Hier die Auswertung:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-12-2014
Ran by Leader (administrator) on LEADER-PC on 10-12-2014 15:28:36
Running from D:\Downloads
Loaded Profile: Leader (Available profiles: Leader)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
() C:\Program Files (x86)\LPT\srpts.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files (x86)\LPT\srptsl.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
() C:\Users\Leader\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Smartbar) C:\Users\Leader\AppData\Local\Smartbar\Application\Smartbar.exe
(Spotify Ltd) C:\Users\Leader\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exe
() C:\Users\Leader\AppData\Local\Smartbar\Application\Lrcnta.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13657304 2013-10-18] (Realtek Semiconductor)
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2460488 2014-09-17] (NVIDIA Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-11-18] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [ApnTBMon] => "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [124208 2014-10-22] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2718538848-1131795353-200091746-1002\...\Run: [Amazon Music] => C:\Users\Leader\AppData\Local\Amazon Music\Amazon Music Helper.exe [3356480 2014-07-22] ()
HKU\S-1-5-21-2718538848-1131795353-200091746-1002\...\Run: [Browser Infrastructure Helper] => C:\Users\Leader\AppData\Local\Smartbar\Application\Smartbar.exe [29696 2014-08-27] (Smartbar)
HKU\S-1-5-21-2718538848-1131795353-200091746-1002\...\Run: [Spotify Web Helper] => C:\Users\Leader\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1514040 2014-10-26] (Spotify Ltd)
HKU\S-1-5-21-2718538848-1131795353-200091746-1002\...\MountPoints2: {684c0762-98be-11e3-a12f-6817293931ee} - F:\AutoRun.exe
HKU\S-1-5-21-2718538848-1131795353-200091746-1002\...\MountPoints2: {96f9cc0e-a205-11e3-a98e-94de80a213ab} - E:\AutoRun.exe
HKU\S-1-5-21-2718538848-1131795353-200091746-1002\...\MountPoints2: {b65b4720-9d70-11e3-af71-94de80a213ab} - E:\AutoRun.exe
HKU\S-1-5-21-2718538848-1131795353-200091746-1002\...\MountPoints2: {d716dcdb-a214-11e3-a4a9-94de80a213ab} - F:\AutoRun.exe
HKU\S-1-5-21-2718538848-1131795353-200091746-1002\...\MountPoints2: {dbcaa63b-89af-11e3-bd14-806e6f6e6963} - E:\cdstart.exe
HKU\S-1-5-21-2718538848-1131795353-200091746-1002\...\MountPoints2: {ef997af2-98be-11e3-a438-6817293931ea} - F:\AutoRun.exe
HKU\S-1-5-21-2718538848-1131795353-200091746-1002\...\MountPoints2: {f9fad6e9-93dd-11e3-9506-6817293931ee} - H:\HTC_Sync_Manager_PC.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-2718538848-1131795353-200091746-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6QVFdlkuDDcdAb-WGeuWajRyPhiCIURp0nBczSsWkZptCAAJ1osoob6B1ysaPl7iolvgle1xbXmx73tE5jRyv0gd6HmM-7MO1ZQaXDidj2alVDWJcNhOvJ2oujKJj7xSznp8o9Bqi2FEgSKhGN9k4AmxQ_O62ukBYcnEwHwVLg4Xg,,
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6QVFdlkuDDcdAb-WGeuWajRyPhiCIURp0nBczSsWkZptCAAJ1osoob6B1ysaPl7iolvgle1xbXmx73hWkn5pgo8oZesdBuymDfYqxAqERcBuHLnTMaWwxwXSM-BmRSzqA1QKAL1Ian2RJ0coBI5VnhJr0XiQqek_35wYZGJiNJXyw,,&q={searchTerms}
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6QVFdlkuDDcdAb-WGeuWajRyPhiCIURp0nBczSsWkZptCAAJ1osoob6B1ysaPl7iolvgle1xbXmx73hWkn5pgo8oZesdBuymDfYqxAqERcBuHLnTMaWwxwXSM-BmRSzqA1QKAL1Ian2RJ0coBI5VnhJr0XiQqek_35wYZGJiNJXyw,,&q={searchTerms}
HKU\S-1-5-21-2718538848-1131795353-200091746-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6QVFdlkuDDcdAb-WGeuWajRyPhiCIURp0nBczSsWkZptCAAJ1osoob6B1ysaPl7iolvgle1xbXmx73hWkn5pgo8oZesdBuymDfYqxAqERcBuHLnTMaWwxwXSM-BmRSzqA1QKAL1Ian2RJ0coBI5VnhJr0XiQqek_35wYZGJiNJXyw,,&q={searchTerms}
HKU\S-1-5-21-2718538848-1131795353-200091746-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6QVFdlkuDDcdAb-WGeuWajRyPhiCIURp0nBczSsWkZptCAAJ1osoob6B1ysaPl7iolvgle1xbXmx73tE5jRyv0gd6HmM-7MO1ZQaXDidj2alVDWJcNhOvJ2oujKJj7xSznp8o9Bqi2FEgSKhGN9k4AmxQ_O62ukBYcnEwHwVLg4Xg,,
HKU\S-1-5-21-2718538848-1131795353-200091746-1002\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/
HKU\S-1-5-21-2718538848-1131795353-200091746-1002\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6QVFdlkuDDcdAb-WGeuWajRyPhiCIURp0nBczSsWkZptCAAJ1osoob6B1ysaPl7iolvgle1xbXmx73hWkn5pgo8oZesdBuymDfYqxAqERcBuHLnTMaWwxwXSM-BmRSzqA1QKAL1Ian2RJ0coBI5VnhJr0XiQqek_35wYZGJiNJXyw,,&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6QVFdlkuDDcdAb-WGeuWajRyPhiCIURp0nBczSsWkZptCAAJ1osoob6B1ysaPl7iolvgle1xbXmx73hWkn5pgo8oZesdBuymDfYqxAqERcBuHLnTMaWwxwXSM-BmRSzqA1QKAL1Ian2RJ0coBI5VnhJr0XiQqek_35wYZGJiNJXyw,,&q={searchTerms}
SearchScopes: HKLM-x32 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6QVFdlkuDDcdAb-WGeuWajRyPhiCIURp0nBczSsWkZptCAAJ1osoob6B1ysaPl7iolvgle1xbXmx73hWkn5pgo8oZesdBuymDfYqxAqERcBuHLnTMaWwxwXSM-BmRSzqA1QKAL1Ian2RJ0coBI5VnhJr0XiQqek_35wYZGJiNJXyw,,&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6QVFdlkuDDcdAb-WGeuWajRyPhiCIURp0nBczSsWkZptCAAJ1osoob6B1ysaPl7iolvgle1xbXmx73hWkn5pgo8oZesdBuymDfYqxAqERcBuHLnTMaWwxwXSM-BmRSzqA1QKAL1Ian2RJ0coBI5VnhJr0XiQqek_35wYZGJiNJXyw,,&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6QVFdlkuDDcdAb-WGeuWajRyPhiCIURp0nBczSsWkZptCAAJ1osoob6B1ysaPl7iolvgle1xbXmx73hWkn5pgo8oZesdBuymDfYqxAqERcBuHLnTMaWwxwXSM-BmRSzqA1QKAL1Ian2RJ0coBI5VnhJr0XiQqek_35wYZGJiNJXyw,,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2718538848-1131795353-200091746-1002 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6QVFdlkuDDcdAb-WGeuWajRyPhiCIURp0nBczSsWkZptCAAJ1osoob6B1ysaPl7iolvgle1xbXmx73hWkn5pgo8oZesdBuymDfYqxAqERcBuHLnTMaWwxwXSM-BmRSzqA1QKAL1Ian2RJ0coBI5VnhJr0XiQqek_35wYZGJiNJXyw,,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2718538848-1131795353-200091746-1002 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6QVFdlkuDDcdAb-WGeuWajRyPhiCIURp0nBczSsWkZptCAAJ1osoob6B1ysaPl7iolvgle1xbXmx73hWkn5pgo8oZesdBuymDfYqxAqERcBuHLnTMaWwxwXSM-BmRSzqA1QKAL1Ian2RJ0coBI5VnhJr0XiQqek_35wYZGJiNJXyw,,&q={searchTerms}
BHO: Yahoo Community Smartbar (by Linkury)Engine -> {31ad400d-1b06-4e33-a59a-90c2c140cba0} -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
BHO: Avira SearchFree Toolbar -> {41564952-412D-5637-4300-7A786E7484D7} -> "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport_x64.dll" No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: No Name -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> No File
BHO-x32: Yahoo Community Smartbar (by Linkury)Engine -> {31ad400d-1b06-4e33-a59a-90c2c140cba0} -> C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Avira SearchFree Toolbar -> {41564952-412D-5637-4300-7A786E7484D7} -> "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll" No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: No Name -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> No File
Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-4300-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport_x64.dll" No File
Toolbar: HKLM - Yahoo Community Smartbar (by Linkury) - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - Avira SearchFree Toolbar - {41564952-412D-5637-4300-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll" No File
Toolbar: HKLM-x32 - Yahoo Community Smartbar (by Linkury) - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Leader\AppData\Roaming\Mozilla\Firefox\Profiles\p64ude9n.default
FF DefaultSearchEngine: Web Search
FF SelectedSearchEngine: Web Search
FF Homepage: https://www.google.de/
FF Keyword.URL: hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6QVFdlkuDDcdAb-WGeuWajRyPhiCIURp0nBczSsWkZptCAAJ1osoob6B1ysaPl7iolvgle1xbXmx73hWkn5pgo8oZesdBuymDfYqxAqERcBuHLnTMaWwxwXSM-BmRSzqA1QKAL1Ian2RJ0coBI5VnhJr0XiQqek_35wYZGJiNJXyw,,&q=
FF NetworkProxy: "http", "www-proxy.t-online.de"
FF NetworkProxy: "http_port", 80
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @videolan.org/vlc,version=2.1.3 -> D:\Programme\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Leader\AppData\Roaming\Mozilla\Firefox\Profiles\p64ude9n.default\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\Leader\AppData\Roaming\Mozilla\Firefox\Profiles\p64ude9n.default\searchplugins\google-maps.xml
FF SearchPlugin: C:\Users\Leader\AppData\Roaming\Mozilla\Firefox\Profiles\p64ude9n.default\searchplugins\Web Search.xml
FF Extension: Avira Browser Safety - C:\Users\Leader\AppData\Roaming\Mozilla\Firefox\Profiles\p64ude9n.default\Extensions\abs@avira.com [2014-11-19]
FF Extension: Download videos and MP3s from YouTube - C:\Users\Leader\AppData\Roaming\Mozilla\Firefox\Profiles\p64ude9n.default\Extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900} [2014-09-02]
FF Extension: Telekom YouTube Turbo - C:\Users\Leader\AppData\Roaming\Mozilla\Firefox\Profiles\p64ude9n.default\Extensions\info@maltegoetz.de.xpi [2014-11-13]
FF HKU\S-1-5-21-2718538848-1131795353-200091746-1002\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF HKU\S-1-5-21-2718538848-1131795353-200091746-1002\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Leader\AppData\Roaming\Mozilla\Firefox\Profiles\p64ude9n.default\extensions\cliqz@cliqz.com
Chrome:
=======
CHR Profile: C:\Users\Leader\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Leader\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-03]
CHR Extension: (Google Drive) - C:\Users\Leader\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-03]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Leader\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-03]
CHR Extension: (YouTube) - C:\Users\Leader\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-03]
CHR Extension: (Google-Suche) - C:\Users\Leader\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-03]
CHR Extension: (Google Tabellen) - C:\Users\Leader\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-03]
CHR Extension: (Avira Browser Safety) - C:\Users\Leader\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-11-03]
CHR Extension: (Google Wallet) - C:\Users\Leader\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-03]
CHR Extension: (Google Mail) - C:\Users\Leader\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-03]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2014-11-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2014-11-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [995064 2014-11-18] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [164656 2014-10-22] (Avira Operations GmbH & Co. KG)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-09-17] (NVIDIA Corporation)
R2 LPTSystemUpdater; C:\Program Files (x86)\LPT\srpts.exe [34304 2014-08-27] () <==== ATTENTION
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-09-17] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19439944 2014-09-17] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2014-06-25] ()
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 adp3132; C:\Windows\system32\drivers\adp3132.sys [385072 2010-01-28] (Adaptec, Inc.)
S3 amdide64; C:\Windows\system32\drivers\amdide64.sys [11904 2011-12-18] (Advanced Micro Devices Inc.)
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36096 2013-05-21] (Advanced Micro Devices, Inc.)
S3 asahci64; C:\Windows\system32\drivers\asahci64.sys [49760 2012-01-06] (Asmedia Technology)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-07] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-07] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [43064 2014-10-07] (Avira Operations GmbH & Co. KG)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [496400 2013-02-27] (Intel Corporation)
S3 EtronSTOR; C:\Windows\System32\Drivers\EtronSTOR.sys [32512 2012-06-13] (Etron Technology Inc)
S3 FLxHCIh; C:\Windows\system32\drivers\FLxHCIh.sys [77040 2012-11-02] (Fresco Logic)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [26072 2012-10-18] (Intel Corporation)
S3 iaStorS; C:\Windows\system32\drivers\iaStorS.sys [652760 2012-10-18] (Intel Corporation)
S3 ISASerial; C:\Windows\system32\drivers\ISASerial.sys [72192 2008-02-20] (Windows (R) Codename Longhorn DDK provider)
S3 ISCT; C:\Windows\system32\drivers\ISCTD64.sys [46568 2013-02-14] ()
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [128200 2013-04-26] (Qualcomm Atheros Co., Ltd.)
R3 MEIx64; C:\Windows\system32\drivers\TeeDriverx64.sys [99288 2013-08-08] (Intel Corporation)
S3 MTsensor; C:\Windows\system32\drivers\ASACPI.sys [15416 2009-07-16] ()
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19272 2014-09-17] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation)
S1 oxpar; C:\Windows\system32\drivers\oxpar.sys [158208 2007-01-24] (OEM)
S3 OxPCIeSer; C:\Windows\system32\drivers\OxPCIeSer.sys [101672 2008-04-04] (OEM)
S3 OxPPort; C:\Windows\system32\drivers\OxPPort.sys [98304 2008-07-31] (OEM)
S3 oxser; C:\Windows\system32\drivers\oxser.sys [98352 2009-05-26] (OEM)
S3 PciIsaSerial; C:\Windows\system32\drivers\PciIsaSerial.sys [72192 2008-05-22] (Windows (R) Codename Longhorn DDK provider)
S3 PciPPorts; C:\Windows\system32\drivers\PciPPorts.sys [95744 2008-05-22] ()
S3 PciSPorts; C:\Windows\system32\drivers\PciSPorts.sys [126464 2008-05-22] ()
S3 PPorts; C:\Windows\system32\drivers\PPorts.sys [95744 2008-02-20] ()
S3 rusb3hub; C:\Windows\system32\drivers\rusb3hub.sys [102912 2012-03-15] (Renesas Electronics Corporation)
S3 rusb3xhc; C:\Windows\system32\drivers\rusb3xhc.sys [220672 2012-03-15] (Renesas Electronics Corporation)
S3 Si3124r5; C:\Windows\system32\drivers\Si3124r5.sys [340008 2010-04-13] (Silicon Image, Inc)
R0 SiFilter; C:\Windows\System32\drivers\SiWinAcc.sys [22568 2010-04-13] (Silicon Image, Inc.)
R0 SiRemFil; C:\Windows\System32\drivers\SiRemFil.sys [16936 2010-04-13] (Silicon Image, Inc.)
S3 SPorts; C:\Windows\system32\drivers\SPorts.sys [124416 2008-02-20] ()
S3 StnPport; C:\Windows\system32\drivers\StnPport.sys [97280 2009-12-17] ()
S3 StnSport; C:\Windows\system32\drivers\StnSport.sys [126464 2009-11-14] ()
S3 VUSB3HUB; C:\Windows\system32\drivers\ViaHub3.sys [225792 2013-09-25] (VIA Technologies, Inc.)
S3 xhcdrv; C:\Windows\system32\drivers\xhcdrv.sys [296960 2013-09-25] (VIA Technologies, Inc.)
S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]
S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 NmPar; \SystemRoot\system32\drivers\NmPar.sys [X]
S3 nmserial; \SystemRoot\system32\drivers\nmserial.sys [X]
S3 Oxmfuf; \SystemRoot\system32\drivers\oxmfuf.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-10 15:28 - 2014-12-10 15:28 - 00000000 ____D () C:\FRST
2014-12-10 15:20 - 2014-12-10 15:20 - 00011298 _____ () C:\Users\Leader\Desktop\Ereignisse.txt
2014-12-09 20:03 - 2014-12-09 20:03 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-09 20:02 - 2014-12-09 20:02 - 00000000 ____D () C:\Users\Leader\AppData\Roaming\Cliqz
2014-12-09 20:02 - 2011-05-13 11:16 - 00493056 _____ ( datenhaus GmbH) C:\Windows\SysWOW64\dhRichClient3.dll
2014-12-09 20:02 - 2011-03-25 19:42 - 00338432 _____ () C:\Windows\SysWOW64\sqlite36_engine.dll
2014-12-09 19:15 - 2014-12-09 19:15 - 00001119 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-12-09 19:15 - 2014-12-09 19:15 - 00001107 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-12-09 19:15 - 2014-12-09 19:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-09 19:15 - 2014-12-09 19:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-09 19:14 - 2014-12-09 19:14 - 00000000 __SHD () C:\Users\Leader\AppData\Local\EmieBrowserModeList
2014-12-09 17:28 - 2014-12-09 17:29 - 00000000 ____D () C:\Users\Leader\AppData\Roaming\Dropbox
2014-11-30 23:57 - 2014-12-01 15:49 - 00000000 ____D () C:\Users\Leader\Desktop\gg
2014-11-19 17:35 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-19 17:35 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-19 17:35 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-19 17:35 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-13 21:17 - 2014-11-13 21:17 - 00000000 ____D () C:\Users\Leader\AppData\Local\Adobe
2014-11-12 17:51 - 2014-11-07 20:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-12 17:51 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-12 17:51 - 2014-11-06 05:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-12 17:51 - 2014-11-06 05:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-12 17:51 - 2014-11-06 05:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-12 17:51 - 2014-11-06 04:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-12 17:51 - 2014-11-06 04:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-12 17:51 - 2014-11-06 04:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-12 17:51 - 2014-11-06 04:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-12 17:51 - 2014-11-06 04:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-12 17:51 - 2014-11-06 04:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-12 17:51 - 2014-11-06 04:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-12 17:51 - 2014-11-06 04:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-12 17:51 - 2014-11-06 04:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-12 17:51 - 2014-11-06 04:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-12 17:51 - 2014-11-06 04:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-12 17:51 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-12 17:51 - 2014-11-06 04:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-12 17:51 - 2014-11-06 04:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-12 17:51 - 2014-11-06 04:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-12 17:51 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-12 17:51 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-12 17:51 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-12 17:51 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-12 17:51 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-12 17:51 - 2014-11-06 04:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-12 17:51 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-12 17:51 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-12 17:51 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-12 17:51 - 2014-11-06 04:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-12 17:51 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-12 17:51 - 2014-11-06 04:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-12 17:51 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-12 17:51 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-12 17:51 - 2014-11-06 03:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-12 17:51 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-12 17:51 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-12 17:51 - 2014-11-06 03:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-12 17:51 - 2014-11-06 03:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-12 17:51 - 2014-11-06 03:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-12 17:51 - 2014-11-06 03:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-12 17:51 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-12 17:51 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-12 17:51 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-12 17:51 - 2014-11-06 03:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-12 17:51 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-12 17:51 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-12 17:51 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-12 17:51 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-12 17:51 - 2014-11-06 03:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-12 17:51 - 2014-11-06 03:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-12 17:51 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-12 17:51 - 2014-11-06 02:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-12 17:51 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-12 17:51 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-12 17:51 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-12 17:46 - 2014-11-05 18:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-12 17:46 - 2014-11-05 18:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-12 17:46 - 2014-11-05 18:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-12 17:46 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-12 17:46 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-12 17:46 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-12 17:46 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-12 17:46 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-12 17:46 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-12 17:46 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-12 17:46 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-12 17:46 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-12 17:41 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-12 17:41 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-12 17:41 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-12 17:41 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-12 17:41 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-12 17:41 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-12 17:41 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-12 17:41 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-12 17:41 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-12 17:41 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-12 17:41 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-12 17:41 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-12 17:41 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-12 17:41 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-12 17:41 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-12 17:41 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-12 17:41 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-12 17:41 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-12 17:41 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-12 17:41 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-12 17:41 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-12 17:41 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-12 17:41 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-12 17:41 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-12 17:41 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-12 17:41 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-12 17:40 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-12 17:40 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-12 17:40 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-12 17:40 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-12 17:40 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-12 17:40 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-12 17:40 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-10 14:54 - 2014-03-13 18:27 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-10 14:54 - 2014-03-13 18:27 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-10 14:54 - 2014-01-30 13:14 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-10 14:54 - 2014-01-30 13:14 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-10 14:39 - 2014-11-03 20:28 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-10 14:26 - 2009-07-14 05:45 - 00031680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-10 14:26 - 2009-07-14 05:45 - 00031680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-10 14:25 - 2010-11-21 07:50 - 00698688 _____ () C:\Windows\system32\perfh007.dat
2014-12-10 14:25 - 2010-11-21 07:50 - 00148828 _____ () C:\Windows\system32\perfc007.dat
2014-12-10 14:25 - 2009-07-14 06:13 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-10 14:23 - 2014-02-01 11:02 - 01170484 _____ () C:\Windows\WindowsUpdate.log
2014-12-10 14:19 - 2014-11-03 20:28 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-10 14:18 - 2014-01-30 13:11 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-12-10 14:18 - 2010-11-21 04:47 - 00017454 _____ () C:\Windows\PFRO.log
2014-12-10 14:18 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-10 14:18 - 2009-07-14 05:51 - 00189771 _____ () C:\Windows\setupact.log
2014-12-09 19:39 - 2014-02-22 16:17 - 00000000 ____D () C:\Users\Leader\AppData\Roaming\vlc
2014-12-08 22:32 - 2014-02-04 19:51 - 00000000 ____D () C:\Users\Leader\AppData\Roaming\TS3Client
2014-12-02 23:29 - 2014-10-03 16:41 - 00000000 ____D () C:\Users\Leader\Desktop\fanta
2014-12-01 10:56 - 2014-11-01 18:36 - 00000000 ____D () C:\Users\Leader\Desktop\Mapls15
2014-11-30 23:59 - 2014-02-03 10:15 - 00000000 ____D () C:\Users\Leader\AppData\Local\Paint.NET
2014-11-26 17:39 - 2014-11-03 23:20 - 00002135 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-11-17 19:08 - 2014-09-29 10:42 - 00184800 _____ () C:\Windows\SysWOW64\XMLOperations.xml
2014-11-16 17:55 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-11-15 16:33 - 2014-11-03 20:28 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-15 16:33 - 2014-11-03 20:28 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-13 22:10 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-11-13 21:16 - 2014-07-28 17:31 - 00000000 ____D () C:\ProgramData\Oracle
2014-11-13 21:15 - 2014-07-28 17:32 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-11-13 21:15 - 2014-07-28 17:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-11-13 21:15 - 2014-07-28 17:32 - 00000000 ____D () C:\Program Files (x86)\Java
2014-11-13 18:08 - 2009-07-14 05:45 - 00269272 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-13 18:07 - 2014-05-06 18:06 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-12 22:59 - 2014-02-09 10:07 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-12 22:58 - 2014-02-09 10:07 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-11 17:02 - 2014-11-08 19:08 - 00000000 ____D () C:\Users\Leader\AppData\Local\www.rene-zeidler.de
Some content of TEMP:
====================
C:\Users\Leader\AppData\Local\Temp\avgnt.exe
C:\Users\Leader\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\Leader\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Leader\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Leader\AppData\Local\Temp\nv3DVStreaming.dll
C:\Users\Leader\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Leader\AppData\Local\Temp\nvStereoApiI.dll
C:\Users\Leader\AppData\Local\Temp\nvStInst.exe
C:\Users\Leader\AppData\Local\Temp\Offercast_AVIRAV7_.exe
C:\Users\Leader\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Leader\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\Leader\AppData\Local\Temp\tmd_34014049.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-12-05 15:17
==================== End Of Log ============================
--- --- --- Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-12-2014
Ran by Leader at 2014-12-10 15:28:52
Running from D:\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Amazon Music (HKU\S-1-5-21-2718538848-1131795353-200091746-1002\...\Amazon Amazon Music) (Version: 3.2.0.591 - Amazon Services LLC)
America's Army: Proving Grounds Beta (HKLM-x32\...\Steam App 203290) (Version: - )
Avira (HKLM-x32\...\{9480d4af-12b9-4e56-8034-4031ef6ab39d}) (Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.342 - Avira)
Avira SearchFree Toolbar (HKLM-x32\...\{41564952-412D-5637-4300-A758B70C1002}) (Version: 12.16.2.2041 - APN, LLC)
Borland Database Engine 5.2 (HKLM-x32\...\Borland Database Engine 5.2) (Version: - proNOVA IT)
Borland Database Engine 5.2 (x32 Version: 5.2 - Borland Inc.) Hidden
Cliqz (HKLM-x32\...\{5A0C0737-6AFE-4DC6-A8B4-6DFE509ACD75}_is1) (Version: 0.5.31 - Cliqz.com)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Day of Defeat: Source (HKLM-x32\...\Steam App 300) (Version: - Valve)
Farming Simulator 15 (HKLM-x32\...\Steam App 313160) (Version: - Giants Software)
Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - )
Free YouTube to MP3 Converter version 3.12.46.923 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.46.923 - DVDVideoSoft Ltd.)
Futuremark SystemInfo (HKLM-x32\...\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}) (Version: 4.17.0 - Futuremark Corporation)
GIANTS Editor 5.5.1 64-bit (HKLM-x32\...\giants_editor_5.5.1_win64_is1) (Version: 5.5.1 - GIANTS Software GmbH)
GIANTS Editor 6.0.2 64-bit (HKLM-x32\...\giants_editor_6.0.2_win64_is1) (Version: 6.0.2 - GIANTS Software GmbH)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.71 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217065FF}) (Version: 7.0.650 - Oracle)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Landwirtschafts Simulator 2013 (HKLM-x32\...\FarmingSimulator2013DE_is1) (Version: 1.0 - GIANTS Software)
LPT System Updater Service (x32 Version: 1.0.0.0 - LPT) Hidden <==== ATTENTION
MICRODEM Freeware GIS (HKLM-x32\...\{5E08B15D-7C97-4FC9-8500-BD7EDA18C66A}) (Version: 12.20.2013 - Petmar Triilobite Breeding Ranch)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-2718538848-1131795353-200091746-1002\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 34.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
NVIDIA 3D Vision Controller-Treiber 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 344.11 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 344.11 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.2 - NVIDIA Corporation)
NVIDIA Grafiktreiber 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.11 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - )
Paint.NET v3.5.11 (HKLM\...\{72EF03F5-0507-4861-9A44-D99FD4C41418}) (Version: 3.61.0 - dotPDN LLC)
Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
PhotoScape (HKLM-x32\...\PhotoScape) (Version: - )
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7071 - Realtek Semiconductor Corp.)
SHIELD Streaming (Version: 3.1.200 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.13.42 - NVIDIA Corporation) Hidden
Spotify (HKU\S-1-5-21-2718538848-1131795353-200091746-1002\...\Spotify) (Version: 0.9.14.13.gba5645ad - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.13 - TeamSpeak Systems GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
Vegas Pro 13.0 (64-bit) (HKLM\...\{386F5740-091D-11E4-B13E-F04DA23A5C58}) (Version: 13.0.373 - Sony)
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
World of Tanks (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1) (Version: - Wargaming.net)
XnView 2.13 (HKLM-x32\...\XnView_is1) (Version: 2.13 - Gougelet Pierre-e)
Yahoo Community Smartbar (HKLM-x32\...\{4E732E5D-E577-451A-9BB1-CBE64A2CBC2F}) (Version: 11.112.66.19229 - Linkury Inc.) <==== ATTENTION
Yahoo Community Smartbar Engine (HKU\S-1-5-21-2718538848-1131795353-200091746-1002\...\{cbb34324-b3f4-48fb-8655-0216c62bf3ae}) (Version: 11.112.66.19229 - Linkury Inc.) <==== ATTENTION
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2718538848-1131795353-200091746-1002_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Leader\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2718538848-1131795353-200091746-1002_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Leader\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2718538848-1131795353-200091746-1002_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Leader\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2718538848-1131795353-200091746-1002_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Leader\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation)
==================== Restore Points =========================
27-11-2014 19:06:52 Geplanter Prüfpunkt
05-12-2014 14:24:10 Geplanter Prüfpunkt
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {75E92777-EC9C-44B3-912D-F93E6CC94A4E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-03] (Google Inc.)
Task: {D3938B76-F886-4A37-BE6F-42A977B0A88A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-10] (Adobe Systems Incorporated)
Task: {F3FBEF96-6606-4F1C-8121-AFEC51CAABB9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-03] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2014-01-30 13:11 - 2014-09-13 22:53 - 00116880 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-08-27 15:24 - 2014-08-27 15:24 - 00034304 _____ () C:\Program Files (x86)\LPT\srpts.exe
2014-06-25 22:26 - 2014-06-25 22:34 - 00076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-08-27 15:24 - 2014-08-27 15:29 - 00036352 _____ () C:\Program Files (x86)\LPT\srptsl.exe
2013-11-18 16:39 - 2013-07-31 03:44 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-06-14 16:07 - 2014-07-22 21:46 - 03356480 _____ () C:\Users\Leader\AppData\Local\Amazon Music\Amazon Music Helper.exe
2014-08-27 15:28 - 2014-08-27 15:28 - 00025088 _____ () C:\Users\Leader\AppData\Local\Smartbar\Application\Lrcnta.exe
2014-08-27 15:24 - 2014-08-27 15:29 - 00044032 _____ () C:\Program Files (x86)\LPT\srptc.dll
2014-08-27 15:23 - 2014-08-27 15:28 - 00018944 _____ () C:\Program Files (x86)\LPT\Smartbar.Common.dll
2014-08-27 15:24 - 2014-08-27 15:29 - 00071680 _____ () C:\Program Files (x86)\LPT\srut.dll
2014-08-27 15:29 - 2014-08-27 15:29 - 00052224 _____ () C:\Users\Leader\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Core.dll
2014-08-27 15:29 - 2014-08-27 15:29 - 00087552 _____ () C:\Users\Leader\AppData\Local\Smartbar\Application\srau.dll
2014-08-27 15:29 - 2014-08-27 15:29 - 00167424 _____ () C:\Users\Leader\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Utilities.dll
2014-08-27 15:29 - 2014-08-27 15:29 - 02426880 _____ () C:\Users\Leader\AppData\Local\Smartbar\Application\Smartbar.GUI.MainClient.dll
2014-08-27 15:29 - 2014-08-27 15:29 - 00068608 _____ () C:\Users\Leader\AppData\Local\Smartbar\Application\spbl.dll
2014-08-27 15:29 - 2014-08-27 15:29 - 00160256 _____ () C:\Users\Leader\AppData\Local\Smartbar\Application\Smartbar.Resources.HistoryAndStatsWrapper.dll
2014-08-27 15:28 - 2014-08-27 15:28 - 00015872 _____ () C:\Users\Leader\AppData\Local\Smartbar\Application\siem.dll
2014-08-27 15:29 - 2014-08-27 15:29 - 00069120 _____ () C:\Users\Leader\AppData\Local\Smartbar\Application\sppsm.dll
2014-08-27 15:29 - 2014-08-27 15:29 - 00698368 _____ () C:\Users\Leader\AppData\Local\Smartbar\Application\Smartbar.GUI.Controls.dll
2014-08-27 15:29 - 2014-08-27 15:29 - 00016384 _____ () C:\Users\Leader\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.BusinessEntities.dll
2014-08-27 15:29 - 2014-08-27 15:29 - 00080384 _____ () C:\Users\Leader\AppData\Local\Smartbar\Application\Smartbar.GUI.Docking.dll
2014-08-27 15:29 - 2014-08-27 15:29 - 00028672 _____ () C:\Users\Leader\AppData\Local\Smartbar\Application\Smartbar.Personalization.Common.dll
2014-08-27 15:29 - 2014-08-27 15:29 - 00071680 _____ () C:\Users\Leader\AppData\Local\Smartbar\Application\srut.dll
2014-08-27 15:29 - 2014-08-27 15:29 - 00031232 _____ () C:\Users\Leader\AppData\Local\Smartbar\Application\srsbs.dll
2014-08-27 15:29 - 2014-08-27 15:29 - 00067072 _____ () C:\Users\Leader\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.InternetExplorerLocalPlugin.dll
2014-08-27 15:29 - 2014-08-27 15:29 - 00152064 _____ () C:\Users\Leader\AppData\Local\Smartbar\Application\smti.dll
2014-08-27 15:29 - 2014-08-27 15:29 - 00075264 _____ () C:\Users\Leader\AppData\Local\Smartbar\Application\smsp.dll
2014-08-27 15:28 - 2014-08-27 15:28 - 00011776 _____ () C:\Users\Leader\AppData\Local\Smartbar\Application\sidc.dll
2014-08-27 15:29 - 2014-08-27 15:29 - 00032256 _____ () C:\Users\Leader\AppData\Local\Smartbar\Application\smtu.dll
2014-08-27 15:29 - 2014-08-27 15:29 - 00040448 _____ () C:\Users\Leader\AppData\Local\Smartbar\Application\smta.dll
2014-08-27 15:29 - 2014-08-27 15:29 - 00032768 _____ () C:\Users\Leader\AppData\Local\Smartbar\Application\srom.dll
2014-08-27 15:29 - 2014-08-27 15:29 - 00049152 _____ () C:\Users\Leader\AppData\Local\Smartbar\Application\srbu.dll
2014-08-27 15:28 - 2014-08-27 15:28 - 00025600 _____ () C:\Users\Leader\AppData\Local\Smartbar\Application\sgml.dll
2014-08-27 15:29 - 2014-08-27 15:29 - 00063488 _____ () C:\Users\Leader\AppData\Local\Smartbar\Application\Smartbar.Resources.LanguageSettings.dll
2014-08-27 15:29 - 2014-08-27 15:29 - 00026624 _____ () C:\Users\Leader\AppData\Local\Smartbar\Application\srpdm.dll
2014-08-27 15:28 - 2014-08-27 15:28 - 00045056 _____ () C:\Users\Leader\AppData\Local\Smartbar\Application\MACTrackBarLib.dll
2014-08-27 15:24 - 2014-08-27 15:24 - 00026624 _____ () C:\Users\Leader\AppData\Local\Smartbar\Application\de\Smartbar.Resources.LanguageSettings.resources.dll
2014-08-27 15:29 - 2014-08-27 15:29 - 00036864 _____ () C:\Users\Leader\AppData\Local\Smartbar\Application\Smartbar.Resources.SocialNetsSharer.dll
2014-08-27 15:29 - 2014-08-27 15:29 - 00257024 _____ () C:\Users\Leader\AppData\Local\Smartbar\Application\srns.dll
2014-12-09 19:15 - 2014-11-26 17:40 - 03758192 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-12-10 14:54 - 2014-12-10 14:54 - 16841392 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll
2014-08-27 15:28 - 2014-08-27 15:28 - 00034816 _____ () C:\Users\Leader\AppData\Local\Smartbar\Application\lrcnt.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-2718538848-1131795353-200091746-500 - Administrator - Disabled)
Gast (S-1-5-21-2718538848-1131795353-200091746-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2718538848-1131795353-200091746-1003 - Limited - Enabled)
Leader (S-1-5-21-2718538848-1131795353-200091746-1002 - Administrator - Enabled) => C:\Users\Leader
==================== Faulty Device Manager Devices =============
Name: Intel(R) Centrino(R) Wireless-N 2230
Description: Intel(R) Centrino(R) Wireless-N 2230
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel Corporation
Service: NETwNs64
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (12/10/2014 02:19:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/09/2014 05:20:48 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/08/2014 05:14:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/07/2014 03:50:46 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm firefox.exe, Version 33.1.0.5423 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1b84
Startzeit: 01d01228f9159e6f
Endzeit: 66
Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Berichts-ID: 50fa124c-7e20-11e4-9a4d-6817293931ee
Error: (12/07/2014 03:50:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 33.1.0.5423, Zeitstempel: 0x545c0a59
Name des fehlerhaften Moduls: mozalloc.dll, Version: 33.1.0.5423, Zeitstempel: 0x545be5ee
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001425
ID des fehlerhaften Prozesses: 0xef4
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Error: (12/07/2014 02:39:03 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm csgo.exe, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1694
Startzeit: 01d01221a6a6dd7e
Endzeit: 201
Anwendungspfad: D:\Games\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
Berichts-ID:
Error: (12/07/2014 11:53:29 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/06/2014 04:13:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/05/2014 01:32:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/04/2014 11:09:45 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (12/09/2014 07:02:11 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
Error: (12/08/2014 06:32:49 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
Error: (12/07/2014 08:02:18 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
Error: (12/07/2014 04:37:57 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
Error: (12/07/2014 00:36:56 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
Error: (12/06/2014 09:44:57 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
Error: (12/05/2014 05:43:20 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
Error: (12/04/2014 02:43:56 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
Error: (12/04/2014 00:03:46 AM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
Error: (12/02/2014 08:29:12 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR3 gefunden.
Microsoft Office Sessions:
=========================
Error: (12/10/2014 02:19:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/09/2014 05:20:48 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/08/2014 05:14:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/07/2014 03:50:46 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: firefox.exe33.1.0.54231b8401d01228f9159e6f66C:\Program Files (x86)\Mozilla Firefox\firefox.exe50fa124c-7e20-11e4-9a4d-6817293931ee
Error: (12/07/2014 03:50:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe33.1.0.5423545c0a59mozalloc.dll33.1.0.5423545be5ee8000000300001425ef401d0122cca4fca23C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll6c9f80a1-7e20-11e4-9a4d-6817293931ee
Error: (12/07/2014 02:39:03 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: csgo.exe0.0.0.0169401d01221a6a6dd7e201D:\Games\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
Error: (12/07/2014 11:53:29 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/06/2014 04:13:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/05/2014 01:32:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/04/2014 11:09:45 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-4770K CPU @ 3.50GHz
Percentage of memory in use: 15%
Total physical RAM: 16269.2 MB
Available physical RAM: 13683.32 MB
Total Pagefile: 32536.59 MB
Available Pagefile: 29464.03 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:111.79 GB) (Free:37.99 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:931.51 GB) (Free:765.18 GB) NTFS
Drive e: (LS2013) (CDROM) (Total:1.36 GB) (Free:0 GB) CDFS
Drive f: () (Removable) (Total:29.7 GB) (Free:23.36 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: EDA51CEF)
Partition 1: (Active) - (Size=111.8 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: EDA51CE7)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
========================================================
Disk: 3 (Size: 29.7 GB) (Disk ID: 6F20736B)
No partition Table on disk 3.
Disk 3 is a removable device.
==================== End Of Log ============================
|
FRST 32-Bit | FRST 64-Bit
Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
Malwarebytes Anti-Malware 
AdwCleaner auf deinen Desktop.
dann auf 
und dann auf 
. 
WARNUNG an die MITLESER: 