
gefunden: Win32/Trojaner.Downloader.Wauchos. AK Trojaner
Beim 2. Start ist er jetzt nach 1:59:40 bei 14% und macht nichts mehr seit ca. 1 Stunde - keine Bewegung in geprüften Dateien, keine Veränderung in Objekte. Was soll ich tun?

Hier nun das Lof-File von Schritt 1:

Code:
Fix result of Farbar Recovery Scan Tool (x64) Version: 25-05-2015
Ran by eva at 2015-05-25 14:08:19 Run:3
Running from C:\Users\eva\Desktop
Loaded Profiles: eva (Available Profiles: eva)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CloseProcesses:
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\MediaPlayer\ShimInclusionList\beamrise.exe
DeleteKey: HKEY_USERS\S-1-5-21-964893997-1847190727-3478051664-1002\Software\Beamrise
DeleteKey: HKEY_USERS\S-1-5-21-964893997-1847190727-3478051664-1002\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\DefaultBrowser_NOPUBLISHERID\SplashScreen\DefaultBrowser_NOPUBLISHERID!Beamrise.EJ5R55JB6ZWQ6375H4I2DZ4V2M
DeleteKey: HKEY_USERS\S-1-5-21-964893997-1847190727-3478051664-1002_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\DefaultBrowser_NOPUBLISHERID\SplashScreen\DefaultBrowser_NOPUBLISHERID!Beamrise.EJ5R55JB6ZWQ6375H4I2DZ4V2M
DeleteKey: HKEY_USERS\S-1-5-21-964893997-1847190727-3478051664-1002\Software\Microsoft\Internet Explorer\DOMStorage\mobogenie.com
DeleteKey: HKEY_USERS\S-1-5-21-964893997-1847190727-3478051664-1002\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Program Files (x86)\Mobogenie
RemoveProxy:
EmptyTemp:
end
*****************

Processes closed successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\MediaPlayer\ShimInclusionList\beamrise.exe => key Removed successfully
HKEY_USERS\S-1-5-21-964893997-1847190727-3478051664-1002\Software\Beamrise => key Removed successfully
HKEY_USERS\S-1-5-21-964893997-1847190727-3478051664-1002\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\DefaultBrowser_NOPUBLISHERID\SplashScreen\DefaultBrowser_NOPUBLISHERID!Beamrise.EJ5R55JB6ZWQ6375H4I2DZ4V2M => key Removed successfully
HKEY_USERS\S-1-5-21-964893997-1847190727-3478051664-1002_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\DefaultBrowser_NOPUBLISHERID\SplashScreen\DefaultBrowser_NOPUBLISHERID!Beamrise.EJ5R55JB6ZWQ6375H4I2DZ4V2M => key not found.
HKEY_USERS\S-1-5-21-964893997-1847190727-3478051664-1002\Software\Microsoft\Internet Explorer\DOMStorage\mobogenie.com => key Removed successfully
HKEY_USERS\S-1-5-21-964893997-1847190727-3478051664-1002\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Program Files (x86)\Mobogenie => could not remove key at first attempt (Error: C0000121), see next line.
HKEY_USERS\S-1-5-21-964893997-1847190727-3478051664-1002\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Program Files (x86)\Mobogenie => key Removed successfully

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value Removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value Removed successfully
HKU\S-1-5-21-964893997-1847190727-3478051664-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value Removed successfully
HKU\S-1-5-21-964893997-1847190727-3478051664-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value Removed successfully


========= End of RemoveProxy: =========

EmptyTemp: => Removed 64.1 MB temporary data.


The system needed a reboot.

==== End of Fixlog 14:08:32 ====
LG eva mariee

M-K-D-B 26.05.2015 09:11
Servus,


lass mal bitte HitmanPro statt ESET laufen:

Downloade dir die passende Version von HitmanPro auf deinen Desktop: HitmanPro - 32 Bit | HitmanPro - 64 Bit.
  • Starte die HitmanPro.exe
  • Klicke auf
  • Entferne den Haken bei
  • Klicke auf
    und
  • Akzeptiere die Lizenzbedingungen und klicke auf
  • Klicke auf

    und auf
  • Wenn der Scan beendet wurde, nichts löschen lassen etc. sondern wähle unten links auf der Button-Leiste
    und speichere die Logdatei auf Deinem Desktop.
  • Schließe HitmanPro und poste mir das Log.

 

eva_mariee 26.05.2015 12:23
Guten Morgen,

ich habe also ESET nach fast 11 Stunden bei 23% abgebrochen und poste dann den Log.
Hitman Pro läuft nicht auf meinem Computer - sagt, dass es mit meiner 64 bit Version nicht funktioniert.

Code:
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=23154001d45edd43af4063f35e02e293
# engine=24017
# end=stopped
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-05-25 11:41:03
# local_time=2015-05-25 05:41:03 (-0600, Central America Standard Time)
# country="United States"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 0 9589655 0 0
# scanned=72963
# found=1
# cleaned=0
# scan_time=11399
sh=52D863B5D39D7D8B80879088C30ACBF510F41EF4 ft=1 fh=1eefec9b0b13dda3 vn="Win32/TrojanDownloader.Wauchos.AK Trojaner" ac=I fn="C:\FRST\Quarantine\C\ProgramData\msqcmfnsm.exe.xBAD"
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=23154001d45edd43af4063f35e02e293
# engine=24020
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-05-26 11:14:36
# local_time=2015-05-26 05:14:36 (-0600, Central America Standard Time)
# country="United States"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 0 9631268 0 0
# scanned=149597
# found=2
# cleaned=0
# scan_time=41403
sh=52D863B5D39D7D8B80879088C30ACBF510F41EF4 ft=1 fh=1eefec9b0b13dda3 vn="Win32/TrojanDownloader.Wauchos.AK Trojaner" ac=I fn="C:\FRST\Quarantine\C\ProgramData\msqcmfnsm.exe.xBAD"
sh=566095531FD328C3054D52C571431D0305103E40 ft=1 fh=0e5c76553bbccf7f vn="Variante von Win32/Systweak.R evtl. unerwünschte Anwendung" ac=I fn="C:\Users\eva\Downloads\supereasy_driver_updater_1.1.1_7870.exe"

M-K-D-B 26.05.2015 18:08
Servus,


dann versuchen wir mal EEK anstatt ESET und Hitman:

Lade Dir bitte von hier Emsisoft Emergency Kit Download Emsisoft Emergency Kit herunter.
  • Bitte installiere das Programm in den vorgegebenen Pfad.
  • Starte das Programm durch Doppelklick der Desktopverknüpfung.
  • Das EEK ist nach dem Laden der Malwaresignaturen für den Scan bereit.
  • Folge nun bitte der bebilderten Bildanleitung zu Emergency Kit, entferne alle Funde und poste am Ende des Scans bzw. der Bereinigung das Log.


eva_mariee 27.05.2015 01:45
so, hier die neuen Logs.

Schritt 2 mit emisisoft:

Code:
Emsisoft Emergency Kit - Version 9.0
Last update: 26-May-15 1:33:50 PM
User account: ULLI-PC\eva

Scan settings:

Scan type: Full Scan
Objects: Rootkits, Memory, Traces, C:\, D:\, H:\, J:\

Detect PUPs: On
Scan archives: On
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off

Scan start:        26-May-15 1:34:46 PM
Value: HKEY_USERS\S-1-5-21-964893997-1847190727-3478051664-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR        detected: Setting.DisableTaskMgr (A)
Value: HKEY_USERS\S-1-5-21-964893997-1847190727-3478051664-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS        detected: Setting.DisableRegistryTools (A)
C:\ProgramData\Avira\Antivirus\INFECTED\533f6dcd.qua -> (Quarantine-8)        detected: Adware.BrowseFox.BS (B)
C:\ProgramData\Avira\Antivirus\INFECTED\566ceddf.qua -> (Quarantine-8)        detected: Generic.JS.BlackHole.9431862E (B)
C:\ProgramData\Avira\Antivirus\INFECTED\5988e9b1.qua -> (Quarantine-8)        detected: Generic.JS.BlackHole.079EE8AA (B)
C:\Users\eva\Downloads\Photoshop\Portable_Adobe_Photoshop_CS3_en_Español_768.exe -> (NSIS o) -> lzma_solid_nsis0000        detected: Gen:Application.Bundler.DefaultTab.1 (B)
H:\Seagate Dashboard 2.0\ULLI-PC\eva\Backup\3b3b1f41-dce7-407e-ba17-186b6dbedbc7\20150523_230922_eva\C\Users\eva\Downloads\Photoshop\Portable_Adobe_Photoshop_CS3_en_Español_768.exe -> (NSIS o) -> lzma_solid_nsis0000        detected: Gen:Application.Bundler.DefaultTab.1 (B)

Scanned        493700
Found        7

Scan end:        26-May-15 5:38:44 PM
Scan time:        4:03:58

H:\Seagate Dashboard 2.0\ULLI-PC\eva\Backup\3b3b1f41-dce7-407e-ba17-186b6dbedbc7\20150523_230922_eva\C\Users\eva\Downloads\Photoshop\Portable_Adobe_Photoshop_CS3_en_Español_768.exe        Deleted Gen:Application.Bundler.DefaultTab.1 (B)
C:\Users\eva\Downloads\Photoshop\Portable_Adobe_Photoshop_CS3_en_Español_768.exe        Deleted Gen:Application.Bundler.DefaultTab.1 (B)
C:\ProgramData\Avira\Antivirus\INFECTED\5988e9b1.qua        Deleted Generic.JS.BlackHole.079EE8AA (B)
C:\ProgramData\Avira\Antivirus\INFECTED\566ceddf.qua        Deleted Generic.JS.BlackHole.9431862E (B)
C:\ProgramData\Avira\Antivirus\INFECTED\533f6dcd.qua        Deleted Adware.BrowseFox.BS (B)
Value: HKEY_USERS\S-1-5-21-964893997-1847190727-3478051664-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS        Deleted Setting.DisableRegistryTools (A)
Value: HKEY_USERS\S-1-5-21-964893997-1847190727-3478051664-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR        Deleted Setting.DisableTaskMgr (A)

Deleted        7
Shritt 3 mit Security Check:

Code:
Results of screen317's Security Check version 1.001 
  x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
Avira Antivirus   
Windows Defender 
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````
 Java 7 Update 55 
 Java version 32-bit out of Date!
  Adobe Flash Player        16.0.0.235 Flash Player out of Date! 
 Adobe Reader XI 
 Mozilla Firefox 31.0 Firefox out of Date! 
 Google Chrome (43.0.2357.65)
 Google Chrome (43.0.2357.81)
````````Process Check: objlist.exe by Laurent```````` 
 Avira Antivir avgnt.exe
 Avira Antivir avguard.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````
Im Explorer scheinen immer noch Verknüpfungen auf, die ich so nicht in Erinnerung habe - siehe neues Foto, das ich hochgeladen habe. Ist das ok so?

https://plus.google.com/photos/115128392581057048821/albums/6152550836645109201

LG eva mariee

M-K-D-B 27.05.2015 12:02
Servus,


versuch mal folgendes bitte:
  • Lade Dir bitte Windows Repair - All in one http://www.deeprybka.trojaner-board....air/3.1/31.PNGvon tweaking.com hier herunter und installiere es.
  • Deaktiviere bitte (wenn möglich) Dein Antivirusprogramm.
  • Bedenke, dass die einzelnen Reparaturen einige Zeit benötigen. Starte keine anderen Anwendungen in dieser Zeit.
  • Starte das Programm und führe die Punkte 1-7 durch. (Siehe Bildanleitung)

eva_mariee 28.05.2015 12:00
Hallo,

hier der Log vom Windows repair:

Code:
Tweaking.com - Windows Repair v3.2.0
--------------------------------------------------------------------------------

System Variables
--------------------------------------------------------------------------------
OS: Windows 8.1
OS Architecture: 64-bit
OS Version: 6.3.9600
OS Service Pack:
Computer Name: ULLI-PC
Windows Drive: C:\
Windows Path: C:\WINDOWS
Program Files: C:\Program Files
Program Files (x86): C:\Program Files (x86)
Current Profile: C:\Users\eva
Current Profile SID: S-1-5-21-964893997-1847190727-3478051664-1002
Current Profile Classes: S-1-5-21-964893997-1847190727-3478051664-1002_Classes
Profiles Location: C:\Users
Profiles Location 2: C:\WINDOWS\ServiceProfiles
Local Settings AppData: C:\Users\eva\AppData\Local
--------------------------------------------------------------------------------

System Information
--------------------------------------------------------------------------------
System Up Time: 01 Day 16:17:38

Process Count: 120
Commit Total: 3.45 GB
Commit Limit: 7.01 GB
Commit Peak: 5.52 GB
Handle Count: 37593
Kernel Total: 1.49 GB
Kernel Paged: 324.23 MB
Kernel Non Paged: 1.17 GB
System Cache: 3.00 GB
Thread Count: 1103
--------------------------------------------------------------------------------

Memory Before Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 5.89 GB
Memory Used: 3.02 GB(51.3206%)
Memory Avail.: 2.87 GB
--------------------------------------------------------------------------------

Cleaning Memory Before Starting Repairs...

Memory After Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 5.89 GB
Memory Used: 2.61 GB(44.3697%)
Memory Avail.: 3.28 GB
--------------------------------------------------------------------------------

Starting Repairs...
  Started at (27-May-15 6:26:41 AM)

Setting Any Missing 'InstallDate' From Uninstall Sections Before Running Repair...
Total Missing 'InstallDate' Fixed: 123
 
01 - Reset Registry Permissions
  Restore Windows 8 Default Registry Permissions
  Start (27-May-15 6:26:46 AM)


Decompressing & Updating Windows Permission File hkud.txt
Done,  0.52 seconds.


Decompressing & Updating Windows Permission File hkcu.txt
Done,  0.52 seconds.


Decompressing & Updating Windows Permission File hkcr.txt
Done,  1.95 seconds.


Decompressing & Updating Windows Permission File hklm.txt
Done,  5.04 seconds.

  Running Repair Under System Account
  Running Repair Under Current User Account
  Done (27-May-15 8:33:32 AM)

03 - Reset Service Permissions
  Start (27-May-15 8:33:32 AM)

  Running Repair Under Current User Account
  Running Repair Under System Account
  Done (27-May-15 8:34:32 AM)

04 - Register System Files
  Start (27-May-15 8:34:32 AM)
  Running Repair Under Current User Account
  Running Repair Under System Account
  Done (27-May-15 8:40:43 AM)

05 - Repair WMI
  Start (27-May-15 8:40:43 AM)

  Starting Security Center So We Can Export The Security Info.

  Exporting Antivirus Info...
  Avira Antivirus Exported.
  Windows Defender Exported.

  Exporting AntiSpyware Info...
  Avira Antivirus Exported.
  Windows Defender Exported.

  Exporting 3rd Party Firewall Info...
  No Firewall Products Reported.

  Running Repair Under Current User Account
  Done (27-May-15 8:46:41 AM)

06 - Repair Windows Firewall
  Start (27-May-15 8:46:41 AM)
  Running Repair Under Current User Account
  Running Repair Under System Account
  Done (27-May-15 8:49:56 AM)

07 - Repair Internet Explorer
  Start (27-May-15 8:49:57 AM)
  Running Repair Under Current User Account
  Running Repair Under System Account
  Done (27-May-15 8:53:04 AM)

08 - Repair MDAC/MS Jet
  Start (27-May-15 8:53:04 AM)
  Running Repair Under Current User Account
  Running Repair Under System Account
  Done (27-May-15 8:53:49 AM)

09 - Repair Hosts File
  Start (27-May-15 8:53:49 AM)
  Running Repair Under System Account
  Done (27-May-15 8:53:51 AM)

10 - Remove Policies Set By Infections
  Start (27-May-15 8:53:51 AM)
  Running Repair Under Current User Account
  Running Repair Under System Account
  Done (27-May-15 8:54:03 AM)

12 - Repair Icons
  Start (27-May-15 8:54:03 AM)
  Running Repair Under Current User Account
  Done (27-May-15 8:54:08 AM)

13 - Repair Winsock & DNS Cache
  Start (27-May-15 8:54:09 AM)
  Running Repair Under Current User Account
  Running Repair Under System Account
  Done (27-May-15 8:55:06 AM)

15 - Repair Proxy Settings
  Start (27-May-15 8:55:06 AM)
  Running Repair Under Current User Account
  Running Repair Under System Account
  Done (27-May-15 8:55:09 AM)

17 - Repair Windows Updates
  Start (27-May-15 8:55:10 AM)
  Running Repair Under Current User Account
  Running Repair Under System Account
  Setting Windows Updates Files That Are In Use To Be Removed At Next Boot.
  Done (27-May-15 8:59:34 AM)

18 - Repair CD/DVD Missing/Not Working
  Start (27-May-15 8:59:34 AM)
  iTunes not found, not applying UpperFilters iTunes Reg Key
  Done (27-May-15 8:59:34 AM)

19 - Repair Volume Shadow Copy Service
  Start (27-May-15 8:59:34 AM)
  Running Repair Under Current User Account
  Running Repair Under System Account
  Done (27-May-15 9:02:45 AM)

21 - Repair MSI (Windows Installer)
  Start (27-May-15 9:02:45 AM)
  Running Repair Under Current User Account
  Running Repair Under System Account
  Done (27-May-15 9:05:30 AM)

23.01 - Repair bat Association
  Start (27-May-15 9:05:30 AM)
  Running Repair Under Current User Account
  Running Repair Under System Account
  Done (27-May-15 9:05:33 AM)

23.02 - Repair cmd Association
  Start (27-May-15 9:05:33 AM)
  Running Repair Under Current User Account
  Running Repair Under System Account
  Done (27-May-15 9:05:36 AM)

23.03 - Repair com Association
  Start (27-May-15 9:05:36 AM)
  Running Repair Under Current User Account
  Running Repair Under System Account
  Done (27-May-15 9:05:39 AM)

23.04 - Repair Directory Association
  Start (27-May-15 9:05:39 AM)
  Running Repair Under Current User Account
  Running Repair Under System Account
  Done (27-May-15 9:05:42 AM)

23.05 - Repair Drive Association
  Start (27-May-15 9:05:42 AM)
  Running Repair Under Current User Account
  Running Repair Under System Account
  Done (27-May-15 9:05:44 AM)

23.06 - Repair exe Association
  Start (27-May-15 9:05:44 AM)
  Running Repair Under Current User Account
  Running Repair Under System Account
  Done (27-May-15 9:05:47 AM)

23.07 - Repair Folder Association
  Start (27-May-15 9:05:47 AM)
  Running Repair Under Current User Account
  Running Repair Under System Account
  Done (27-May-15 9:05:50 AM)

23.08 - Repair inf Association
  Start (27-May-15 9:05:50 AM)
  Running Repair Under Current User Account
  Running Repair Under System Account
  Done (27-May-15 9:05:53 AM)

23.09 - Repair lnk (Shortcuts) Association
  Start (27-May-15 9:05:53 AM)
  Running Repair Under Current User Account
  Running Repair Under System Account
  Done (27-May-15 9:05:56 AM)

23.10 - Repair msc Association
  Start (27-May-15 9:05:56 AM)
  Running Repair Under Current User Account
  Running Repair Under System Account
  Done (27-May-15 9:05:59 AM)

23.11 - Repair reg Association
  Start (27-May-15 9:05:59 AM)
  Running Repair Under Current User Account
  Running Repair Under System Account
  Done (27-May-15 9:06:02 AM)

23.12 - Repair scr Association
  Start (27-May-15 9:06:02 AM)
  Running Repair Under Current User Account
  Running Repair Under System Account
  Done (27-May-15 9:06:04 AM)

24 - Repair Windows Safe Mode
  Start (27-May-15 9:06:05 AM)
  Running Repair Under Current User Account
  Running Repair Under System Account
  Done (27-May-15 9:06:09 AM)

25 - Repair Print Spooler
  Start (27-May-15 9:06:09 AM)
  Running Repair Under Current User Account
  Running Repair Under System Account
  Done (27-May-15 9:09:00 AM)

26 - Restore Important Windows Services
  Start (27-May-15 9:09:00 AM)
  Running Repair Under Current User Account
  Running Repair Under System Account
  Done (27-May-15 9:11:56 AM)

27 - Set Windows Services To Default Startup
  Start (27-May-15 9:11:56 AM)
  Running Repair Under Current User Account
  Running Repair Under System Account
  Done (27-May-15 9:12:14 AM)

28.01 - Repair Windows 8 App Store
  Start (27-May-15 9:12:14 AM)

Decompressing & Updating Windows Permission File hkcu.txt
Done,  0.38 seconds.

  Running Repair Under Current User Account
  Done (27-May-15 9:21:20 AM)

29 - Repair Windows 8 Component Store
  Start (27-May-15 9:21:20 AM)
  Running Repair Under Current User Account
  Done (27-May-15 10:38:48 AM)

30 - Restore Windows 8 COM+ Unmarshalers
  Start (27-May-15 10:38:48 AM)
  Running Repair Under System Account
Processing ACL of: <classes_root\Unmarshalers>

SetACL finished with error(s):
SetACL error message: The call to SetNamedSecurityInfo () failed
Operating system error message: Access is denied.

  Done (27-May-15 10:38:55 AM)

31 - Repair Windows 'New' Submenu
  Start (27-May-15 10:38:55 AM)
  Running Repair Under Current User Account
  Running Repair Under System Account
  Done (27-May-15 10:38:59 AM)

33 - Repair Performance Counters
  Start (27-May-15 10:38:59 AM)
  Running Repair Under Current User Account
  Done (27-May-15 10:39:02 AM)

Cleaning up empty logs...

All Selected Repairs Done.
  Done at (27-May-15 10:39:02 AM)
  Total Repair Time: 04:12:23


...YOU MUST RESTART YOUR SYSTEM...
Es gibt allerdings noch jede Menge anderer txt-dokumente im selben Ordner. Brauchst du die auch alle?

Beim Starten ist wieder diese "Shell"-Datei aufgegangen und der Explorer schaut auch noch gleich aus.

Wie siehst du den momentanen Status?

LG, eva mariee

Guten Morgen,

es gibt ein neues Detaille: Das Action Center zeigt mir über das Fähnchen in der Taskleiste an, dass es zwei wichtige Meldungen bezüglich des Virenschutzes gibt. Wenn ich das Action Center öffne, schaut es wie auf dem geteilten Foto aus. Allerdings - Avira Antivir IST aktiviert und auch die Firewall ist eingeschalten, wenn ich es über die Programme kontrolliere zeigt es mir das an. Klickt man im sich öffnenden kleinen Fenster auf "Turn On" tut sich nichts.
Was ist das nun wieder? Irgendwie bin ich am Verzweifeln. Kannst du mir bitte mal sagen, wie du die momentane Lage siehst? Können wir denn Laptop retten ohne ihn neu aufzusetzen?

hier nun das Foto:

https://plus.google.com/photos/115128392581057048821/albums/6152550836645109201

LG, eva marie

Guten Morgen,

soeben hab ich einen Beitrag geschrieben und er ist nicht da :crazy:

Also noch einmal: Es gibt was neues komisches, das mir aufgefallen ist: das Action Center zeigt mir über das Fähnchen in der Taskleiste an, dass es zwei wichtige Meldungen in bezug auf den Virenschutz gibt. Öffne ich das Action Center, kommt das kleine Fenster, was du auf dem hoch geladenen Foto siehst. Klickt man auf "turn on". tut sich rein garnichts. ABER: Firewall und Avira sind sicher eingeschaltet! Wenn ich das einzeln über die Programme kontrolliere, sehe ich, dass eigentlich alles ok sein sollte. Irgendwie bin ich am Verzweifeln. Wie schätzt du denn die Lage ein? Ist mein Laptop zu retten, ohne ihn neu aufsetzten zu müssen?

Hoer nun der Link zum Foto:

https://plus.google.com/photos/115128392581057048821/albums/6152550836645109201

LG, eva marie


Alle Zeitangaben in WEZ +1. Es ist jetzt 19:02 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19