Trojaner-Board - Avira und AntiMalware hatten schon wieder funde

Code:

SystemLook 30.07.11 by jpshortstuff

Log created at 02:33 on 11/12/2014 by Basti

Administrator - Elevation successful
 

========== folderfind ==========
 

Searching for "*Avira*"

C:\Dokumente und Einstellungen\All Users\Avira        d------        [16:36 11/07/2013]

C:\Dokumente und Einstellungen\All Users\Avira\My Avira        d------        [11:10 26/11/2014]

C:\Dokumente und Einstellungen\All Users\Microsoft\Windows\WER\ReportArchive\AppCrash_avira.oe.service_eab555b394331bed31d9c69ebd523a3f3ef33_0345f91d        d----c-        [01:14 30/08/2014]

C:\Dokumente und Einstellungen\All Users\Microsoft\Windows\WER\ReportArchive\AppCrash_avira.oe.service_eab555b394331bed31d9c69ebd523a3f3ef33_03c61b4d        d----c-        [15:08 11/09/2014]

C:\Dokumente und Einstellungen\All Users\Microsoft\Windows\WER\ReportArchive\AppCrash_avira.oe.service_eab555b394331bed31d9c69ebd523a3f3ef33_03fcae67        d----c-        [17:32 14/11/2014]

C:\Dokumente und Einstellungen\All Users\Microsoft\Windows\WER\ReportArchive\AppCrash_avira.oe.service_eab555b394331bed31d9c69ebd523a3f3ef33_0dd254d3        d----c-        [02:50 29/08/2014]

C:\Dokumente und Einstellungen\All Users\Microsoft\Windows\WER\ReportArchive\AppCrash_avira.oe.service_eab555b394331bed31d9c69ebd523a3f3ef33_0dffbeeb        d----c-        [21:39 13/08/2014]

C:\Dokumente und Einstellungen\All Users\Microsoft\Windows\WER\ReportArchive\AppCrash_avira.oe.service_eab555b394331bed31d9c69ebd523a3f3ef33_0e399d67        d----c-        [02:30 20/11/2014]

C:\Dokumente und Einstellungen\All Users\Microsoft\Windows\WER\ReportArchive\AppCrash_avira.oe.service_eab555b394331bed31d9c69ebd523a3f3ef33_0fa27d88        d----c-        [05:23 20/08/2014]

C:\Dokumente und Einstellungen\All Users\Microsoft\Windows\WER\ReportArchive\AppCrash_avira.oe.service_eab555b394331bed31d9c69ebd523a3f3ef33_1072ff64        d----c-        [14:38 31/10/2014]

C:\Dokumente und Einstellungen\All Users\Microsoft\Windows\WER\ReportArchive\AppCrash_avira.oe.service_eab555b394331bed31d9c69ebd523a3f3ef33_10b2c1c8        d----c-        [10:48 20/08/2014]

C:\Dokumente und Einstellungen\Basti\AppData\Roaming\Avira        d------        [16:43 11/07/2013]

C:\Dokumente und Einstellungen\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\jABwqBL7.default\extensions\abs@avira.com        d------        [11:28 24/11/2014]

C:\Program Files (x86)\Avira        d------        [16:36 11/07/2013]

C:\Program Files (x86)\Avira\My Avira        d------        [11:29 24/11/2014]

C:\ProgramData\Avira        d------        [16:36 11/07/2013]

C:\ProgramData\Avira\My Avira        d------        [11:10 26/11/2014]

C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_avira.oe.service_eab555b394331bed31d9c69ebd523a3f3ef33_0345f91d        d----c-        [01:14 30/08/2014]

C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_avira.oe.service_eab555b394331bed31d9c69ebd523a3f3ef33_03c61b4d        d----c-        [15:08 11/09/2014]

C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_avira.oe.service_eab555b394331bed31d9c69ebd523a3f3ef33_03fcae67        d----c-        [17:32 14/11/2014]

C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_avira.oe.service_eab555b394331bed31d9c69ebd523a3f3ef33_0dd254d3        d----c-        [02:50 29/08/2014]

C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_avira.oe.service_eab555b394331bed31d9c69ebd523a3f3ef33_0dffbeeb        d----c-        [21:39 13/08/2014]

C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_avira.oe.service_eab555b394331bed31d9c69ebd523a3f3ef33_0e399d67        d----c-        [02:30 20/11/2014]

C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_avira.oe.service_eab555b394331bed31d9c69ebd523a3f3ef33_0fa27d88        d----c-        [05:23 20/08/2014]

C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_avira.oe.service_eab555b394331bed31d9c69ebd523a3f3ef33_1072ff64        d----c-        [14:38 31/10/2014]

C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_avira.oe.service_eab555b394331bed31d9c69ebd523a3f3ef33_10b2c1c8        d----c-        [10:48 20/08/2014]

C:\Users\All Users\Avira        d------        [16:36 11/07/2013]

C:\Users\All Users\Avira\My Avira        d------        [11:10 26/11/2014]

C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppCrash_avira.oe.service_eab555b394331bed31d9c69ebd523a3f3ef33_0345f91d        d----c-        [01:14 30/08/2014]

C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppCrash_avira.oe.service_eab555b394331bed31d9c69ebd523a3f3ef33_03c61b4d        d----c-        [15:08 11/09/2014]

C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppCrash_avira.oe.service_eab555b394331bed31d9c69ebd523a3f3ef33_03fcae67        d----c-        [17:32 14/11/2014]

C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppCrash_avira.oe.service_eab555b394331bed31d9c69ebd523a3f3ef33_0dd254d3        d----c-        [02:50 29/08/2014]

C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppCrash_avira.oe.service_eab555b394331bed31d9c69ebd523a3f3ef33_0dffbeeb        d----c-        [21:39 13/08/2014]

C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppCrash_avira.oe.service_eab555b394331bed31d9c69ebd523a3f3ef33_0e399d67        d----c-        [02:30 20/11/2014]

C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppCrash_avira.oe.service_eab555b394331bed31d9c69ebd523a3f3ef33_0fa27d88        d----c-        [05:23 20/08/2014]

C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppCrash_avira.oe.service_eab555b394331bed31d9c69ebd523a3f3ef33_1072ff64        d----c-        [14:38 31/10/2014]

C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppCrash_avira.oe.service_eab555b394331bed31d9c69ebd523a3f3ef33_10b2c1c8        d----c-        [10:48 20/08/2014]

C:\Users\Basti\AppData\Roaming\Avira        d------        [16:43 11/07/2013]

C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\jABwqBL7.default\extensions\abs@avira.com        d------        [11:28 24/11/2014]
 

========== filefind ==========
 

Searching for "*Avira*"

C:\Dokumente und Einstellungen\All Users\Package Cache\010FB1665D87DC9B3C320B700E39119F5B9FCC9F\Avira.OE.Setup.Prerequisites.exe        --a---- 87288 bytes        [14:17 22/10/2014]        [14:17 22/10/2014] 934B1AE554529D5EE6965C0115A8174C

C:\Dokumente und Einstellungen\All Users\Package Cache\{D2763B4E-5BF4-468B-BB00-9B3B121E0FB2}v1.1.25.25607\Avira.OE.Setup.Msi.msi        --a---- 4026368 bytes        [14:18 22/10/2014]        [14:18 22/10/2014] EEAA9F26D999BB0E5480AC6344B1BDDF

C:\Dokumente und Einstellungen\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\jABwqBL7.default\extensions\abs@avira.com\img\abs_avira_umbrella_white.svg        ------- 1757 bytes        [11:28 24/11/2014]        [15:39 12/11/2014] D1A2DF87A809DEA421F2FA1F0B11BB73

C:\Dokumente und Einstellungen\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\jABwqBL7.default\extensions\abs@avira.com\img\avira_icon128.png        ------- 4442 bytes        [11:28 24/11/2014]        [15:39 12/11/2014] A1A1F1921BECC79B74508A64654AD6C5

C:\Dokumente und Einstellungen\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\jABwqBL7.default\extensions\abs@avira.com\img\avira_icon16.png        ------- 601 bytes        [11:28 24/11/2014]        [15:39 12/11/2014] 865D261767EB0251D5C9F2B2F997A365

C:\Dokumente und Einstellungen\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\jABwqBL7.default\extensions\abs@avira.com\img\avira_icon24.png        ------- 857 bytes        [11:28 24/11/2014]        [15:39 12/11/2014] 3BB83ADF4CCD38A7762B341C08802686

C:\Dokumente und Einstellungen\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\jABwqBL7.default\extensions\abs@avira.com\img\avira_icon32.png        ------- 1922 bytes        [11:28 24/11/2014]        [15:39 12/11/2014] 0493D466B17ECF18FBA2976478B62E5A

C:\Dokumente und Einstellungen\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\jABwqBL7.default\extensions\abs@avira.com\img\avira_icon48.png        ------- 1659 bytes        [11:28 24/11/2014]        [15:39 12/11/2014] 2911CA095E91B581E5BEA58233A65363

C:\Dokumente und Einstellungen\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\jABwqBL7.default\extensions\abs@avira.com\img\avira_logo.png        ------- 1423 bytes        [11:28 24/11/2014]        [15:39 12/11/2014] ADAF25D72D2468FC83CA9FFE5D55819C

C:\Dokumente und Einstellungen\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\jABwqBL7.default\extensions\abs@avira.com\img\avira_logo.svg        ------- 1014 bytes        [11:28 24/11/2014]        [15:39 12/11/2014] C9238133E73B7C42EA5C05BB502B2B4C

C:\Dokumente und Einstellungen\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\jABwqBL7.default\extensions\abs@avira.com\img\avira_logo32.png        ------- 1280 bytes        [11:28 24/11/2014]        [15:39 12/11/2014] 69EE6C2D132E5A64C22CE1AE0ED77DDB

C:\Dokumente und Einstellungen\Public\Desktop\Avira Control Center.lnk        --a---- 2072 bytes        [16:37 11/07/2013]        [16:37 11/07/2013] 3B11D448BA4B30418C1FDE21E50BBA6F

C:\Program Files (x86)\Avira\AntiVir Desktop\avira-sparberater-win.msi        --a---- 610304 bytes        [12:56 18/02/2014]        [12:55 18/02/2014] 8350BA2E8E0BE877B0425EF32A701EE4

C:\Program Files (x86)\Avira\AntiVir Desktop\avira_de____fm.exe        --a---- 4586672 bytes        [08:30 07/08/2014]        [15:56 18/11/2014] 90B0B5534700963525AEFE9D21F9C2C0

C:\Program Files (x86)\Avira\AntiVir Desktop\offercast_avirav7_.exe        --a---- 1291696 bytes        [16:37 11/07/2013]        [12:48 20/06/2013] AE88282D08916C00A324F6A269924EA9

C:\Program Files (x86)\Avira\My Avira\Avira.OE.AvConnector.dll        --a---- 44280 bytes        [14:16 22/10/2014]        [14:16 22/10/2014] 2B72D9C228B1F46381A311398ED6B634

C:\Program Files (x86)\Avira\My Avira\Avira.OE.AvConnector.Interface.dll        --a---- 20272 bytes        [14:16 22/10/2014]        [14:16 22/10/2014] 0ABCBEA484774C3D212CD60D1ED431BB

C:\Program Files (x86)\Avira\My Avira\Avira.OE.AvConnectorNative.dll        --a---- 67888 bytes        [14:16 22/10/2014]        [14:16 22/10/2014] 9D3543CFA4EF25FDB09475F78F950B01

C:\Program Files (x86)\Avira\My Avira\Avira.OE.BrowserExtensionConnector.dll        --a---- 31992 bytes        [14:16 22/10/2014]        [14:16 22/10/2014] 1FCB513C740D805AC9AE57929A7901F9

C:\Program Files (x86)\Avira\My Avira\Avira.OE.Communicator.dll        --a---- 82736 bytes        [14:16 22/10/2014]        [14:16 22/10/2014] 0393CC37E8E2FB093AA36A3AD1E2B941

C:\Program Files (x86)\Avira\My Avira\Avira.OE.Communicator.Interface.dll        --a---- 19192 bytes        [14:16 22/10/2014]        [14:16 22/10/2014] 8FDAA7C11D07CF1F01B8260906C74CF7

C:\Program Files (x86)\Avira\My Avira\Avira.OE.DropboxConnector.dll        --a---- 18168 bytes        [14:16 22/10/2014]        [14:16 22/10/2014] FB4DE2BDC7AD3AC087C8ED59F9CE9161

C:\Program Files (x86)\Avira\My Avira\Avira.OE.DropboxConnector.Interface.dll        --a---- 12024 bytes        [14:16 22/10/2014]        [14:16 22/10/2014] 51C1D0EB39746A3FBF5D4586FB18EABB

C:\Program Files (x86)\Avira\My Avira\Avira.OE.ExtApi.dll        --a---- 52528 bytes        [14:16 22/10/2014]        [14:16 22/10/2014] 80B1F46704D6E08EE1E6ECC18AEDEC49

C:\Program Files (x86)\Avira\My Avira\Avira.OE.Messenger.exe        --a---- 78640 bytes        [14:16 22/10/2014]        [14:16 22/10/2014] B454B1B9F4863EC7DEC39BD6A167BCDF

C:\Program Files (x86)\Avira\My Avira\Avira.OE.MiniGui.dll        --a---- 1006384 bytes        [14:16 22/10/2014]        [14:16 22/10/2014] 9ABBF0562DB66018831AA4DC13EF9F86

C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll        --a---- 141048 bytes        [14:16 22/10/2014]        [14:16 22/10/2014] 1ADB591D4201DE67FBCFBD26E32F84EF

C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe        --a---- 164656 bytes        [14:16 22/10/2014]        [14:16 22/10/2014] F21955927D1C99206A8B91DE2CCE85E1

C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe.config        --a---- 2486 bytes        [14:12 22/10/2014]        [14:12 22/10/2014] 2351677B32B08D89382D237B48EB1805

C:\Program Files (x86)\Avira\My Avira\Avira.OE.SpeedupConnector.dll        --a---- 34096 bytes        [14:16 22/10/2014]        [14:16 22/10/2014] 91F3A84DBAB1237552F56A7C4EEAAF7F

C:\Program Files (x86)\Avira\My Avira\Avira.OE.SpeedupConnector.Interface.dll        --a---- 14128 bytes        [14:16 22/10/2014]        [14:16 22/10/2014] 82AD861813B4F8CDACC3708D734D5D67

C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe        --a---- 124208 bytes        [14:16 22/10/2014]        [14:16 22/10/2014] 5909C378DF9132FC91F50AF70A53455A

C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe.config        --a---- 687 bytes        [14:12 22/10/2014]        [14:12 22/10/2014] 75FA463D0C066DCED31667757E20DC55

C:\Program Files (x86)\Avira\My Avira\Avira.OE.WinCore.dll        --a---- 199472 bytes        [14:16 22/10/2014]        [14:16 22/10/2014] 89024A62892D315D0DAAE8BD08FFB904

C:\Program Files (x86)\Avira\My Avira\Avira.OE.WinCore.Interface.dll        --a---- 83704 bytes        [14:16 22/10/2014]        [14:16 22/10/2014] 4FE86471E39375FE0A700F74282C6070

C:\Program Files (x86)\Avira\My Avira\de-DE\Avira.OE.MiniGui.resources.dll        --a---- 14072 bytes        [14:16 22/10/2014]        [14:16 22/10/2014] 3914F3FF8940375B59DA1580F3D36154

C:\Program Files (x86)\Avira\My Avira\de-DE\Avira.OE.ServiceHost.resources.dll        --a---- 11512 bytes        [14:16 22/10/2014]        [14:16 22/10/2014] A3A90DC939DA27020E938F5547E20387

C:\Program Files (x86)\Avira\My Avira\de-DE\Avira.OE.Systray.resources.dll        --a---- 11512 bytes        [14:16 22/10/2014]        [14:16 22/10/2014] 3EB75FF101DDC33D5BB6D7E1CD7B3265

C:\Program Files (x86)\Avira\My Avira\en-US\Avira.OE.MiniGui.resources.dll        --a---- 10032 bytes        [14:16 22/10/2014]        [14:16 22/10/2014] 5EFB1A242D744075DD52A830C6A03A5B

C:\Program Files (x86)\Avira\My Avira\en-US\Avira.OE.ServiceHost.resources.dll        --a---- 11000 bytes        [14:16 22/10/2014]        [14:16 22/10/2014] AB5A407CD26ED7E3115B7872D810D142

C:\Program Files (x86)\Avira\My Avira\en-US\Avira.OE.Systray.resources.dll        --a---- 10032 bytes        [14:16 22/10/2014]        [14:16 22/10/2014] C897680360670D299770C9A13889063A

C:\Program Files (x86)\Avira\My Avira\es-ES\Avira.OE.MiniGui.resources.dll        --a---- 14072 bytes        [14:17 22/10/2014]        [14:17 22/10/2014] BA16D358B4E5820B051C71C15D7301A1

C:\Program Files (x86)\Avira\My Avira\es-ES\Avira.OE.ServiceHost.resources.dll        --a---- 10544 bytes        [14:17 22/10/2014]        [14:17 22/10/2014] F7CD628F251E803A6CAD370D0DCC5D3D

C:\Program Files (x86)\Avira\My Avira\es-ES\Avira.OE.Systray.resources.dll        --a---- 11512 bytes        [14:16 22/10/2014]        [14:16 22/10/2014] 11678D3F14F49B570D2B92985BEC2244

C:\Program Files (x86)\Avira\My Avira\fr-FR\Avira.OE.MiniGui.resources.dll        --a---- 14584 bytes        [14:17 22/10/2014]        [14:17 22/10/2014] 9795F3E290E94E5CC1BF9AB60E1113BF

C:\Program Files (x86)\Avira\My Avira\fr-FR\Avira.OE.ServiceHost.resources.dll        --a---- 11512 bytes        [14:17 22/10/2014]        [14:17 22/10/2014] C6148AC6E491E11B77E5756EF6C97E18

C:\Program Files (x86)\Avira\My Avira\fr-FR\Avira.OE.Systray.resources.dll        --a---- 10544 bytes        [14:17 22/10/2014]        [14:17 22/10/2014] 233A6EB06B61ABF8E93258F3DAEC7D06

C:\Program Files (x86)\Avira\My Avira\it-IT\Avira.OE.MiniGui.resources.dll        --a---- 14072 bytes        [14:17 22/10/2014]        [14:17 22/10/2014] 3696643536AC52EB5F45F8541C92D4CF

C:\Program Files (x86)\Avira\My Avira\it-IT\Avira.OE.ServiceHost.resources.dll        --a---- 11512 bytes        [14:17 22/10/2014]        [14:17 22/10/2014] 01B4C17BB0C7E6ACA74E653B1D7E5F8F

C:\Program Files (x86)\Avira\My Avira\it-IT\Avira.OE.Systray.resources.dll        --a---- 11512 bytes        [14:17 22/10/2014]        [14:17 22/10/2014] C35A05B1B2236D62B07E109044D45AE1

C:\Program Files (x86)\Avira\My Avira\pt-BR\Avira.OE.MiniGui.resources.dll        --a---- 13104 bytes        [14:17 22/10/2014]        [14:17 22/10/2014] 49092E6B9205ED3ADFF6E90EE5980BEE

C:\Program Files (x86)\Avira\My Avira\pt-BR\Avira.OE.ServiceHost.resources.dll        --a---- 11000 bytes        [14:17 22/10/2014]        [14:17 22/10/2014] 1FBC756A21836294F3BFED8ED8C771DD

C:\Program Files (x86)\Avira\My Avira\pt-BR\Avira.OE.Systray.resources.dll        --a---- 10544 bytes        [14:17 22/10/2014]        [14:17 22/10/2014] 522FA4840335C3401E456A11F823AB0E

C:\Program Files (x86)\Avira\My Avira\ru-RU\Avira.OE.MiniGui.resources.dll        --a---- 15096 bytes        [14:17 22/10/2014]        [14:17 22/10/2014] 49A68EA5C965DD7F8F962CA934D5590C

C:\Program Files (x86)\Avira\My Avira\ru-RU\Avira.OE.ServiceHost.resources.dll        --a---- 10544 bytes        [14:17 22/10/2014]        [14:17 22/10/2014] 1B1612FA90845E874BAD2FB17ECEB372

C:\Program Files (x86)\Avira\My Avira\ru-RU\Avira.OE.Systray.resources.dll        --a---- 10544 bytes        [14:17 22/10/2014]        [14:17 22/10/2014] 2BDA3BAE7DCAAD21D8C5B71CF827554A

C:\ProgramData\Package Cache\010FB1665D87DC9B3C320B700E39119F5B9FCC9F\Avira.OE.Setup.Prerequisites.exe        --a---- 87288 bytes        [14:17 22/10/2014]        [14:17 22/10/2014] 934B1AE554529D5EE6965C0115A8174C

C:\ProgramData\Package Cache\{D2763B4E-5BF4-468B-BB00-9B3B121E0FB2}v1.1.25.25607\Avira.OE.Setup.Msi.msi        --a---- 4026368 bytes        [14:18 22/10/2014]        [14:18 22/10/2014] EEAA9F26D999BB0E5480AC6344B1BDDF

C:\Users\All Users\Package Cache\010FB1665D87DC9B3C320B700E39119F5B9FCC9F\Avira.OE.Setup.Prerequisites.exe        --a---- 87288 bytes        [14:17 22/10/2014]        [14:17 22/10/2014] 934B1AE554529D5EE6965C0115A8174C

C:\Users\All Users\Package Cache\{D2763B4E-5BF4-468B-BB00-9B3B121E0FB2}v1.1.25.25607\Avira.OE.Setup.Msi.msi        --a---- 4026368 bytes        [14:18 22/10/2014]        [14:18 22/10/2014] EEAA9F26D999BB0E5480AC6344B1BDDF

C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\jABwqBL7.default\extensions\abs@avira.com\img\abs_avira_umbrella_white.svg        ------- 1757 bytes        [11:28 24/11/2014]        [15:39 12/11/2014] D1A2DF87A809DEA421F2FA1F0B11BB73

C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\jABwqBL7.default\extensions\abs@avira.com\img\avira_icon128.png        ------- 4442 bytes        [11:28 24/11/2014]        [15:39 12/11/2014] A1A1F1921BECC79B74508A64654AD6C5

C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\jABwqBL7.default\extensions\abs@avira.com\img\avira_icon16.png        ------- 601 bytes        [11:28 24/11/2014]        [15:39 12/11/2014] 865D261767EB0251D5C9F2B2F997A365

C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\jABwqBL7.default\extensions\abs@avira.com\img\avira_icon24.png        ------- 857 bytes        [11:28 24/11/2014]        [15:39 12/11/2014] 3BB83ADF4CCD38A7762B341C08802686

C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\jABwqBL7.default\extensions\abs@avira.com\img\avira_icon32.png        ------- 1922 bytes        [11:28 24/11/2014]        [15:39 12/11/2014] 0493D466B17ECF18FBA2976478B62E5A

C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\jABwqBL7.default\extensions\abs@avira.com\img\avira_icon48.png        ------- 1659 bytes        [11:28 24/11/2014]        [15:39 12/11/2014] 2911CA095E91B581E5BEA58233A65363

C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\jABwqBL7.default\extensions\abs@avira.com\img\avira_logo.png        ------- 1423 bytes        [11:28 24/11/2014]        [15:39 12/11/2014] ADAF25D72D2468FC83CA9FFE5D55819C

C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\jABwqBL7.default\extensions\abs@avira.com\img\avira_logo.svg        ------- 1014 bytes        [11:28 24/11/2014]        [15:39 12/11/2014] C9238133E73B7C42EA5C05BB502B2B4C

C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\jABwqBL7.default\extensions\abs@avira.com\img\avira_logo32.png        ------- 1280 bytes        [11:28 24/11/2014]        [15:39 12/11/2014] 69EE6C2D132E5A64C22CE1AE0ED77DDB

C:\Users\Public\Desktop\Avira Control Center.lnk        --a---- 2072 bytes        [16:37 11/07/2013]        [16:37 11/07/2013] 3B11D448BA4B30418C1FDE21E50BBA6F
 

========== regfind ==========
 

Searching for "Avira"

[HKEY_CURRENT_USER\Software\Avira]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aavira.de]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aviraa.de]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\wwwavira.de]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\aavira.de]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\aviraa.de]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\wwwavira.de]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{305CA226-D286-468e-B848-2B2E8E697B74}]

@="Avira Free Antivirus"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{305CA226-D286-468e-B848-2B2E8E697B74}]

"System.ApplicationName"="Avira.Avira Free Antivirus"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{305CA226-D286-468e-B848-2B2E8E697B74}]

"System.Software.TasksFileUrl"="C:\Program Files (x86)\Avira\AntiVir Desktop\avconfig.xml"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{305CA226-D286-468e-B848-2B2E8E697B74}\DefaultIcon]

@="C:\Program Files (x86)\Avira\AntiVir Desktop\rcimage.dll,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{305CA226-D286-468e-B848-2B2E8E697B74}\Shell\Open\Command]

@="C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Dependencies\{9480d4af-12b9-4e56-8034-4031ef6ab39d}]

"DisplayName"="Avira"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Dependencies\{D2763B4E-5BF4-468B-BB00-9B3B121E0FB2}]

"DisplayName"="Avira"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\E4B3672D4FB5B864BB00B9B321E1F02B]

"Avira.OE.ServiceHost"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\E4B3672D4FB5B864BB00B9B321E1F02B]

"ProductName"="Avira"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\E4B3672D4FB5B864BB00B9B321E1F02B\SourceList]

"PackageName"="Avira.OE.Setup.Msi.msi"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{305CA226-D286-468e-B848-2B2E8E697B74}]

@="Avira Free Antivirus"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]

"C:\ProgramData\Avira\My Avira\Logfiles\"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]

"C:\ProgramData\Avira\My Avira\apps\"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]

"C:\Program Files (x86)\Avira\My Avira\pages\notification\images\"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]

"C:\Program Files (x86)\Avira\My Avira\pages\notification\"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]

"C:\Program Files (x86)\Avira\My Avira\pages\"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]

"C:\Program Files (x86)\Avira\My Avira\"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]

"C:\Program Files (x86)\Avira\My Avira\pages\images\"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]

"C:\Program Files (x86)\Avira\My Avira\pages\de-DE\"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]

"C:\Program Files (x86)\Avira\My Avira\pages\en-US\"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]

"C:\Program Files (x86)\Avira\My Avira\pages\es-ES\"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]

"C:\Program Files (x86)\Avira\My Avira\pages\fr-FR\"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]

"C:\Program Files (x86)\Avira\My Avira\pages\it-IT\"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]

"C:\Program Files (x86)\Avira\My Avira\pages\pt-BR\"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]

"C:\Program Files (x86)\Avira\My Avira\pages\ru-RU\"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]

"C:\Program Files (x86)\Avira\My Avira\pages\fonts\"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]

"C:\Program Files (x86)\Avira\My Avira\de-DE\"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]

"C:\Program Files (x86)\Avira\My Avira\en-US\"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]

"C:\Program Files (x86)\Avira\My Avira\es-ES\"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]

"C:\Program Files (x86)\Avira\My Avira\fr-FR\"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]

"C:\Program Files (x86)\Avira\My Avira\it-IT\"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]

"C:\Program Files (x86)\Avira\My Avira\pt-BR\"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]

"C:\Program Files (x86)\Avira\My Avira\ru-RU\"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\011EC954228276045A9546819D4473FB]

"E4B3672D4FB5B864BB00B9B321E1F02B"="C:\Program Files (x86)\Avira\My Avira\en-US\Avira.OE.ServiceHost.resources.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\01B110FBC19A58C4FACD93DE359E98D2]

"E4B3672D4FB5B864BB00B9B321E1F02B"="C:\Program Files (x86)\Avira\My Avira\fr-FR\Avira.OE.ServiceHost.resources.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0232D8E4C3A0D334B92F0A77742A1A45]

"E4B3672D4FB5B864BB00B9B321E1F02B"="C:\Program Files (x86)\Avira\My Avira\Avira.OE.Communicator.Interface.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0560DC5E155720C419BC767341F47AED]

"E4B3672D4FB5B864BB00B9B321E1F02B"="C:\Program Files (x86)\Avira\My Avira\de-DE\Avira.OE.ServiceHost.resources.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0D1C741B9EE0C8A4BAC9807C0BB72730]

"E4B3672D4FB5B864BB00B9B321E1F02B"="C:\Program Files (x86)\Avira\My Avira\pages\es-ES\connection_error.html"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0D8C1C3427A5FE94198A1F6D723C623E]

"E4B3672D4FB5B864BB00B9B321E1F02B"="C:\Program Files (x86)\Avira\My Avira\pages\en-US\connection_error.html"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\15BCF7AF67472E549B23AF3DF65AEF70]

"E4B3672D4FB5B864BB00B9B321E1F02B"="C:\Program Files (x86)\Avira\My Avira\pages\de-DE\connection_error.html"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2456FC8F3B118A5469C11AD5D31DC247]

"E4B3672D4FB5B864BB00B9B321E1F02B"="C:\ProgramData\Avira\My Avira\apps\manifest.avdata"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2C8E55062A1775D43A67E0DB3A5DDEFB]

"E4B3672D4FB5B864BB00B9B321E1F02B"="C:\Program Files (x86)\Avira\My Avira\pages\fr-FR\connection_error.html"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\315921E805EFECE40818E7034835AC90]

"E4B3672D4FB5B864BB00B9B321E1F02B"="C:\ProgramData\Avira\My Avira\Logfiles\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3DFB070D6459B8848A2142C85D9EAD3C]

"E4B3672D4FB5B864BB00B9B321E1F02B"="C:\Program Files (x86)\Avira\My Avira\es-ES\Avira.OE.ServiceHost.resources.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3F09910679ECC644D8BCACDD7F2252C0]

"E4B3672D4FB5B864BB00B9B321E1F02B"="C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\418C008C3A6A7FE40B38C7AD30B1584B]

"E4B3672D4FB5B864BB00B9B321E1F02B"="C:\Program Files (x86)\Avira\My Avira\Avira.OE.Messenger.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\439D9C87C8ACC424E8AEC83BD997786B]

"E4B3672D4FB5B864BB00B9B321E1F02B"="C:\Program Files (x86)\Avira\My Avira\Avira.OE.WinCore.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4F716209FAC2E954193F6266F170B78E]

"E4B3672D4FB5B864BB00B9B321E1F02B"="C:\Program Files (x86)\Avira\My Avira\Avira.OE.ExtApi.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\595972CE95BF16642A61304D7E1570A3]

"E4B3672D4FB5B864BB00B9B321E1F02B"="C:\Program Files (x86)\Avira\My Avira\pages\notification\images\logo.png"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5B93CDDB76EAA33428E365F2CD83D16C]

"E4B3672D4FB5B864BB00B9B321E1F02B"="C:\Program Files (x86)\Avira\My Avira\Avira.OE.SpeedupConnector.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\61753FA321196964394EF63F5A188153]

"E4B3672D4FB5B864BB00B9B321E1F02B"="C:\Program Files (x86)\Avira\My Avira\pt-BR\Avira.OE.ServiceHost.resources.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\63FFCFE5B9383FD498240851329D9573]

"E4B3672D4FB5B864BB00B9B321E1F02B"="C:\Program Files (x86)\Avira\My Avira\pages\ru-RU\connection_error.html"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6B600934862FADA4A912D4A179A975A0]

"E4B3672D4FB5B864BB00B9B321E1F02B"="C:\Program Files (x86)\Avira\My Avira\Avira.OE.BrowserExtensionConnector.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6E24970DF22BA8E4183E468437AF2D37]

"E4B3672D4FB5B864BB00B9B321E1F02B"="C:\Program Files (x86)\Avira\My Avira\pages\it-IT\connection_error.html"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\722DCFD1CF48E1642B26935EC6CB4201]

"E4B3672D4FB5B864BB00B9B321E1F02B"="C:\Program Files (x86)\Avira\My Avira\Avira.OE.DropboxConnector.Interface.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8C5BD5DAD6127D4429BA051FC3839CB5]

"E4B3672D4FB5B864BB00B9B321E1F02B"="C:\Program Files (x86)\Avira\My Avira\Avira.OE.SpeedupConnector.Interface.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8D6159F56B8573542B7AA47494078485]

"E4B3672D4FB5B864BB00B9B321E1F02B"="C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\90B7601D50842AA46B9D88E56F4E6A03]

"E4B3672D4FB5B864BB00B9B321E1F02B"="C:\Program Files (x86)\Avira\My Avira\Avira.OE.Communicator.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9365A38A25E332F419F0479129E28446]

"E4B3672D4FB5B864BB00B9B321E1F02B"="C:\Program Files (x86)\Avira\My Avira\Avira.OE.AvConnectorNative.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9557CE0D88EFBED4CBAF01D036564665]

"E4B3672D4FB5B864BB00B9B321E1F02B"="C:\Program Files (x86)\Avira\My Avira\pages\images\av-image.png"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A686A1C3EC42D1348A5B5196A7B74A70]

"E4B3672D4FB5B864BB00B9B321E1F02B"="C:\Program Files (x86)\Avira\My Avira\Avira.OE.AvConnector.Interface.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B150D5DD8676CBF4FB7C1EDBAEEA64D6]

"E4B3672D4FB5B864BB00B9B321E1F02B"="C:\Program Files (x86)\Avira\My Avira\Avira.OE.DropboxConnector.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B5E31DA6394912F41A371DC8F2E7D4AB]

"E4B3672D4FB5B864BB00B9B321E1F02B"="C:\Program Files (x86)\Avira\My Avira\Avira.OE.MiniGui.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BE90F3D5EDA2E5941A4B8C569796097A]

"E4B3672D4FB5B864BB00B9B321E1F02B"="C:\ProgramData\Avira\My Avira\hbedv.key"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BFF1468F92485634D87375D193016A9D]

"E4B3672D4FB5B864BB00B9B321E1F02B"="C:\Program Files (x86)\Avira\My Avira\it-IT\Avira.OE.ServiceHost.resources.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C1CD712C81B9C11438CC285C19F7C089]

"E4B3672D4FB5B864BB00B9B321E1F02B"="01:\Software\Avira\My Avira\installed"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CB12E13E8450DCD40B23A06E51A0DCF0]

"E4B3672D4FB5B864BB00B9B321E1F02B"="C:\Program Files (x86)\Avira\My Avira\Avira.OE.AvConnector.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D86AAD2EBA58D7D468D29A4BE1E5F37D]

"E4B3672D4FB5B864BB00B9B321E1F02B"="C:\Program Files (x86)\Avira\My Avira\ru-RU\Avira.OE.ServiceHost.resources.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E67413ED403B25E47ADF77425753CD31]

"E4B3672D4FB5B864BB00B9B321E1F02B"="C:\Program Files (x86)\Avira\My Avira\pages\fonts\KievitWebPro-Bold.eot"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED7CDE9383A72C343BFFBE919E14BCB3]

"E4B3672D4FB5B864BB00B9B321E1F02B"="C:\Program Files (x86)\Avira\My Avira\pages\pt-BR\connection_error.html"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EE325BD27C254D946B58464B869AF9A8]

"E4B3672D4FB5B864BB00B9B321E1F02B"="C:\Program Files (x86)\Avira\My Avira\pages\notification\notification.html"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EFAC57F71E3666A479DC9107E07EC742]

"E4B3672D4FB5B864BB00B9B321E1F02B"="C:\Program Files (x86)\Avira\My Avira\Avira.OE.WinCore.Interface.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F46757B40A0063A46A90A3A88CC95568]

"E4B3672D4FB5B864BB00B9B321E1F02B"="C:\ProgramData\Avira\My Avira\apps\icons\_placeholder.png"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA1EBF61D3B8A7E4E87CFFA688F2CE7E]

"E4B3672D4FB5B864BB00B9B321E1F02B"="C:\Program Files (x86)\Avira\My Avira\pages\connection_error.css"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FBA05DD96094B31498377601A5184B4A]

"E4B3672D4FB5B864BB00B9B321E1F02B"="C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FBA29ED12A57D1141860D5506C3766B4]

"E4B3672D4FB5B864BB00B9B321E1F02B"="C:\Program Files (x86)\Avira\My Avira\BundledProducts.xml"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\E4B3672D4FB5B864BB00B9B321E1F02B\Features]

"Avira.OE.ServiceHost"="QChG=pQKd8NlFp*9YmNf-!vqr9FRL@zC]m5h0`WpRjF~k(iqB?='R&U,HVygj?%IfkNRZ@,}h8urf(_2KRjox$x4a9b4WL,GCwynoKOy6S2Ic=YeL8wGvS(5p?Jvqzgyu@6`N(cgYC3nhpEm&$dM&9aiuK8jA(s^j,eCN8r_{=8NFqJtyOmKo(.],I,sw8hDTf$j=q7@y^mnNdV8B934-eb!1RacbK5fF_Ev8=jd[v=(JlGD8x({PtZTv?mwO%Ljjmf.GQx8ADks[9zT-NN^&&5Cy@r?id_AHA_Vm6o&N[$c*yD3lcqv}?JAYHF+y,_3QuyB7}NPX9Z'mjIuekN%^H[~q7qL!AQtLxrzMa)(eaH{E)vCY?W9^eHC^aq^E{l(_&(zLAVJF3+@EZ7HS7.DJl{jLAFf~9U._Ysd@m}CV9)tG=6.coH^V,fsf*mfZI`'{8G)0?(^dWx]dTge9Sqz'@KITN+gcUC&)4J0pYDA^AO%G%fvdA-K8E7_,d9YU=]m0br+w$4(]_j$fgH^[9o?463w'=bh]F2f`![_-=S@OWvmqQRErr&k9)qni?&e%*nsaT!rkcFSy7L2O=4q}-mCXJX%_`+}aL?Vz?@6H{hui2,$0MkzF2Etq@d7nieOY@cfF}=!l4Eb8A6jf=?-w37MKtV]621-k92D1D+ZyR67eo{TF.$V'A0_Hv)an-l5P~JHg5Gkw8lCkPh.QmrXw)uH*eoy6A=E+IJ`rrUsCU'Kp&Kd2Aj6@f.nOWH)`uW0l=mg&ARIz4'Vk.jCspbc2aaxf?!u-}bes&WTh)Qut{3k]=dQx.mMV?`6})EtF?2A~9%x,@pt-lu&r[=aU?qzCA)ZmY3$5

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\E4B3672D4FB5B864BB00B9B321E1F02B\InstallProperties]

"Publisher"="Avira Operations GmbH & Co. KG"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\E4B3672D4FB5B864BB00B9B321E1F02B\InstallProperties]

"DisplayName"="Avira"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers]

"C:\Program Files (x86)\Avira\AntiVir Desktop\setup.exe"="VISTARTM"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Avira]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Avira\AntiVir Desktop]

"Path"="C:\Program Files (x86)\Avira\AntiVir Desktop\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Avira\AntiVir Desktop]

"AppDataDirectory"="C:\ProgramData\Avira\AntiVir Desktop\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Avira\My Avira]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Avira_RASAPI32]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Avira_RASMANCS]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"avgnt"=""C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Avira Systray"="C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Avira AntiVir Desktop]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\X-AVCSD\Workstation\AntiVir Desktop]

"Name"="Avira Free Antivirus"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\X-AVCSD\Workstation\AntiVir Desktop]

"MasterKey"="Software\Avira\AntiVir Desktop"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AntiVirSchedulerService]

"ImagePath"=""C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe""

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AntiVirSchedulerService]

"DisplayName"="Avira Planer"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AntiVirSchedulerService]

"Description"="Dienst zur Steuerung von Avira Free Antivirus Prüfaufträgen und Updates."

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AntiVirService]

"ImagePath"=""C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe""

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AntiVirService]

"DisplayName"="Avira Echtzeit-Scanner"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AntiVirService]

"Description"="Bietet permanenten Schutz vor Viren und Malware mit der Avira Suchengine."

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AntiVirWebService]

"ImagePath"=""C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE""

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AntiVirWebService]

"DisplayName"="Avira Browser-Schutz"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AntiVirWebService]

"Description"="Bietet Webbrowsern permanenten Schutz vor Viren und Malware mit der Avira Suchengine."

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\avgntflt]

"Description"="Avira mini-filter driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\avipbb]

"Description"="Avira Security Enhancement Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\avipbb]

"Group"="Avira"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Avira.OE.ServiceHost]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Avira.OE.ServiceHost]

"ImagePath"=""C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe""

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Avira.OE.ServiceHost]

"DisplayName"="Avira Service Host"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Avira.OE.ServiceHost]

"Description"="Service Host for Avira"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\avkmgr]

"Description"="Avira Manager Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\avkmgr]

"Group"="Avira"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\Application\Avira Antivirus]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\Application\Avira Antivirus]

"CategoryMessageFile"="C:\Program Files (x86)\Avira\AntiVir Desktop\avevtrc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\Application\Avira Antivirus]

"EventMessageFile"="C:\Program Files (x86)\Avira\AntiVir Desktop\avevtrc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\Application\Avira Service Host]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\AntiVirSchedulerService]

"ImagePath"=""C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe""

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\AntiVirSchedulerService]

"DisplayName"="Avira Planer"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\AntiVirSchedulerService]

"Description"="Dienst zur Steuerung von Avira Free Antivirus Prüfaufträgen und Updates."

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\AntiVirService]

"ImagePath"=""C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe""

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\AntiVirService]

"DisplayName"="Avira Echtzeit-Scanner"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\AntiVirService]

"Description"="Bietet permanenten Schutz vor Viren und Malware mit der Avira Suchengine."

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\AntiVirWebService]

"ImagePath"=""C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE""

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\AntiVirWebService]

"DisplayName"="Avira Browser-Schutz"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\AntiVirWebService]

"Description"="Bietet Webbrowsern permanenten Schutz vor Viren und Malware mit der Avira Suchengine."

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\avgntflt]

"Description"="Avira mini-filter driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\avipbb]

"Description"="Avira Security Enhancement Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\avipbb]

"Group"="Avira"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Avira.OE.ServiceHost]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Avira.OE.ServiceHost]

"ImagePath"=""C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe""

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Avira.OE.ServiceHost]

"DisplayName"="Avira Service Host"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Avira.OE.ServiceHost]

"Description"="Service Host for Avira"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\avkmgr]

"Description"="Avira Manager Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\avkmgr]

"Group"="Avira"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\eventlog\Application\Avira Antivirus]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\eventlog\Application\Avira Antivirus]

"CategoryMessageFile"="C:\Program Files (x86)\Avira\AntiVir Desktop\avevtrc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\eventlog\Application\Avira Antivirus]

"EventMessageFile"="C:\Program Files (x86)\Avira\AntiVir Desktop\avevtrc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\eventlog\Application\Avira Service Host]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AntiVirSchedulerService]

"ImagePath"=""C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AntiVirSchedulerService]

"DisplayName"="Avira Planer"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AntiVirSchedulerService]

"Description"="Dienst zur Steuerung von Avira Free Antivirus Prüfaufträgen und Updates."

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AntiVirService]

"ImagePath"=""C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AntiVirService]

"DisplayName"="Avira Echtzeit-Scanner"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AntiVirService]

"Description"="Bietet permanenten Schutz vor Viren und Malware mit der Avira Suchengine."

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AntiVirWebService]

"ImagePath"=""C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AntiVirWebService]

"DisplayName"="Avira Browser-Schutz"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AntiVirWebService]

"Description"="Bietet Webbrowsern permanenten Schutz vor Viren und Malware mit der Avira Suchengine."

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\avgntflt]

"Description"="Avira mini-filter driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\avipbb]

"Description"="Avira Security Enhancement Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\avipbb]

"Group"="Avira"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Avira.OE.ServiceHost]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Avira.OE.ServiceHost]

"ImagePath"=""C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Avira.OE.ServiceHost]

"DisplayName"="Avira Service Host"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Avira.OE.ServiceHost]

"Description"="Service Host for Avira"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\avkmgr]

"Description"="Avira Manager Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\avkmgr]

"Group"="Avira"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Avira Antivirus]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Avira Antivirus]

"CategoryMessageFile"="C:\Program Files (x86)\Avira\AntiVir Desktop\avevtrc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Avira Antivirus]

"EventMessageFile"="C:\Program Files (x86)\Avira\AntiVir Desktop\avevtrc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Avira Service Host]

[HKEY_USERS\.DEFAULT\Software\Avira]

[HKEY_USERS\.DEFAULT\Software\Avira\My Avira]

[HKEY_USERS\S-1-5-21-887015318-538487465-2359642672-1000\Software\Avira]

[HKEY_USERS\S-1-5-21-887015318-538487465-2359642672-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aavira.de]

[HKEY_USERS\S-1-5-21-887015318-538487465-2359642672-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aviraa.de]

[HKEY_USERS\S-1-5-21-887015318-538487465-2359642672-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\wwwavira.de]

[HKEY_USERS\S-1-5-21-887015318-538487465-2359642672-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\aavira.de]

[HKEY_USERS\S-1-5-21-887015318-538487465-2359642672-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\aviraa.de]

[HKEY_USERS\S-1-5-21-887015318-538487465-2359642672-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\wwwavira.de]

[HKEY_USERS\S-1-5-18\Software\Avira]

[HKEY_USERS\S-1-5-18\Software\Avira\My Avira]
 

-= EOF =-

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-12-2014 01

Ran by basti (administrator) on BASTI-PC on 15-12-2014 07:27:01

Running from C:\Users\basti\Downloads

Loaded Profiles: UpdatusUser & basti &  (Available profiles: UpdatusUser & basti)

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)

Internet Explorer Version 11

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 

==================== Processes (Whitelisted) =================
 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

(Microsoft Corporation) C:\Windows\System32\wisptis.exe

(Microsoft Corporation) C:\Windows\System32\wisptis.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe

(Samsung) C:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

() C:\Windows\System32\WTMKM.exe

(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe

(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe

() C:\ProgramData\DatacardService\HWDeviceService64.exe

(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe

(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe

(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe

(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe

(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe

(Samsung Electronics) C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe

() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

() C:\Windows\System32\atwtusb.exe

() C:\Windows\System32\atwtusb.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe

(Intel Corporation) C:\Windows\System32\igfxext.exe

(Intel Corporation) C:\Windows\System32\igfxsrvc.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe

(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe

(CyberLink Corp.) C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Easy Support Center\SSCKbdHk.exe

(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

(Samsung Electronics CO., LTD.) C:\ProgramData\SAMSUNG\SW Update Service\SWMAgent.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

(MAGIX AG) C:\Program Files (x86)\MAGIX\Music_Maker_MX\MusicMaker.exe

(MAGIX AG) C:\Program Files (x86)\MAGIX\Music_Maker_MX\Online\MagixOfa.exe

(MAGIX®) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
 
 

==================== Registry (Whitelisted) ==================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12558440 2011-07-12] (Realtek Semiconductor)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2784552 2011-05-13] (Synaptics Incorporated)

HKLM\...\Run: [MacrokeyManager] => C:\windows\system32\WTMKM.exe [12482048 2012-03-07] ()

HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-11] (Avira Operations GmbH & Co. KG)

HKLM-x32\...\Run: [EaseUS EPM tray] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.1\bin\EpmNews.exe

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)

HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG)

HKLM-x32\...\RunOnce: [Search Extensions Program Files Data Uninstall] => cmd /C rd /Q /S "C:\Program Files (x86)\Search Extensions"

HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2014-11-21] (Malwarebytes Corporation)

Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)

HKU\S-1-5-21-1656143743-13120863-1912775482-1000\...\MountPoints2: {ae2690bd-68e5-11e1-9b16-806e6f6e6963} - E:\SETUP.EXE

HKU\S-1-5-21-1656143743-13120863-1912775482-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {ae2690bd-68e5-11e1-9b16-806e6f6e6963} - E:\SETUP.EXE

HKU\S-1-5-21-1656143743-13120863-1912775482-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30526056 2014-11-06] (Skype Technologies S.A.)

HKU\S-1-5-21-1656143743-13120863-1912775482-1001\...\MountPoints2: F - F:\HTC_Sync_Manager_PC.exe

HKU\S-1-5-21-1656143743-13120863-1912775482-1001\...\MountPoints2: {18b4a11c-68ce-11e4-a530-e8039aabf19f} - F:\EasySuite.exe

HKU\S-1-5-21-1656143743-13120863-1912775482-1001\...\MountPoints2: {1bc512c3-6432-11e4-a10e-e8039aabf19f} - F:\HTC_Sync_Manager_PC.exe

HKU\S-1-5-21-1656143743-13120863-1912775482-1001\...\MountPoints2: {4713a888-69c2-11e4-855b-e8039aabf19f} - F:\AutoRun.exe

HKU\S-1-5-21-1656143743-13120863-1912775482-1001\...\MountPoints2: {4713a8a4-69c2-11e4-855b-e8039aabf19f} - F:\AutoRun.exe

HKU\S-1-5-21-1656143743-13120863-1912775482-1001\...\MountPoints2: {8fd23007-f429-11e3-82b0-e8039aabf19f} - F:\HTC_Sync_Manager_PC.exe

HKU\S-1-5-21-1656143743-13120863-1912775482-1001\...\MountPoints2: {8fd23055-f429-11e3-82b0-e8039aabf19f} - F:\HTC_Sync_Manager_PC.exe

HKU\S-1-5-21-1656143743-13120863-1912775482-1001\...\MountPoints2: {c6868b6f-ba5c-11e2-862f-e8039aabf19f} - F:\pushinst.exe

HKU\S-1-5-21-1656143743-13120863-1912775482-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30526056 2014-11-06] (Skype Technologies S.A.)

HKU\S-1-5-21-1656143743-13120863-1912775482-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: F - F:\HTC_Sync_Manager_PC.exe

HKU\S-1-5-21-1656143743-13120863-1912775482-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {18b4a11c-68ce-11e4-a530-e8039aabf19f} - F:\EasySuite.exe

HKU\S-1-5-21-1656143743-13120863-1912775482-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {1bc512c3-6432-11e4-a10e-e8039aabf19f} - F:\HTC_Sync_Manager_PC.exe

HKU\S-1-5-21-1656143743-13120863-1912775482-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {4713a888-69c2-11e4-855b-e8039aabf19f} - F:\AutoRun.exe

HKU\S-1-5-21-1656143743-13120863-1912775482-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {4713a8a4-69c2-11e4-855b-e8039aabf19f} - F:\AutoRun.exe

HKU\S-1-5-21-1656143743-13120863-1912775482-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {8fd23007-f429-11e3-82b0-e8039aabf19f} - F:\HTC_Sync_Manager_PC.exe

HKU\S-1-5-21-1656143743-13120863-1912775482-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {8fd23055-f429-11e3-82b0-e8039aabf19f} - F:\HTC_Sync_Manager_PC.exe

HKU\S-1-5-21-1656143743-13120863-1912775482-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {c6868b6f-ba5c-11e2-862f-e8039aabf19f} - F:\pushinst.exe

AppInit_DLLs: C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll [226920 2011-06-05] (NVIDIA Corporation)

AppInit_DLLs-x32: C:\windows\SysWOW64\nvinit.dll => C:\windows\SysWOW64\nvinit.dll [193128 2011-06-05] (NVIDIA Corporation)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk

ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (No File)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)

BootExecute: autocheck autochk * sdnclean64.exe

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

CHR HKU\S-1-5-21-1656143743-13120863-1912775482-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

CHR HKU\S-1-5-21-1656143743-13120863-1912775482-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

CHR HKU\S-1-5-21-1656143743-13120863-1912775482-1001\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

CHR HKU\S-1-5-21-1656143743-13120863-1912775482-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 

==================== Internet (Whitelisted) ====================
 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 

HKU\S-1-5-21-1656143743-13120863-1912775482-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung.msn.com

HKU\S-1-5-21-1656143743-13120863-1912775482-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung.msn.com

HKU\S-1-5-21-1656143743-13120863-1912775482-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.msn.com/?pc=UP97&ocid=UP97DHP

HKU\S-1-5-21-1656143743-13120863-1912775482-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung.msn.com

HKU\S-1-5-21-1656143743-13120863-1912775482-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.msn.com/?pc=UP97&ocid=UP97DHP

HKU\S-1-5-21-1656143743-13120863-1912775482-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung.msn.com

SearchScopes: HKLM-x32 -> DefaultScope value is missing.

SearchScopes: HKU\S-1-5-21-1656143743-13120863-1912775482-1001 -> {897486ED-9287-4939-B19A-4A0A0B9C2EFF} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=&apn_uid=31AFF370-5EA2-4949-8311-EE662C9F6D7C&apn_sauid=1CFF06F3-42B2-4022-8E49-7A6BC9C27968

SearchScopes: HKU\S-1-5-21-1656143743-13120863-1912775482-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {897486ED-9287-4939-B19A-4A0A0B9C2EFF} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=&apn_uid=31AFF370-5EA2-4949-8311-EE662C9F6D7C&apn_sauid=1CFF06F3-42B2-4022-8E49-7A6BC9C27968

BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)

BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)

BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)

BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)

BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)

BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)

BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)

Toolbar: HKU\S-1-5-21-1656143743-13120863-1912775482-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File

Toolbar: HKU\S-1-5-21-1656143743-13120863-1912775482-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File

Toolbar: HKU\S-1-5-21-1656143743-13120863-1912775482-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File

Toolbar: HKU\S-1-5-21-1656143743-13120863-1912775482-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File

Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)

Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

Tcpip\..\Interfaces\{D1E9C4FE-3969-4380-A416-2B8F2EBE2E99}: [NameServer] 10.74.210.210 10.74.210.211
 

FireFox:

========

FF ProfilePath: C:\Users\basti\AppData\Roaming\Mozilla\Firefox\Profiles\s5rfsy7n.default

FF SearchEngineOrder.1: Ask.com

FF SearchEngineOrder.3: Bing 

FF Homepage: about:home

FF Keyword.URL: hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q=

FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()

FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()

FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.updatepm.com/PriceMeterLiveUpdate Update;version=3 -> C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\npGoogleUpdate3.dll No File

FF Plugin-x32: @tools.updatepm.com/PriceMeterLiveUpdate Update;version=9 -> C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\npGoogleUpdate3.dll No File

FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF SearchPlugin: C:\Users\basti\AppData\Roaming\Mozilla\Firefox\Profiles\s5rfsy7n.default\searchplugins\google-images.xml

FF SearchPlugin: C:\Users\basti\AppData\Roaming\Mozilla\Firefox\Profiles\s5rfsy7n.default\searchplugins\google-maps.xml

FF Extension: Avira Browser Safety - C:\Users\basti\AppData\Roaming\Mozilla\Firefox\Profiles\s5rfsy7n.default\Extensions\abs@avira.com [2014-11-25]

FF Extension: Download videos and MP3s from YouTube - C:\Users\basti\AppData\Roaming\Mozilla\Firefox\Profiles\s5rfsy7n.default\Extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900} [2014-11-11]

FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-12-10]

FF Extension: UITBAutoInstaller - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\{edd7fc99-d65c-4979-85c2-ddeed30c50c7} [2014-12-10]

FF HKU\S-1-5-21-1656143743-13120863-1912775482-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi

FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

FF HKU\S-1-5-21-1656143743-13120863-1912775482-1001\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\basti\AppData\Roaming\Mozilla\Firefox\Profiles\s5rfsy7n.default\extensions\cliqz@cliqz.com

FF HKU\S-1-5-21-1656143743-13120863-1912775482-1001\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff

FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-11-11]

FF HKU\S-1-5-21-1656143743-13120863-1912775482-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi

FF HKU\S-1-5-21-1656143743-13120863-1912775482-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\basti\AppData\Roaming\Mozilla\Firefox\Profiles\s5rfsy7n.default\extensions\cliqz@cliqz.com

FF HKU\S-1-5-21-1656143743-13120863-1912775482-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
 

Chrome: 

=======

CHR HomePage: Default -> hxxp://de.msn.com/?pc=UP97&ocid=UP97DHP

CHR StartupUrls: Default -> "hxxp://de.msn.com/?pc=UP97&ocid=UP97DHP"

CHR DefaultSearchKeyword: Default -> bing.com

CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q={searchTerms}

CHR DefaultSuggestURL: Default -> hxxp://api.bing.com/osjson.aspx?query={searchTerms}&language={language}&form=UP97DF&PC=UP97

CHR Profile: C:\Users\basti\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Docs) - C:\Users\basti\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-14]

CHR Extension: (Google Drive) - C:\Users\basti\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-14]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\basti\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-08]

CHR Extension: (YouTube) - C:\Users\basti\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-14]

CHR Extension: (Google-Suche) - C:\Users\basti\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-14]

CHR Extension: (Avira Browserschutz) - C:\Users\basti\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-11-08]

CHR Extension: (Skype Click to Call) - C:\Users\basti\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-11-08]

CHR Extension: (Google Wallet) - C:\Users\basti\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-14]

CHR Extension: (Google Mail) - C:\Users\basti\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-14]

CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
 

==================== Services (Whitelisted) =================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-11] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-11] (Avira Operations GmbH & Co. KG)

R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG)

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)

R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)

R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1840128 2011-05-24] (MAGIX AG) [File not signed]

R3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]

R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()

S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)

R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-12-01] () [File not signed]

R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3020632 2014-04-04] (Samsung Electronics CO., LTD.)

R2 WTService; C:\windows\system32\atwtusb.exe [584192 2012-02-07] () [File not signed]
 

==================== Drivers (Whitelisted) ====================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-31] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-31] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-27] (Avira Operations GmbH & Co. KG)

U0 hobgmy; C:\Windows\System32\drivers\isrq.sys [79064 2014-12-15] (Malwarebytes Corporation)

S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [212992 2014-11-11] (Huawei Technologies Co., Ltd.)

R3 moufiltr; C:\Windows\System32\DRIVERS\moufiltr.sys [7680 2009-03-08] (Windows (R) Codename Longhorn DDK provider)

S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2012-05-05] (Windows (R) 2003 DDK 3790 provider)

R2 SGDrv; C:\Windows\System32\DRIVERS\SGdrv64.sys [7680 2011-04-11] (Phoenix Technologies Ltd.)

R3 vhidmini; C:\Windows\System32\DRIVERS\walvhid.sys [7552 2009-08-26] (Windows (R) Win 7 DDK provider)

S3 AthBTPort; system32\DRIVERS\btath_flt.sys [X]

S3 BTATH_A2DP; system32\drivers\btath_a2dp.sys [X]

S3 btath_avdt; system32\drivers\btath_avdt.sys [X]

S3 BTATH_BUS; system32\DRIVERS\btath_bus.sys [X]

S3 BTATH_HCRP; system32\DRIVERS\btath_hcrp.sys [X]

S3 BTATH_LWFLT; system32\DRIVERS\btath_lwflt.sys [X]

S3 BTATH_RCP; system32\DRIVERS\btath_rcp.sys [X]

S3 BtFilter; system32\DRIVERS\btfilter.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 

==================== One Month Created Files and Folders ========
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2014-12-15 07:27 - 2014-12-15 07:27 - 00025659 _____ () C:\Users\basti\Downloads\FRST.txt

2014-12-15 07:26 - 2014-12-15 07:27 - 00000000 ____D () C:\FRST

2014-12-15 07:25 - 2014-12-15 07:25 - 02119168 _____ (Farbar) C:\Users\basti\Downloads\FRST64.exe

2014-12-15 02:05 - 2014-12-15 02:05 - 00079064 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\isrq.sys

2014-12-11 03:08 - 2014-12-11 03:08 - 00000000 ____D () C:\windows\system32\appraiser

2014-12-11 03:02 - 2014-10-18 03:05 - 04121600 _____ (Microsoft Corporation) C:\windows\system32\mf.dll

2014-12-11 03:02 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\windows\SysWOW64\mf.dll

2014-12-11 03:02 - 2014-07-07 03:06 - 00206848 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll

2014-12-11 03:02 - 2014-07-07 03:06 - 00055808 _____ (Microsoft Corporation) C:\windows\system32\rrinstaller.exe

2014-12-11 03:02 - 2014-07-07 03:06 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\mfpmp.exe

2014-12-11 03:02 - 2014-07-07 03:02 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\mferror.dll

2014-12-11 03:02 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfps.dll

2014-12-11 03:02 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\rrinstaller.exe

2014-12-11 03:02 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfpmp.exe

2014-12-11 03:02 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\mferror.dll

2014-12-10 09:33 - 2014-12-10 09:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-12-10 07:47 - 2014-12-04 03:50 - 00830976 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll

2014-12-10 07:47 - 2014-12-04 03:50 - 00741376 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll

2014-12-10 07:47 - 2014-12-04 03:50 - 00413184 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll

2014-12-10 07:47 - 2014-12-04 03:50 - 00396800 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll

2014-12-10 07:47 - 2014-12-04 03:50 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll

2014-12-10 07:47 - 2014-12-04 03:50 - 00192000 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll

2014-12-10 07:47 - 2014-12-04 03:44 - 01083392 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll

2014-12-10 07:47 - 2014-12-02 00:28 - 01232040 _____ (Microsoft Corporation) C:\windows\system32\aitstatic.exe

2014-12-10 07:47 - 2014-11-27 02:43 - 00389296 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll

2014-12-10 07:47 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll

2014-12-10 07:47 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll

2014-12-10 07:47 - 2014-11-22 04:06 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb

2014-12-10 07:47 - 2014-11-22 04:06 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll

2014-12-10 07:47 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll

2014-12-10 07:47 - 2014-11-22 03:50 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll

2014-12-10 07:47 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll

2014-12-10 07:47 - 2014-11-22 03:49 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll

2014-12-10 07:47 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll

2014-12-10 07:47 - 2014-11-22 03:41 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll

2014-12-10 07:47 - 2014-11-22 03:40 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll

2014-12-10 07:47 - 2014-11-22 03:37 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll

2014-12-10 07:47 - 2014-11-22 03:35 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe

2014-12-10 07:47 - 2014-11-22 03:35 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe

2014-12-10 07:47 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll

2014-12-10 07:47 - 2014-11-22 03:34 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll

2014-12-10 07:47 - 2014-11-22 03:26 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe

2014-12-10 07:47 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll

2014-12-10 07:47 - 2014-11-22 03:22 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll

2014-12-10 07:47 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb

2014-12-10 07:47 - 2014-11-22 03:14 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll

2014-12-10 07:47 - 2014-11-22 03:09 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll

2014-12-10 07:47 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll

2014-12-10 07:47 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll

2014-12-10 07:47 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll

2014-12-10 07:47 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll

2014-12-10 07:47 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll

2014-12-10 07:47 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll

2014-12-10 07:47 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll

2014-12-10 07:47 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll

2014-12-10 07:47 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll

2014-12-10 07:47 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll

2014-12-10 07:47 - 2014-11-22 02:55 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe

2014-12-10 07:47 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll

2014-12-10 07:47 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll

2014-12-10 07:47 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe

2014-12-10 07:47 - 2014-11-22 02:47 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll

2014-12-10 07:47 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl

2014-12-10 07:47 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll

2014-12-10 07:47 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll

2014-12-10 07:47 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll

2014-12-10 07:47 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll

2014-12-10 07:47 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll

2014-12-10 07:47 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll

2014-12-10 07:47 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll

2014-12-10 07:47 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll

2014-12-10 07:47 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll

2014-12-10 07:47 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl

2014-12-10 07:47 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll

2014-12-10 07:47 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll

2014-12-10 07:47 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll

2014-12-10 07:47 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll

2014-12-10 07:47 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll

2014-12-10 07:47 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll

2014-12-10 07:47 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll

2014-12-10 07:47 - 2014-11-11 04:09 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll

2014-12-10 07:47 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll

2014-12-10 07:47 - 2014-11-11 02:46 - 00119296 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tdx.sys

2014-12-10 07:46 - 2014-11-08 04:16 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll

2014-12-10 07:46 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll

2014-12-10 07:46 - 2014-10-30 03:03 - 00165888 _____ (Microsoft Corporation) C:\windows\system32\charmap.exe

2014-12-10 07:46 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\windows\SysWOW64\charmap.exe

2014-12-10 07:46 - 2014-10-03 03:12 - 02020352 _____ (Microsoft Corporation) C:\windows\system32\WsmSvc.dll

2014-12-10 07:46 - 2014-10-03 03:12 - 00346624 _____ (Microsoft Corporation) C:\windows\system32\WSManMigrationPlugin.dll

2014-12-10 07:46 - 2014-10-03 03:12 - 00310272 _____ (Microsoft Corporation) C:\windows\system32\WsmWmiPl.dll

2014-12-10 07:46 - 2014-10-03 03:12 - 00181248 _____ (Microsoft Corporation) C:\windows\system32\WsmAuto.dll

2014-12-10 07:46 - 2014-10-03 03:11 - 00266240 _____ (Microsoft Corporation) C:\windows\system32\WSManHTTPConfig.exe

2014-12-10 07:46 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmSvc.dll

2014-12-10 07:46 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSManMigrationPlugin.dll

2014-12-10 07:46 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmWmiPl.dll

2014-12-10 07:46 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmAuto.dll

2014-12-10 07:46 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSManHTTPConfig.exe

2014-12-02 13:04 - 2014-12-12 19:43 - 00000896 _____ () C:\windows\setupact.log

2014-12-02 13:04 - 2014-12-02 13:04 - 00000000 _____ () C:\windows\setuperr.log

2014-11-30 00:44 - 2014-11-30 00:44 - 00000000 __SHD () C:\Users\basti\AppData\Local\EmieBrowserModeList

2014-11-29 09:30 - 2014-11-29 09:30 - 00000000 ____D () C:\Users\basti\AppData\Local\{B9323654-826A-4D36-AD33-B6E531320ABB}

2014-11-28 13:54 - 2014-11-28 13:54 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\basti\Downloads\revosetup95.exe

2014-11-28 13:54 - 2014-11-28 13:54 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group

2014-11-27 00:31 - 2014-12-14 21:58 - 00000000 ____D () C:\Users\basti\AppData\Roaming\FileAdvisor

2014-11-26 21:58 - 2014-12-15 01:40 - 00000000 ____D () C:\Program Files (x86)\Search Extensions

2014-11-26 21:57 - 2014-12-02 08:29 - 00000000 ____D () C:\Users\basti\AppData\Roaming\Free YouTube to MP3 Converter Studio

2014-11-26 21:57 - 2014-11-26 21:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free YouTube to MP3 Converter Studio

2014-11-26 21:57 - 2014-11-26 21:57 - 00000000 ____D () C:\Program Files (x86)\Free YouTube to MP3 Converter Studio

2014-11-26 21:55 - 2014-11-26 21:55 - 11872560 _____ (mediaprolab.com ) C:\Users\basti\Downloads\youtube-to-mp3-converter(1).exe

2014-11-26 21:55 - 2014-11-26 21:55 - 00234912 _____ (Download.com) C:\Users\basti\Downloads\youtube-to-mp3-converter.exe

2014-11-26 21:07 - 2014-12-14 08:38 - 00003518 _____ () C:\windows\System32\Tasks\FileAdvisorCheck

2014-11-26 21:07 - 2014-12-14 08:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\File Type Advisor

2014-11-26 21:07 - 2014-12-14 08:37 - 00000000 ____D () C:\Program Files (x86)\File Type Advisor

2014-11-26 21:07 - 2014-11-26 21:58 - 00003594 _____ () C:\windows\System32\Tasks\FileAdvisorUpdate

2014-11-26 21:07 - 2014-11-26 21:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free M4a to MP3 Converter

2014-11-26 21:07 - 2014-11-26 21:07 - 00000000 ____D () C:\Program Files (x86)\Free M4a to MP3 Converter

2014-11-26 21:05 - 2014-11-26 21:05 - 01169232 _____ () C:\Users\basti\Downloads\Free M4a to MP3 Converter - CHIP-Installer.exe

2014-11-25 12:58 - 2014-11-26 21:04 - 00000000 ____D () C:\Output

2014-11-25 12:57 - 2014-11-25 12:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP4 To MP3 Converter

2014-11-25 12:57 - 2014-11-25 12:57 - 00000000 ____D () C:\MP4ToMP3Converter

2014-11-25 12:55 - 2014-11-25 12:55 - 01169232 _____ () C:\Users\basti\Downloads\MP4 to MP3 Converter - CHIP-Installer.exe

2014-11-18 21:27 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll

2014-11-18 21:27 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\windows\system32\pku2u.dll

2014-11-18 21:27 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll

2014-11-18 21:27 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\windows\SysWOW64\pku2u.dll
 

==================== One Month Modified Files and Folders =======
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2014-12-15 07:23 - 2012-07-22 12:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2014-12-15 07:03 - 2014-06-14 21:58 - 00001110 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-12-15 06:29 - 2012-08-05 18:17 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job

2014-12-15 05:12 - 2012-03-08 23:10 - 01391723 _____ () C:\windows\WindowsUpdate.log

2014-12-15 02:05 - 2012-03-08 22:19 - 00000000 ____D () C:\windows\ShellNew

2014-12-15 01:43 - 2014-06-28 19:33 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys

2014-12-15 01:42 - 2014-06-28 19:33 - 00001062 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-12-15 01:42 - 2014-06-28 19:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-12-15 01:42 - 2014-06-28 19:33 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-12-15 01:41 - 2012-06-28 16:17 - 00000000 ____D () C:\Users\basti\AppData\Roaming\Skype

2014-12-14 16:08 - 2014-06-14 21:58 - 00001106 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-12-12 19:52 - 2009-07-14 05:45 - 00028624 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-12-12 19:52 - 2009-07-14 05:45 - 00028624 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-12-12 19:44 - 2009-07-14 03:34 - 00000418 _____ () C:\windows\win.ini

2014-12-12 19:43 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT

2014-12-12 14:59 - 2014-10-31 14:03 - 00001097 _____ () C:\Users\Public\Desktop\Avira.lnk

2014-12-12 14:59 - 2014-10-31 13:55 - 00000000 ____D () C:\ProgramData\Package Cache

2014-12-12 14:59 - 2013-05-30 18:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira

2014-12-12 14:59 - 2013-05-30 18:34 - 00000000 ____D () C:\Program Files (x86)\Avira

2014-12-11 03:43 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\rescache

2014-12-11 03:08 - 2014-05-10 18:20 - 00000000 ___SD () C:\windows\system32\CompatTel

2014-12-11 03:08 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\PolicyDefinitions

2014-12-11 03:08 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\AppCompat

2014-12-11 03:06 - 2013-08-27 16:11 - 00000000 ____D () C:\windows\system32\MRT

2014-12-11 03:03 - 2012-08-07 13:16 - 112710672 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe

2014-12-10 08:29 - 2012-08-05 18:17 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe

2014-12-10 08:29 - 2012-08-05 18:17 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-12-10 08:29 - 2012-08-05 18:17 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater

2014-12-10 07:35 - 2014-06-14 21:59 - 00002135 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2014-12-02 13:16 - 2012-06-25 09:43 - 00000000 ____D () C:\Program Files (x86)\phase5

2014-12-01 20:43 - 2014-02-28 20:40 - 00000000 ____D () C:\Users\basti\AppData\Local\Windows Live

2014-12-01 10:43 - 2012-06-02 11:04 - 00000132 _____ () C:\Users\basti\AppData\Roaming\Adobe PNG Format CS5 Prefs

2014-11-29 09:55 - 2014-06-17 23:34 - 00000000 ____D () C:\Users\basti\Documents\Youcam

2014-11-26 21:20 - 2014-11-06 21:42 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}

2014-11-21 06:14 - 2014-06-28 19:33 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys

2014-11-21 06:14 - 2014-06-28 19:33 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys

2014-11-21 06:14 - 2014-06-28 19:33 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys

2014-11-18 22:28 - 2012-06-01 14:08 - 00000000 ____D () C:\Users\basti\AppData\Local\VirtualStore

2014-11-18 21:31 - 2012-03-08 06:40 - 00000000 ____D () C:\ProgramData\SAMSUNG

2014-11-18 21:31 - 2012-03-08 06:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung

2014-11-18 21:31 - 2012-03-08 06:38 - 00000000 ____D () C:\Program Files (x86)\Samsung

2014-11-15 14:58 - 2014-06-14 21:58 - 00004106 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA

2014-11-15 14:58 - 2014-06-14 21:58 - 00003854 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
 

Some content of TEMP:

====================

C:\Users\basti\AppData\Local\Temp\avgnt.exe

C:\Users\basti\AppData\Local\Temp\System.Data.SQLite.dll

C:\Users\basti\AppData\Local\Temp\System.Data.SQLitefeb652fb-2f33-43df-9a1b-b3dfa7142c88.dll
 
 

==================== Bamital & volsnap Check =================
 

(There is no automatic fix for files that do not pass verification.)
 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2014-12-05 13:47
 

==================== End Of Log ============================

--- --- ---

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-12-2014 01

Ran by basti (administrator) on BASTI-PC on 15-12-2014 07:27:01

Running from C:\Users\basti\Downloads

Loaded Profiles: UpdatusUser & basti &  (Available profiles: UpdatusUser & basti)

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)

Internet Explorer Version 11

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 

==================== Processes (Whitelisted) =================
 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

(Microsoft Corporation) C:\Windows\System32\wisptis.exe

(Microsoft Corporation) C:\Windows\System32\wisptis.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe

(Samsung) C:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

() C:\Windows\System32\WTMKM.exe

(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe

(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe

() C:\ProgramData\DatacardService\HWDeviceService64.exe

(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe

(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe

(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe

(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe

(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe

(Samsung Electronics) C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe

() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

() C:\Windows\System32\atwtusb.exe

() C:\Windows\System32\atwtusb.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe

(Intel Corporation) C:\Windows\System32\igfxext.exe

(Intel Corporation) C:\Windows\System32\igfxsrvc.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe

(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe

(CyberLink Corp.) C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Easy Support Center\SSCKbdHk.exe

(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

(Samsung Electronics CO., LTD.) C:\ProgramData\SAMSUNG\SW Update Service\SWMAgent.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

(MAGIX AG) C:\Program Files (x86)\MAGIX\Music_Maker_MX\MusicMaker.exe

(MAGIX AG) C:\Program Files (x86)\MAGIX\Music_Maker_MX\Online\MagixOfa.exe

(MAGIX®) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
 
 

==================== Registry (Whitelisted) ==================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12558440 2011-07-12] (Realtek Semiconductor)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2784552 2011-05-13] (Synaptics Incorporated)

HKLM\...\Run: [MacrokeyManager] => C:\windows\system32\WTMKM.exe [12482048 2012-03-07] ()

HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-11] (Avira Operations GmbH & Co. KG)

HKLM-x32\...\Run: [EaseUS EPM tray] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.1\bin\EpmNews.exe

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)

HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG)

HKLM-x32\...\RunOnce: [Search Extensions Program Files Data Uninstall] => cmd /C rd /Q /S "C:\Program Files (x86)\Search Extensions"

HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2014-11-21] (Malwarebytes Corporation)

Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)

HKU\S-1-5-21-1656143743-13120863-1912775482-1000\...\MountPoints2: {ae2690bd-68e5-11e1-9b16-806e6f6e6963} - E:\SETUP.EXE

HKU\S-1-5-21-1656143743-13120863-1912775482-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {ae2690bd-68e5-11e1-9b16-806e6f6e6963} - E:\SETUP.EXE

HKU\S-1-5-21-1656143743-13120863-1912775482-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30526056 2014-11-06] (Skype Technologies S.A.)

HKU\S-1-5-21-1656143743-13120863-1912775482-1001\...\MountPoints2: F - F:\HTC_Sync_Manager_PC.exe

HKU\S-1-5-21-1656143743-13120863-1912775482-1001\...\MountPoints2: {18b4a11c-68ce-11e4-a530-e8039aabf19f} - F:\EasySuite.exe

HKU\S-1-5-21-1656143743-13120863-1912775482-1001\...\MountPoints2: {1bc512c3-6432-11e4-a10e-e8039aabf19f} - F:\HTC_Sync_Manager_PC.exe

HKU\S-1-5-21-1656143743-13120863-1912775482-1001\...\MountPoints2: {4713a888-69c2-11e4-855b-e8039aabf19f} - F:\AutoRun.exe

HKU\S-1-5-21-1656143743-13120863-1912775482-1001\...\MountPoints2: {4713a8a4-69c2-11e4-855b-e8039aabf19f} - F:\AutoRun.exe

HKU\S-1-5-21-1656143743-13120863-1912775482-1001\...\MountPoints2: {8fd23007-f429-11e3-82b0-e8039aabf19f} - F:\HTC_Sync_Manager_PC.exe

HKU\S-1-5-21-1656143743-13120863-1912775482-1001\...\MountPoints2: {8fd23055-f429-11e3-82b0-e8039aabf19f} - F:\HTC_Sync_Manager_PC.exe

HKU\S-1-5-21-1656143743-13120863-1912775482-1001\...\MountPoints2: {c6868b6f-ba5c-11e2-862f-e8039aabf19f} - F:\pushinst.exe

HKU\S-1-5-21-1656143743-13120863-1912775482-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30526056 2014-11-06] (Skype Technologies S.A.)

HKU\S-1-5-21-1656143743-13120863-1912775482-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: F - F:\HTC_Sync_Manager_PC.exe

HKU\S-1-5-21-1656143743-13120863-1912775482-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {18b4a11c-68ce-11e4-a530-e8039aabf19f} - F:\EasySuite.exe

HKU\S-1-5-21-1656143743-13120863-1912775482-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {1bc512c3-6432-11e4-a10e-e8039aabf19f} - F:\HTC_Sync_Manager_PC.exe

HKU\S-1-5-21-1656143743-13120863-1912775482-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {4713a888-69c2-11e4-855b-e8039aabf19f} - F:\AutoRun.exe

HKU\S-1-5-21-1656143743-13120863-1912775482-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {4713a8a4-69c2-11e4-855b-e8039aabf19f} - F:\AutoRun.exe

HKU\S-1-5-21-1656143743-13120863-1912775482-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {8fd23007-f429-11e3-82b0-e8039aabf19f} - F:\HTC_Sync_Manager_PC.exe

HKU\S-1-5-21-1656143743-13120863-1912775482-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {8fd23055-f429-11e3-82b0-e8039aabf19f} - F:\HTC_Sync_Manager_PC.exe

HKU\S-1-5-21-1656143743-13120863-1912775482-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {c6868b6f-ba5c-11e2-862f-e8039aabf19f} - F:\pushinst.exe

AppInit_DLLs: C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll [226920 2011-06-05] (NVIDIA Corporation)

AppInit_DLLs-x32: C:\windows\SysWOW64\nvinit.dll => C:\windows\SysWOW64\nvinit.dll [193128 2011-06-05] (NVIDIA Corporation)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk

ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (No File)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)

BootExecute: autocheck autochk * sdnclean64.exe

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

CHR HKU\S-1-5-21-1656143743-13120863-1912775482-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

CHR HKU\S-1-5-21-1656143743-13120863-1912775482-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

CHR HKU\S-1-5-21-1656143743-13120863-1912775482-1001\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

CHR HKU\S-1-5-21-1656143743-13120863-1912775482-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 

==================== Internet (Whitelisted) ====================
 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 

HKU\S-1-5-21-1656143743-13120863-1912775482-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung.msn.com

HKU\S-1-5-21-1656143743-13120863-1912775482-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung.msn.com

HKU\S-1-5-21-1656143743-13120863-1912775482-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.msn.com/?pc=UP97&ocid=UP97DHP

HKU\S-1-5-21-1656143743-13120863-1912775482-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung.msn.com

HKU\S-1-5-21-1656143743-13120863-1912775482-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.msn.com/?pc=UP97&ocid=UP97DHP

HKU\S-1-5-21-1656143743-13120863-1912775482-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung.msn.com

SearchScopes: HKLM-x32 -> DefaultScope value is missing.

SearchScopes: HKU\S-1-5-21-1656143743-13120863-1912775482-1001 -> {897486ED-9287-4939-B19A-4A0A0B9C2EFF} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=&apn_uid=31AFF370-5EA2-4949-8311-EE662C9F6D7C&apn_sauid=1CFF06F3-42B2-4022-8E49-7A6BC9C27968

SearchScopes: HKU\S-1-5-21-1656143743-13120863-1912775482-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {897486ED-9287-4939-B19A-4A0A0B9C2EFF} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=&apn_uid=31AFF370-5EA2-4949-8311-EE662C9F6D7C&apn_sauid=1CFF06F3-42B2-4022-8E49-7A6BC9C27968

BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)

BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)

BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)

BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)

BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)

BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)

BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)

Toolbar: HKU\S-1-5-21-1656143743-13120863-1912775482-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File

Toolbar: HKU\S-1-5-21-1656143743-13120863-1912775482-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File

Toolbar: HKU\S-1-5-21-1656143743-13120863-1912775482-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File

Toolbar: HKU\S-1-5-21-1656143743-13120863-1912775482-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File

Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)

Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

Tcpip\..\Interfaces\{D1E9C4FE-3969-4380-A416-2B8F2EBE2E99}: [NameServer] 10.74.210.210 10.74.210.211
 

FireFox:

========

FF ProfilePath: C:\Users\basti\AppData\Roaming\Mozilla\Firefox\Profiles\s5rfsy7n.default

FF SearchEngineOrder.1: Ask.com

FF SearchEngineOrder.3: Bing 

FF Homepage: about:home

FF Keyword.URL: hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q=

FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()

FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()

FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.updatepm.com/PriceMeterLiveUpdate Update;version=3 -> C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\npGoogleUpdate3.dll No File

FF Plugin-x32: @tools.updatepm.com/PriceMeterLiveUpdate Update;version=9 -> C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\npGoogleUpdate3.dll No File

FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF SearchPlugin: C:\Users\basti\AppData\Roaming\Mozilla\Firefox\Profiles\s5rfsy7n.default\searchplugins\google-images.xml

FF SearchPlugin: C:\Users\basti\AppData\Roaming\Mozilla\Firefox\Profiles\s5rfsy7n.default\searchplugins\google-maps.xml

FF Extension: Avira Browser Safety - C:\Users\basti\AppData\Roaming\Mozilla\Firefox\Profiles\s5rfsy7n.default\Extensions\abs@avira.com [2014-11-25]

FF Extension: Download videos and MP3s from YouTube - C:\Users\basti\AppData\Roaming\Mozilla\Firefox\Profiles\s5rfsy7n.default\Extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900} [2014-11-11]

FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-12-10]

FF Extension: UITBAutoInstaller - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\{edd7fc99-d65c-4979-85c2-ddeed30c50c7} [2014-12-10]

FF HKU\S-1-5-21-1656143743-13120863-1912775482-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi

FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

FF HKU\S-1-5-21-1656143743-13120863-1912775482-1001\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\basti\AppData\Roaming\Mozilla\Firefox\Profiles\s5rfsy7n.default\extensions\cliqz@cliqz.com

FF HKU\S-1-5-21-1656143743-13120863-1912775482-1001\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff

FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-11-11]

FF HKU\S-1-5-21-1656143743-13120863-1912775482-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi

FF HKU\S-1-5-21-1656143743-13120863-1912775482-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\basti\AppData\Roaming\Mozilla\Firefox\Profiles\s5rfsy7n.default\extensions\cliqz@cliqz.com

FF HKU\S-1-5-21-1656143743-13120863-1912775482-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
 

Chrome: 

=======

CHR HomePage: Default -> hxxp://de.msn.com/?pc=UP97&ocid=UP97DHP

CHR StartupUrls: Default -> "hxxp://de.msn.com/?pc=UP97&ocid=UP97DHP"

CHR DefaultSearchKeyword: Default -> bing.com

CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q={searchTerms}

CHR DefaultSuggestURL: Default -> hxxp://api.bing.com/osjson.aspx?query={searchTerms}&language={language}&form=UP97DF&PC=UP97

CHR Profile: C:\Users\basti\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Docs) - C:\Users\basti\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-14]

CHR Extension: (Google Drive) - C:\Users\basti\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-14]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\basti\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-08]

CHR Extension: (YouTube) - C:\Users\basti\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-14]

CHR Extension: (Google-Suche) - C:\Users\basti\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-14]

CHR Extension: (Avira Browserschutz) - C:\Users\basti\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-11-08]

CHR Extension: (Skype Click to Call) - C:\Users\basti\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-11-08]

CHR Extension: (Google Wallet) - C:\Users\basti\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-14]

CHR Extension: (Google Mail) - C:\Users\basti\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-14]

CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
 

==================== Services (Whitelisted) =================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-11] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-11] (Avira Operations GmbH & Co. KG)

R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG)

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)

R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)

R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1840128 2011-05-24] (MAGIX AG) [File not signed]

R3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]

R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()

S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)

R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-12-01] () [File not signed]

R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3020632 2014-04-04] (Samsung Electronics CO., LTD.)

R2 WTService; C:\windows\system32\atwtusb.exe [584192 2012-02-07] () [File not signed]
 

==================== Drivers (Whitelisted) ====================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-31] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-31] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-27] (Avira Operations GmbH & Co. KG)

U0 hobgmy; C:\Windows\System32\drivers\isrq.sys [79064 2014-12-15] (Malwarebytes Corporation)

S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [212992 2014-11-11] (Huawei Technologies Co., Ltd.)

R3 moufiltr; C:\Windows\System32\DRIVERS\moufiltr.sys [7680 2009-03-08] (Windows (R) Codename Longhorn DDK provider)

S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2012-05-05] (Windows (R) 2003 DDK 3790 provider)

R2 SGDrv; C:\Windows\System32\DRIVERS\SGdrv64.sys [7680 2011-04-11] (Phoenix Technologies Ltd.)

R3 vhidmini; C:\Windows\System32\DRIVERS\walvhid.sys [7552 2009-08-26] (Windows (R) Win 7 DDK provider)

S3 AthBTPort; system32\DRIVERS\btath_flt.sys [X]

S3 BTATH_A2DP; system32\drivers\btath_a2dp.sys [X]

S3 btath_avdt; system32\drivers\btath_avdt.sys [X]

S3 BTATH_BUS; system32\DRIVERS\btath_bus.sys [X]

S3 BTATH_HCRP; system32\DRIVERS\btath_hcrp.sys [X]

S3 BTATH_LWFLT; system32\DRIVERS\btath_lwflt.sys [X]

S3 BTATH_RCP; system32\DRIVERS\btath_rcp.sys [X]

S3 BtFilter; system32\DRIVERS\btfilter.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 

==================== One Month Created Files and Folders ========
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2014-12-15 07:27 - 2014-12-15 07:27 - 00025659 _____ () C:\Users\basti\Downloads\FRST.txt

2014-12-15 07:26 - 2014-12-15 07:27 - 00000000 ____D () C:\FRST

2014-12-15 07:25 - 2014-12-15 07:25 - 02119168 _____ (Farbar) C:\Users\basti\Downloads\FRST64.exe

2014-12-15 02:05 - 2014-12-15 02:05 - 00079064 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\isrq.sys

2014-12-11 03:08 - 2014-12-11 03:08 - 00000000 ____D () C:\windows\system32\appraiser

2014-12-11 03:02 - 2014-10-18 03:05 - 04121600 _____ (Microsoft Corporation) C:\windows\system32\mf.dll

2014-12-11 03:02 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\windows\SysWOW64\mf.dll

2014-12-11 03:02 - 2014-07-07 03:06 - 00206848 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll

2014-12-11 03:02 - 2014-07-07 03:06 - 00055808 _____ (Microsoft Corporation) C:\windows\system32\rrinstaller.exe

2014-12-11 03:02 - 2014-07-07 03:06 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\mfpmp.exe

2014-12-11 03:02 - 2014-07-07 03:02 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\mferror.dll

2014-12-11 03:02 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfps.dll

2014-12-11 03:02 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\rrinstaller.exe

2014-12-11 03:02 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfpmp.exe

2014-12-11 03:02 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\mferror.dll

2014-12-10 09:33 - 2014-12-10 09:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-12-10 07:47 - 2014-12-04 03:50 - 00830976 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll

2014-12-10 07:47 - 2014-12-04 03:50 - 00741376 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll

2014-12-10 07:47 - 2014-12-04 03:50 - 00413184 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll

2014-12-10 07:47 - 2014-12-04 03:50 - 00396800 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll

2014-12-10 07:47 - 2014-12-04 03:50 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll

2014-12-10 07:47 - 2014-12-04 03:50 - 00192000 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll

2014-12-10 07:47 - 2014-12-04 03:44 - 01083392 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll

2014-12-10 07:47 - 2014-12-02 00:28 - 01232040 _____ (Microsoft Corporation) C:\windows\system32\aitstatic.exe

2014-12-10 07:47 - 2014-11-27 02:43 - 00389296 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll

2014-12-10 07:47 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll

2014-12-10 07:47 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll

2014-12-10 07:47 - 2014-11-22 04:06 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb

2014-12-10 07:47 - 2014-11-22 04:06 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll

2014-12-10 07:47 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll

2014-12-10 07:47 - 2014-11-22 03:50 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll

2014-12-10 07:47 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll

2014-12-10 07:47 - 2014-11-22 03:49 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll

2014-12-10 07:47 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll

2014-12-10 07:47 - 2014-11-22 03:41 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll

2014-12-10 07:47 - 2014-11-22 03:40 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll

2014-12-10 07:47 - 2014-11-22 03:37 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll

2014-12-10 07:47 - 2014-11-22 03:35 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe

2014-12-10 07:47 - 2014-11-22 03:35 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe

2014-12-10 07:47 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll

2014-12-10 07:47 - 2014-11-22 03:34 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll

2014-12-10 07:47 - 2014-11-22 03:26 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe

2014-12-10 07:47 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll

2014-12-10 07:47 - 2014-11-22 03:22 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll

2014-12-10 07:47 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb

2014-12-10 07:47 - 2014-11-22 03:14 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll

2014-12-10 07:47 - 2014-11-22 03:09 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll

2014-12-10 07:47 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll

2014-12-10 07:47 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll

2014-12-10 07:47 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll

2014-12-10 07:47 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll

2014-12-10 07:47 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll

2014-12-10 07:47 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll

2014-12-10 07:47 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll

2014-12-10 07:47 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll

2014-12-10 07:47 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll

2014-12-10 07:47 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll

2014-12-10 07:47 - 2014-11-22 02:55 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe

2014-12-10 07:47 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll

2014-12-10 07:47 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll

2014-12-10 07:47 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe

2014-12-10 07:47 - 2014-11-22 02:47 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll

2014-12-10 07:47 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl

2014-12-10 07:47 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll

2014-12-10 07:47 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll

2014-12-10 07:47 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll

2014-12-10 07:47 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll

2014-12-10 07:47 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll

2014-12-10 07:47 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll

2014-12-10 07:47 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll

2014-12-10 07:47 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll

2014-12-10 07:47 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll

2014-12-10 07:47 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl

2014-12-10 07:47 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll

2014-12-10 07:47 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll

2014-12-10 07:47 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll

2014-12-10 07:47 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll

2014-12-10 07:47 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll

2014-12-10 07:47 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll

2014-12-10 07:47 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll

2014-12-10 07:47 - 2014-11-11 04:09 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll

2014-12-10 07:47 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll

2014-12-10 07:47 - 2014-11-11 02:46 - 00119296 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tdx.sys

2014-12-10 07:46 - 2014-11-08 04:16 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll

2014-12-10 07:46 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll

2014-12-10 07:46 - 2014-10-30 03:03 - 00165888 _____ (Microsoft Corporation) C:\windows\system32\charmap.exe

2014-12-10 07:46 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\windows\SysWOW64\charmap.exe

2014-12-10 07:46 - 2014-10-03 03:12 - 02020352 _____ (Microsoft Corporation) C:\windows\system32\WsmSvc.dll

2014-12-10 07:46 - 2014-10-03 03:12 - 00346624 _____ (Microsoft Corporation) C:\windows\system32\WSManMigrationPlugin.dll

2014-12-10 07:46 - 2014-10-03 03:12 - 00310272 _____ (Microsoft Corporation) C:\windows\system32\WsmWmiPl.dll

2014-12-10 07:46 - 2014-10-03 03:12 - 00181248 _____ (Microsoft Corporation) C:\windows\system32\WsmAuto.dll

2014-12-10 07:46 - 2014-10-03 03:11 - 00266240 _____ (Microsoft Corporation) C:\windows\system32\WSManHTTPConfig.exe

2014-12-10 07:46 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmSvc.dll

2014-12-10 07:46 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSManMigrationPlugin.dll

2014-12-10 07:46 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmWmiPl.dll

2014-12-10 07:46 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmAuto.dll

2014-12-10 07:46 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSManHTTPConfig.exe

2014-12-02 13:04 - 2014-12-12 19:43 - 00000896 _____ () C:\windows\setupact.log

2014-12-02 13:04 - 2014-12-02 13:04 - 00000000 _____ () C:\windows\setuperr.log

2014-11-30 00:44 - 2014-11-30 00:44 - 00000000 __SHD () C:\Users\basti\AppData\Local\EmieBrowserModeList

2014-11-29 09:30 - 2014-11-29 09:30 - 00000000 ____D () C:\Users\basti\AppData\Local\{B9323654-826A-4D36-AD33-B6E531320ABB}

2014-11-28 13:54 - 2014-11-28 13:54 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\basti\Downloads\revosetup95.exe

2014-11-28 13:54 - 2014-11-28 13:54 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group

2014-11-27 00:31 - 2014-12-14 21:58 - 00000000 ____D () C:\Users\basti\AppData\Roaming\FileAdvisor

2014-11-26 21:58 - 2014-12-15 01:40 - 00000000 ____D () C:\Program Files (x86)\Search Extensions

2014-11-26 21:57 - 2014-12-02 08:29 - 00000000 ____D () C:\Users\basti\AppData\Roaming\Free YouTube to MP3 Converter Studio

2014-11-26 21:57 - 2014-11-26 21:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free YouTube to MP3 Converter Studio

2014-11-26 21:57 - 2014-11-26 21:57 - 00000000 ____D () C:\Program Files (x86)\Free YouTube to MP3 Converter Studio

2014-11-26 21:55 - 2014-11-26 21:55 - 11872560 _____ (mediaprolab.com ) C:\Users\basti\Downloads\youtube-to-mp3-converter(1).exe

2014-11-26 21:55 - 2014-11-26 21:55 - 00234912 _____ (Download.com) C:\Users\basti\Downloads\youtube-to-mp3-converter.exe

2014-11-26 21:07 - 2014-12-14 08:38 - 00003518 _____ () C:\windows\System32\Tasks\FileAdvisorCheck

2014-11-26 21:07 - 2014-12-14 08:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\File Type Advisor

2014-11-26 21:07 - 2014-12-14 08:37 - 00000000 ____D () C:\Program Files (x86)\File Type Advisor

2014-11-26 21:07 - 2014-11-26 21:58 - 00003594 _____ () C:\windows\System32\Tasks\FileAdvisorUpdate

2014-11-26 21:07 - 2014-11-26 21:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free M4a to MP3 Converter

2014-11-26 21:07 - 2014-11-26 21:07 - 00000000 ____D () C:\Program Files (x86)\Free M4a to MP3 Converter

2014-11-26 21:05 - 2014-11-26 21:05 - 01169232 _____ () C:\Users\basti\Downloads\Free M4a to MP3 Converter - CHIP-Installer.exe

2014-11-25 12:58 - 2014-11-26 21:04 - 00000000 ____D () C:\Output

2014-11-25 12:57 - 2014-11-25 12:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP4 To MP3 Converter

2014-11-25 12:57 - 2014-11-25 12:57 - 00000000 ____D () C:\MP4ToMP3Converter

2014-11-25 12:55 - 2014-11-25 12:55 - 01169232 _____ () C:\Users\basti\Downloads\MP4 to MP3 Converter - CHIP-Installer.exe

2014-11-18 21:27 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll

2014-11-18 21:27 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\windows\system32\pku2u.dll

2014-11-18 21:27 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll

2014-11-18 21:27 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\windows\SysWOW64\pku2u.dll
 

==================== One Month Modified Files and Folders =======
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2014-12-15 07:23 - 2012-07-22 12:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2014-12-15 07:03 - 2014-06-14 21:58 - 00001110 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-12-15 06:29 - 2012-08-05 18:17 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job

2014-12-15 05:12 - 2012-03-08 23:10 - 01391723 _____ () C:\windows\WindowsUpdate.log

2014-12-15 02:05 - 2012-03-08 22:19 - 00000000 ____D () C:\windows\ShellNew

2014-12-15 01:43 - 2014-06-28 19:33 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys

2014-12-15 01:42 - 2014-06-28 19:33 - 00001062 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-12-15 01:42 - 2014-06-28 19:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-12-15 01:42 - 2014-06-28 19:33 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-12-15 01:41 - 2012-06-28 16:17 - 00000000 ____D () C:\Users\basti\AppData\Roaming\Skype

2014-12-14 16:08 - 2014-06-14 21:58 - 00001106 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-12-12 19:52 - 2009-07-14 05:45 - 00028624 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-12-12 19:52 - 2009-07-14 05:45 - 00028624 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-12-12 19:44 - 2009-07-14 03:34 - 00000418 _____ () C:\windows\win.ini

2014-12-12 19:43 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT

2014-12-12 14:59 - 2014-10-31 14:03 - 00001097 _____ () C:\Users\Public\Desktop\Avira.lnk

2014-12-12 14:59 - 2014-10-31 13:55 - 00000000 ____D () C:\ProgramData\Package Cache

2014-12-12 14:59 - 2013-05-30 18:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira

2014-12-12 14:59 - 2013-05-30 18:34 - 00000000 ____D () C:\Program Files (x86)\Avira

2014-12-11 03:43 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\rescache

2014-12-11 03:08 - 2014-05-10 18:20 - 00000000 ___SD () C:\windows\system32\CompatTel

2014-12-11 03:08 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\PolicyDefinitions

2014-12-11 03:08 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\AppCompat

2014-12-11 03:06 - 2013-08-27 16:11 - 00000000 ____D () C:\windows\system32\MRT

2014-12-11 03:03 - 2012-08-07 13:16 - 112710672 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe

2014-12-10 08:29 - 2012-08-05 18:17 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe

2014-12-10 08:29 - 2012-08-05 18:17 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-12-10 08:29 - 2012-08-05 18:17 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater

2014-12-10 07:35 - 2014-06-14 21:59 - 00002135 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2014-12-02 13:16 - 2012-06-25 09:43 - 00000000 ____D () C:\Program Files (x86)\phase5

2014-12-01 20:43 - 2014-02-28 20:40 - 00000000 ____D () C:\Users\basti\AppData\Local\Windows Live

2014-12-01 10:43 - 2012-06-02 11:04 - 00000132 _____ () C:\Users\basti\AppData\Roaming\Adobe PNG Format CS5 Prefs

2014-11-29 09:55 - 2014-06-17 23:34 - 00000000 ____D () C:\Users\basti\Documents\Youcam

2014-11-26 21:20 - 2014-11-06 21:42 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}

2014-11-21 06:14 - 2014-06-28 19:33 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys

2014-11-21 06:14 - 2014-06-28 19:33 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys

2014-11-21 06:14 - 2014-06-28 19:33 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys

2014-11-18 22:28 - 2012-06-01 14:08 - 00000000 ____D () C:\Users\basti\AppData\Local\VirtualStore

2014-11-18 21:31 - 2012-03-08 06:40 - 00000000 ____D () C:\ProgramData\SAMSUNG

2014-11-18 21:31 - 2012-03-08 06:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung

2014-11-18 21:31 - 2012-03-08 06:38 - 00000000 ____D () C:\Program Files (x86)\Samsung

2014-11-15 14:58 - 2014-06-14 21:58 - 00004106 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA

2014-11-15 14:58 - 2014-06-14 21:58 - 00003854 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
 

Some content of TEMP:

====================

C:\Users\basti\AppData\Local\Temp\avgnt.exe

C:\Users\basti\AppData\Local\Temp\System.Data.SQLite.dll

C:\Users\basti\AppData\Local\Temp\System.Data.SQLitefeb652fb-2f33-43df-9a1b-b3dfa7142c88.dll
 
 

==================== Bamital & volsnap Check =================
 

(There is no automatic fix for files that do not pass verification.)
 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2014-12-05 13:47
 

==================== End Of Log ============================

--- --- ---