Trojaner-Board
Seite 1 von 5 1 23 Letzte »
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Nach download von avc-577free.exe werde ich mit Pop-ups überschüttet (https://www.trojaner-board.de/163786-download-avc-577free-exe-pop-ups-ueberschuettet.html)

Corsipo 09.02.2015 18:22
Nach download von avc-577free.exe werde ich mit Pop-ups überschüttet
 
Hallo Forum,

ich habe heute ein Konvertierungsprogramm für Videos benötigt. Danach bei google gesucht und bin zu chip gekommen. Dort gab es das Programm avc-577free.exe als freeware.

Ich habe es mir runter geladen und konnte auch meine Videos, wie gewünscht, konvertieren.

Allerdings habe ich jetzt, egal was ich mache reichlich Pop Up-Fenster, die nur nerven.
Wenn ich auf manche Links klicke,öffnet sich irgendein Fenster, aber nicht das gewollte.

Ich habe Win. 8.1 64bit und nutze als Browser Firefox 35.0.1

Was soll ich tun, um wieder sauber arbeiten zu können?

Danke vorab für eure Hilfe,

corsipo

Aneri 09.02.2015 18:22
:hallo:

Mein Name ist Heiko, ich werde dir bei deinem Problem helfen.
Die Bereinigung deines Systems ist individuell auf dich zugeschnitten und mitunter mit viel Arbeit für uns beide verbunden.

Bitte Lesen:
Regeln für die Bereinigung

Eine Bereinigung beinhaltet nebst dem Entfernen von Malware auch das Schließn von Sicherheitslücken und sollte gründlich durchgeführt werden.
Sie erfolgt deshalb in mehreren Schritten und bedeutet einigen Aufwand für dich. Beachte: Das Verschwinden der offensichtlichen Symptome bedeutet nicht, dass das System schon sauber ist.

Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du mit der Abarbeitung der Schritte beginnst.
  • :pfui: Beim ersten Anzeichen illegal genutzter Software (Cracks, Patches und Co) wird der Support unterbrochen . Bis die illegale Software deinstalliert ist.
  • Falls es sich bei dem Rechner um einen Firmenrechner handelt teile es mir bitte mit.

  • Bitte arbeite alle Schritte der Reihe nach ab. Gib mir bitte zu jedem Schritt die angeforderte Rückmeldung (Logfile oder Antwort)
    und zwar gesammelt, wenn du alles erledigt hast, in einer Antwort.
  • Bitte führe nur Scanns durch zu denen Du aufgefordert wirst.
  • Bitte kein Crossposting (posten in mehreren Foren).
  • Installiere oder Deinstalliere während der Bereinigung keine Software, ausser Du wurdest dazu von mir oder einem anderen Teammitglied aufgefordert.
  • Poste die Logfiles direkt in deinen Thread (möglichst in Code-Tags - #-Symbol im Editor anklicken). Nicht anhängen oder zippen, außer ich fordere Dich dazu auf, oder das Logfile wäre zu gross. Erschwert mir nämlich das Auswerten.
  • Mache deinen Namen nur dann unkenntlich, wenn es unbedingt sein muss (erleichtert uns die Arbeit).
  • Sollte ich nicht nach 3 Tagen geantwortet haben, dann (und nur dann) schicke mir bitte eine PM.
  • Ich werde dir ganz deutlich mitteilen, dass du "sauber" bist. Bis dahin arbeite bitte gut mit.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der schnellere und immer der sicherste Weg.


Dann fangen wir mal mit Schritt 1 an:

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


Corsipo 09.02.2015 18:44
scan und additional
 
FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-02-2015
Ran by WoJa (ATTENTION: The logged in user is not administrator) on WOJA-WIN-8_PC on 09-02-2015 18:38:09
Running from C:\Users\WoJa\Downloads
Loaded Profiles: WoJa & K L S K (Available profiles: Wolfgang & WoJa & K L S K)
Platform: Windows 8.1 Pro (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

Failed to access process -> smss.exe
Failed to access process -> csrss.exe
Failed to access process -> wininit.exe
Failed to access process -> services.exe
Failed to access process -> lsass.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> AsLdrSrv.exe
Failed to access process -> GFNEXSrv.exe
Failed to access process -> spoolsv.exe
Failed to access process -> sched.exe
Failed to access process -> svchost.exe
Failed to access process -> armsvc.exe
Failed to access process -> avguard.exe
Failed to access process -> AdminService.exe
Failed to access process -> CaptureLibService.exe
Failed to access process -> dasHost.exe
Failed to access process -> HeciServer.exe
Failed to access process -> irstrtsv.exe
Failed to access process -> Jhi_service.exe
Failed to access process -> svchost.exe
Failed to access process -> tvnserver.exe
Failed to access process -> Ath_CoexAgent.exe
Failed to access process -> Avira.OE.ServiceHost.exe
Failed to access process -> WmiPrvSE.exe
Failed to access process -> unsecapp.exe
Failed to access process -> avshadow.exe
Failed to access process -> SearchIndexer.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> ICCProxy.exe
Failed to access process -> dllhost.exe
Failed to access process -> WUDFHost.exe
Failed to access process -> IAStorDataMgrSvc.exe
Failed to access process -> RIconMan.exe
Failed to access process -> IntelMeFWService.exe
Failed to access process -> LMS.exe
Failed to access process -> UNS.exe
Failed to access process -> wmpnetwk.exe
Failed to access process -> OSPPSVC.EXE
Failed to access process -> csrss.exe
Failed to access process -> winlogon.exe
Failed to access process -> dwm.exe
Failed to access process -> PHotkey.exe
Failed to access process -> MsgTranAgt.exe
Failed to access process -> MsgTranAgt64.exe
Failed to access process -> Atouch64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
Failed to access process -> PVDesktop.exe
() C:\Program Files (x86)\PHotkey\PVDAgent.exe
Failed to access process -> MyWiMax.exe
() C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\updateui.exe
Failed to access process -> POsd.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
Failed to access process -> GPMTray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe
( ) C:\Windows\SysWOW64\lxebcoms.exe
() C:\Program Files (x86)\Lexmark Pro200-S500 Series\ezprint.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(TODO: <Company name>) C:\Program Files (x86)\PHotkey\HCSynApi.exe
(GlavSoft LLC.) C:\Program Files\TightVNC\tvnserver.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Dropbox, Inc.) C:\Users\WoJa\AppData\Roaming\Dropbox\bin\Dropbox.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\Monitor.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaw.exe
() C:\Program Files\WindowsApps\C27EB4BA.Dropbox_3.0.4.0_x86__xbfy0k16fey96\Dropbox.WindowsApp.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
Failed to access process -> updater.exe
Failed to access process -> plugincontainer.exe
Failed to access process -> Plugin.exe
Failed to access process -> SearchProtocolHost.exe
Failed to access process -> SearchFilterHost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13513288 2013-03-29] (Realtek Semiconductor)
HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [764032 2012-08-10] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-08-10] (Atheros Communications)
HKLM\...\Run: [lxebmon.exe] => C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe [772712 2013-01-23] ()
HKLM\...\Run: [EzPrint] => C:\Program Files (x86)\Lexmark Pro200-S500 Series\ezprint.exe [150264 2013-01-23] ()
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2930488 2012-09-21] (Synaptics Incorporated)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [tvncontrol] => C:\Program Files\TightVNC\tvnserver.exe [2179056 2013-07-19] (GlavSoft LLC.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-11-19] (Intel Corporation)
HKLM-x32\...\Run: [ATLauncher] => C:\Program Files\McAfee\MSC\OOBE\ATLauncher.exe [488120 2012-08-08] (McAfee, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491632 2012-09-26] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [258576 2012-10-22] (CyberLink Corp.)
HKLM-x32\...\Run: [Ulead AutoDetector v2] => C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\monitor.exe [90112 2006-11-29] (Ulead Systems, Inc.)
HKLM-x32\...\Run: [FreePDF Assistant] => C:\Program Files (x86)\FreePDF_XP\fpassist.exe [373760 2014-03-18] (shbox.de)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-16] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SHIWebOnDiskManager] => C:\Program Files (x86)\SHIWebOnDiskManager\SHIWebOnDiskManager.exe [245760 2013-09-03] (SHI Elektronische Medien GmbH)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [182352 2014-05-05] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2024800 2014-06-04] (Wondershare)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => "E:\KeePass Password Safe 2\KeePass.exe" --preload
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3381209366-1052480604-4067403755-1005\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23308256 2015-01-15] (Google)
HKU\S-1-5-21-3381209366-1052480604-4067403755-1005\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-3381209366-1052480604-4067403755-1005\...\Run: [GoogleChromeAutoLaunch_A8E54B6D2916471B1ADD0C74BB18AB2B] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-02-04] (Google Inc.)
HKU\S-1-5-21-3381209366-1052480604-4067403755-1005\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)
HKU\S-1-5-21-3381209366-1052480604-4067403755-1008\...\Run: [FixMyRegistry] => C:\Program Files (x86)\SmartTweak\FixMyRegistry\FixMyRegistry.exe [1886840 2014-05-26] ()
HKU\S-1-5-21-3381209366-1052480604-4067403755-1008\...\Run: [MyDriveConnect.exe] => C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe [1792376 2014-08-22] (TomTom)
HKU\S-1-5-21-3381209366-1052480604-4067403755-1008\...\Run: [Avanquest message] => C:\Program Files (x86)\Avanquest\Avanquest message\AQNotif.exe [361272 2015-01-23] (Avanquest Software)
HKU\S-1-5-21-3381209366-1052480604-4067403755-1008\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)
Startup: C:\Users\WoJa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\WoJa\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\WoJa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sidebar517.lnk
ShortcutTarget: Sidebar517.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
Startup: C:\Users\WoJa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet Pro 8600 (Netzwerk).lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Officejet Pro 8600 (Netzwerk).lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:53928;https=127.0.0.1:53928
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3381209366-1052480604-4067403755-1005\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://localoem.msn.com
HKU\S-1-5-21-3381209366-1052480604-4067403755-1008\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://localoem.msn.com
URLSearchHook: [S-1-5-21-3381209366-1052480604-4067403755-1008] ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKLM -> DefaultScope {EBCCD0A8-AB24-4C44-930F-1E4AC4FEE46E} URL = hxxp://www.sm.de/?q={searchTerms}
SearchScopes: HKLM -> {EBCCD0A8-AB24-4C44-930F-1E4AC4FEE46E} URL = hxxp://www.sm.de/?q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
SearchScopes: HKU\S-1-5-21-3381209366-1052480604-4067403755-1005 -> {5A0DEF8F-41B3-443D-A2C0-BD3EF82F751D} URL =
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
BHO-x32: Positive Finds -> {30c85a3d-1d96-4589-b63f-91fb7ef45a41} -> C:\Program Files (x86)\Positive Finds\Extensions\30c85a3d-1d96-4589-b63f-91fb7ef45a41.dll ()
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\WoJa\AppData\Roaming\Mozilla\Firefox\Profiles\rzup2k9o.default
FF NewTab: www.google.de
FF SearchEngineOrder.1: SuchMaschine
FF Homepage: https://www.google.de/?gws_rd=ssl
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\WoJa\AppData\Roaming\Mozilla\Firefox\Profiles\rzup2k9o.default\searchplugins\search_engine.xml
FF Extension: German Dictionary - C:\Users\WoJa\AppData\Roaming\Mozilla\Firefox\Profiles\rzup2k9o.default\Extensions\de-DE@dictionaries.addons.mozilla.org [2014-06-08]
FF Extension: Move Media Player - C:\Users\WoJa\AppData\Roaming\Mozilla\Firefox\Profiles\rzup2k9o.default\Extensions\moveplayer@movenetworks.com [2014-03-21]
FF Extension: No Name - C:\Users\WoJa\AppData\Roaming\Mozilla\Firefox\Profiles\rzup2k9o.default\Extensions\nostmp [2014-03-21]
FF Extension: Cooliris - C:\Users\WoJa\AppData\Roaming\Mozilla\Firefox\Profiles\rzup2k9o.default\Extensions\piclens@cooliris.com [2014-03-21]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\WoJa\AppData\Roaming\Mozilla\Firefox\Profiles\rzup2k9o.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2014-03-21]
FF Extension: Flagfox - C:\Users\WoJa\AppData\Roaming\Mozilla\Firefox\Profiles\rzup2k9o.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2014-03-21]
FF Extension: Positive Finds - C:\Users\WoJa\AppData\Roaming\Mozilla\Firefox\Profiles\rzup2k9o.default\Extensions\{7084813e-70d5-4251-9d2b-03bda4f44792}.xpi [2015-02-09]
FF Extension: Adblock Plus - C:\Users\WoJa\AppData\Roaming\Mozilla\Firefox\Profiles\rzup2k9o.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-21]
FF Extension: Tab Mix Plus - C:\Users\WoJa\AppData\Roaming\Mozilla\Firefox\Profiles\rzup2k9o.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2014-10-16]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.de/
CHR StartupUrls: Default -> "hxxp://www.google.de/"
CHR DefaultSearchKeyword: Default -> google.com_
CHR DefaultSearchURL: Default -> hxxp://www.google.com/search?q={searchTerms}&ie=utf-8&oe=utf-8&aq=t
CHR DefaultSuggestURL: Default -> hxxp://suggestqueries.google.com/complete/search?q={searchTerms}
CHR Profile: C:\Users\WoJa\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\WoJa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-24]
CHR Extension: (Google Drive) - C:\Users\WoJa\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-24]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\WoJa\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-07]
CHR Extension: (YouTube) - C:\Users\WoJa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-24]
CHR Extension: (GCVote) - C:\Users\WoJa\AppData\Local\Google\Chrome\User Data\Default\Extensions\boingbkmoapffongfpcancmephhnmehp [2014-06-24]
CHR Extension: (Google-Suche) - C:\Users\WoJa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-24]
CHR Extension: (Avira Browserschutz) - C:\Users\WoJa\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-06-24]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\WoJa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-08]
CHR Extension: (Google Wallet) - C:\Users\WoJa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-24]
CHR Extension: (Google Mail) - C:\Users\WoJa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-24]
CHR HKU\S-1-5-21-3381209366-1052480604-4067403755-1005\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 ASLDRService; C:\Program Files (x86)\PHotkey\ASLDRSrv.exe [104968 2009-12-18] ()
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [211584 2012-08-10] (Qualcomm Atheros Commnucations)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [124496 2014-05-05] (Avira Operations GmbH & Co. KG)
R2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2014-11-18] (Ellora Assets Corp.) [File not signed]
R2 GFNEXSrv; C:\Program Files (x86)\PHotkey\GFNEXSrv.exe [156672 2011-10-13] () [File not signed]
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2464400 2013-05-08] (Realsil Microelectronics Inc.)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-09-18] (Intel Corporation)
R2 irstrtsv; C:\windows\SysWOW64\irstrtsv.exe [668984 2013-04-24] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-09-18] (Intel Corporation)
R2 lmhosts; C:\Windows\system32\svchost.exe [37768 2013-08-22] (Microsoft Corporation)
R2 lmhosts; C:\Windows\SysWOW64\svchost.exe [31552 2013-08-22] (Microsoft Corporation)
S2 lxebCATSCustConnectService; C:\windows\system32\spool\DRIVERS\x64\3\\lxebserv.exe [45736 2010-04-14] (Lexmark International, Inc.)
S3 McAWFwk; C:\Program Files\McAfee\MSC\McAWFwk.exe [332080 2012-01-26] (McAfee, Inc.)
S2 McOobeSv2; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [219832 2012-06-17] (McAfee, Inc.)
R2 NlaSvc; C:\Windows\System32\svchost.exe [37768 2013-08-22] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\SysWOW64\svchost.exe [31552 2013-08-22] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [37768 2013-08-22] (Microsoft Corporation)
R2 nsi; C:\Windows\SysWOW64\svchost.exe [31552 2013-08-22] (Microsoft Corporation)
R2 Service Mgr PositiveFinds; C:\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\plugincontainer.exe [577272 2015-02-09] ()
R2 tvnserver; C:\Program Files\TightVNC\tvnserver.exe [2179056 2013-07-19] (GlavSoft LLC.)
R2 Update Mgr PositiveFinds; C:\Program Files (x86)\Common Files\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\updater.exe [384760 2015-02-09] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-08-10] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131608 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-08-10] (Qualcomm Atheros)
R3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [131584 2013-08-22] (Microsoft Corporation)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2013-04-24] (Intel Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)
S3 Pcan_usb; C:\Windows\System32\drivers\PCAN_USB.SYS [100864 2012-01-24] (PEAK-System Technik GmbH, Darmstadt, Germany)
R2 PEGAGFN; C:\Program Files (x86)\PHotkey\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-09-21] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [44344 2012-09-21] (Synaptics Incorporated)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-09 18:38 - 2015-02-09 18:38 - 00027605 _____ () C:\Users\WoJa\Downloads\FRST.txt
2015-02-09 18:38 - 2015-02-09 18:38 - 00000000 ____D () C:\FRST
2015-02-09 18:36 - 2015-02-09 18:37 - 02132992 _____ (Farbar) C:\Users\WoJa\Downloads\FRST64.exe
2015-02-09 12:24 - 2015-02-09 12:53 - 00000000 ____D () C:\Users\WoJa\Desktop\Video
2015-02-09 12:22 - 2015-02-09 12:22 - 00000000 ____D () C:\Users\WoJa\Documents\Any Video Converter
2015-02-09 12:22 - 2015-02-09 12:22 - 00000000 ____D () C:\Users\WoJa\AppData\Roaming\Anvsoft
2015-02-09 12:21 - 2015-02-09 18:22 - 00000000 ____D () C:\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602
2015-02-09 12:21 - 2015-02-09 12:21 - 00000000 ____D () C:\Users\K L S K\AppData\Roaming\OpenCandy
2015-02-09 12:21 - 2015-02-09 12:21 - 00000000 ____D () C:\Program Files (x86)\Positive Finds
2015-02-09 12:20 - 2015-02-09 12:21 - 33703656 _____ (Any-Video-Converter.com ) C:\Users\WoJa\Downloads\avc-577free.exe
2015-02-09 12:14 - 2015-02-09 12:15 - 00000000 ____D () C:\Users\WoJa\Desktop\Polizeihubschrauber_mit_Norbert_2014
2015-02-08 12:12 - 2015-02-08 12:12 - 00055311 _____ () C:\Users\WoJa\Desktop\default.html
2015-02-08 08:48 - 2015-02-08 08:48 - 00000000 ____D () C:\Users\WoJa\AppData\Local\IsolatedStorage
2015-02-08 08:31 - 2015-02-08 09:52 - 00000000 ____D () C:\Users\WoJa\Desktop\Bearbeitung
2015-02-07 15:29 - 2015-02-09 11:25 - 00004552 _____ () C:\WINDOWS\setupact.log
2015-02-07 15:29 - 2015-02-07 15:29 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-02-07 13:09 - 2015-02-07 13:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UseNeXT
2015-02-07 13:09 - 2015-02-07 13:09 - 00000000 ____D () C:\Program Files (x86)\UseNeXT
2015-02-07 13:04 - 2015-02-07 13:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-02-07 13:04 - 2015-02-07 13:04 - 00000000 ____D () C:\Program Files\CCleaner
2015-02-07 12:55 - 2015-02-07 12:55 - 05270008 _____ (Tangysoft Ltd. ) C:\Users\WoJa\Downloads\UseNeXTSetup_5.64(1).exe
2015-02-07 12:35 - 2015-02-07 12:35 - 00000000 __SHD () C:\Users\WoJa\AppData\Local\EmieBrowserModeList
2015-02-06 19:52 - 2015-02-06 19:52 - 00000000 ____D () C:\Program Files (x86)\Avanquest update
2015-02-03 17:48 - 2015-02-04 12:09 - 00000581 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePass 2.lnk
2015-02-03 17:44 - 2015-02-03 17:44 - 02536151 _____ (Dominik Reichl ) C:\Users\WoJa\Downloads\KeePass-2.28-Setup.exe
2015-01-28 16:37 - 2015-01-28 16:37 - 05270008 _____ (Tangysoft Ltd. ) C:\Users\WoJa\Downloads\UseNeXTSetup_5.64.exe
2015-01-28 09:04 - 2015-01-28 09:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-28 08:51 - 2015-01-28 08:51 - 03980064 _____ (TeamViewer) C:\Users\WoJa\Downloads\teamviewer.exe
2015-01-27 10:52 - 2015-01-27 11:03 - 00104145 _____ () C:\Users\WoJa\Desktop\Wiegeprotokoll_3_3_7.xlsx
2015-01-26 20:49 - 2015-01-26 20:49 - 00000000 ___SD () C:\Users\WoJa\Documents\Meine Datenquellen
2015-01-25 17:38 - 2015-02-08 08:48 - 00000000 ____D () C:\Users\WoJa\AppData\Local\Photo Explosion
2015-01-25 17:38 - 2015-01-25 17:38 - 00000125 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2015-01-25 16:56 - 2015-01-25 16:56 - 01525048 _____ (Avanquest Software) C:\Users\WoJa\Downloads\InPixioPhotoFocus3.0_DM.exe
2015-01-25 16:36 - 2015-01-25 16:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avanquest
2015-01-25 16:32 - 2015-01-25 16:35 - 86216328 _____ (Avanquest Software) C:\Users\WoJa\Downloads\Ausschneiden_2.0.3.exe
2015-01-25 16:28 - 2015-02-06 19:54 - 00000000 ____D () C:\Users\K L S K\AppData\Local\Avanquest
2015-01-25 16:26 - 2015-01-25 16:28 - 00000000 ____D () C:\Users\K L S K\AppData\Local\NGPR
2015-01-25 16:26 - 2015-01-25 16:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InPixio Photo Maximizer
2015-01-25 16:26 - 2015-01-25 16:26 - 00000000 ____D () C:\Program Files (x86)\InPixio Photo Maximizer
2015-01-25 16:15 - 2015-02-07 11:56 - 00000000 ____D () C:\Users\WoJa\AppData\Local\NGPR
2015-01-25 16:15 - 2015-01-25 17:39 - 00000000 ____D () C:\Users\WoJa\AppData\Local\Avanquest
2015-01-25 16:14 - 2015-02-06 19:52 - 00000000 ____D () C:\ProgramData\Avanquest
2015-01-25 16:14 - 2015-01-25 16:58 - 00000000 ____D () C:\Users\Public\Documents\Avanquest Software
2015-01-25 16:14 - 2015-01-25 16:58 - 00000000 ____D () C:\ProgramData\Configuration
2015-01-25 16:14 - 2015-01-25 16:14 - 00000000 ____D () C:\ProgramData\Avanquest Software
2015-01-25 16:10 - 2015-01-25 17:12 - 00000000 ___RD () C:\Users\WoJa\Desktop\Fotobearbeitung
2015-01-25 16:08 - 2015-01-25 16:10 - 42955192 _____ (Avanquest Software) C:\Users\WoJa\Downloads\InPixio_Photo_Maximizer_MLT.exe
2015-01-25 15:35 - 2015-01-25 16:58 - 00000000 ____D () C:\Program Files (x86)\Avanquest
2015-01-25 15:35 - 2015-01-25 15:35 - 01841528 _____ (Avanquest Software) C:\Users\WoJa\Downloads\Foto-Software_Ausschneiden_DE_FT.exe
2015-01-25 14:54 - 2015-01-25 14:54 - 00000000 ____D () C:\ProgramData\PDFEditor
2015-01-25 14:54 - 2015-01-25 14:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2015-01-25 14:54 - 2014-12-16 21:10 - 00096328 _____ (Wondershare Software) C:\WINDOWS\system32\WSMonEditor.dll
2015-01-23 14:34 - 2015-01-23 14:34 - 00020992 _____ () C:\Users\WoJa\Desktop\7,49.ufo
2015-01-17 09:24 - 2015-01-17 09:27 - 00000000 ____D () C:\Users\WoJa\Desktop\Weiterb._GWS_01_2015
2015-01-16 08:25 - 2015-01-16 10:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-01-16 06:45 - 2015-02-09 13:23 - 00000000 ___RD () C:\Users\WoJa\Dropbox
2015-01-16 06:45 - 2015-01-16 06:45 - 00000000 ____D () C:\Users\WoJa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-01-16 06:44 - 2015-02-09 07:45 - 00000000 ____D () C:\Users\WoJa\AppData\Roaming\Dropbox
2015-01-16 06:44 - 2015-01-16 06:45 - 00000000 ____D () C:\Users\K L S K\AppData\Roaming\Dropbox
2015-01-16 06:43 - 2015-01-16 06:43 - 00324136 _____ (Dropbox, Inc.) C:\Users\WoJa\Downloads\DropboxInstaller.exe
2015-01-15 19:35 - 2015-01-15 19:35 - 00201803 _____ () C:\Users\WoJa\Downloads\Dropbox.zip
2015-01-15 19:31 - 2015-01-16 06:45 - 00000000 ____D () C:\Users\WoJa\Desktop\Gollmer
2015-01-14 11:06 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-01-14 11:06 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-01-14 11:06 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-01-14 11:06 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-01-14 11:06 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-01-14 11:06 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-01-14 11:06 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-01-14 11:06 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-01-14 11:06 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-01-14 11:06 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-01-14 11:06 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-01-14 11:06 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-01-14 11:06 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-01-14 11:06 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-01-14 11:06 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-01-14 11:06 - 2014-10-29 05:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2015-01-14 11:06 - 2014-10-29 05:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2015-01-14 11:06 - 2014-10-29 04:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-01-14 11:06 - 2014-10-29 04:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-01-14 11:06 - 2014-10-29 04:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2015-01-14 11:06 - 2014-10-29 04:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2015-01-14 11:06 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2015-01-14 11:06 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2015-01-14 11:06 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-01-14 11:06 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-01-14 11:06 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2015-01-14 11:06 - 2014-10-29 03:44 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-01-14 11:06 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2015-01-14 11:06 - 2014-10-29 02:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2015-01-14 11:06 - 2014-10-29 02:02 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-01-14 11:06 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll
2015-01-13 17:15 - 2015-01-30 19:47 - 00000000 ____D () C:\Users\WoJa\Desktop\Schulter-OP

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-09 18:21 - 2014-07-17 13:57 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-02-09 18:21 - 2014-03-24 06:44 - 00001146 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-09 18:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-02-09 17:49 - 2014-03-21 13:39 - 01071209 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-09 13:21 - 2013-11-14 08:26 - 01780340 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-02-09 13:21 - 2013-11-14 08:11 - 00766620 _____ () C:\WINDOWS\system32\perfh007.dat
2015-02-09 13:21 - 2013-11-14 08:11 - 00159902 _____ () C:\WINDOWS\system32\perfc007.dat
2015-02-09 12:22 - 2013-05-13 13:44 - 00000870 _____ () C:\WINDOWS\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2015-02-09 12:21 - 2014-06-15 20:07 - 00000000 ____D () C:\Users\K L S K\AppData\Roaming\AnvSoft
2015-02-09 11:21 - 2014-03-24 06:44 - 00001142 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-09 11:07 - 2014-04-20 16:56 - 00000000 ____D () C:\Users\WoJa\AppData\Roaming\UseNeXT
2015-02-09 10:45 - 2014-05-15 15:47 - 00000000 ____D () C:\Users\WoJa\AppData\Roaming\vlc
2015-02-09 07:46 - 2014-03-21 14:23 - 00000000 ____D () C:\Users\WoJa\Documents\Youcam
2015-02-09 07:45 - 2014-03-31 16:06 - 00000000 ____D () C:\Users\WoJa\AppData\Local\FreePDF_XP
2015-02-09 07:45 - 2014-03-24 06:46 - 00000000 ___RD () C:\Users\WoJa\Google Drive
2015-02-09 07:45 - 2014-03-21 14:22 - 00000000 __RDO () C:\Users\WoJa\SkyDrive
2015-02-09 07:45 - 2014-03-21 14:19 - 00697525 _____ () C:\ProgramData\lxeb.log
2015-02-09 07:45 - 2014-03-21 11:05 - 00097532 _____ () C:\ProgramData\lxebscan.log
2015-02-09 07:45 - 2013-05-13 13:44 - 00000868 _____ () C:\WINDOWS\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2015-02-08 13:49 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-02-08 09:14 - 2014-03-22 16:21 - 02073600 ___SH () C:\Users\WoJa\Desktop\Thumbs.db
2015-02-07 13:50 - 2014-03-29 13:47 - 00000000 ____D () C:\Users\WoJa\AppData\Roaming\AIMP3
2015-02-07 13:04 - 2014-03-21 20:46 - 00000000 ____D () C:\WINDOWS\Minidump
2015-02-07 13:04 - 2014-03-21 13:33 - 00000000 ___DC () C:\WINDOWS\Panther
2015-02-07 12:31 - 2014-11-06 20:27 - 00000000 ____D () C:\Users\WoJa\Desktop\Spenner
2015-02-07 12:29 - 2014-04-29 12:40 - 00000000 ____D () C:\Users\WoJa\Documents\Outlook-Dateien
2015-02-07 11:52 - 2014-03-21 14:22 - 00000000 ____D () C:\Users\WoJa\AppData\Local\VirtualStore
2015-02-07 10:56 - 2014-11-27 06:16 - 00272296 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2015-02-07 10:56 - 2014-11-27 06:15 - 00176552 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2015-02-07 10:56 - 2014-11-27 06:15 - 00176552 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2015-02-07 10:56 - 2014-11-27 06:15 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-02-07 10:56 - 2014-11-27 06:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-02-07 10:56 - 2014-11-27 06:15 - 00000000 ____D () C:\Program Files (x86)\Java
2015-02-07 10:56 - 2014-09-27 07:20 - 00000000 ____D () C:\ProgramData\Oracle
2015-02-07 10:54 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\LiveKernelReports
2015-02-06 19:52 - 2013-05-13 13:56 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-02-06 19:16 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-02-04 12:11 - 2014-03-27 21:50 - 00000000 ____D () C:\Users\WoJa\AppData\Roaming\KeePass
2015-02-03 20:31 - 2013-08-22 16:38 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-02-03 20:31 - 2013-08-22 16:38 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-03 17:15 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-31 11:39 - 2014-03-21 11:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-30 18:32 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-01-29 17:58 - 2014-05-16 20:33 - 00000000 ___RD () C:\Users\WoJa\Desktop\Schulungen
2015-01-28 14:17 - 2014-03-24 06:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-01-28 08:51 - 2014-09-22 19:10 - 00000000 ____D () C:\Users\WoJa\AppData\Roaming\TeamViewer
2015-01-27 15:36 - 2013-08-22 15:44 - 00511368 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-01-25 16:58 - 2014-03-27 20:28 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-23 11:24 - 2014-12-16 19:44 - 00000000 ____D () C:\Users\WoJa\Desktop\Steuern
2015-01-19 13:08 - 2013-12-13 10:38 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-01-19 13:05 - 2013-04-11 08:30 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-01-16 11:38 - 2014-03-21 11:06 - 00000000 ____D () C:\ProgramData\Lx_cats
2015-01-16 06:45 - 2014-03-21 13:37 - 00000000 ____D () C:\Users\WoJa

==================== Files in the root of some directories =======

2014-05-16 20:44 - 2014-12-10 07:53 - 0005120 _____ () C:\Users\WoJa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-06-13 19:51 - 2014-06-13 19:51 - 0000057 _____ () C:\ProgramData\Ament.ini
2014-03-21 11:09 - 2014-03-21 11:09 - 0000252 _____ () C:\ProgramData\FastPics.log
2014-03-21 14:19 - 2015-02-09 07:45 - 0697525 _____ () C:\ProgramData\lxeb.log
2014-04-19 19:01 - 2014-07-02 10:19 - 0000309 _____ () C:\ProgramData\lxebDiagnostics.log
2014-03-21 11:08 - 2014-06-12 11:20 - 0097172 _____ () C:\ProgramData\lxebJSW.log
2014-03-21 11:05 - 2015-02-09 07:45 - 0097532 _____ () C:\ProgramData\lxebscan.log
2015-01-25 17:38 - 2015-01-25 17:38 - 0000125 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2014-03-21 11:04 - 2014-03-21 11:04 - 0000000 _____ () C:\ProgramData\UpdaterLog.txt
2013-12-13 09:24 - 2013-12-13 09:25 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2013-12-13 09:22 - 2013-12-13 09:23 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2013-12-13 09:23 - 2013-12-13 09:24 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log

Some content of TEMP:
====================
C:\Users\K L S K\AppData\Local\Temp\avgnt.exe
C:\Users\WoJa\AppData\Local\Temp\avgnt.exe
C:\Users\WoJa\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpblsutq.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================
--- --- ---

--- --- ---



Code:
Additional sc
FRST Logfile:

FRST Logfile:

       
Code:

       
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-02-2015
Ran by WoJa (ATTENTION: The logged in user is not administrator) on WOJA-WIN-8_PC on 09-02-2015 18:38:09
Running from C:\Users\WoJa\Downloads
Loaded Profiles: WoJa & K L S K (Available profiles: Wolfgang & WoJa & K L S K)
Platform: Windows 8.1 Pro (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

Failed to access process -> smss.exe
Failed to access process -> csrss.exe
Failed to access process -> wininit.exe
Failed to access process -> services.exe
Failed to access process -> lsass.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> AsLdrSrv.exe
Failed to access process -> GFNEXSrv.exe
Failed to access process -> spoolsv.exe
Failed to access process -> sched.exe
Failed to access process -> svchost.exe
Failed to access process -> armsvc.exe
Failed to access process -> avguard.exe
Failed to access process -> AdminService.exe
Failed to access process -> CaptureLibService.exe
Failed to access process -> dasHost.exe
Failed to access process -> HeciServer.exe
Failed to access process -> irstrtsv.exe
Failed to access process -> Jhi_service.exe
Failed to access process -> svchost.exe
Failed to access process -> tvnserver.exe
Failed to access process -> Ath_CoexAgent.exe
Failed to access process -> Avira.OE.ServiceHost.exe
Failed to access process -> WmiPrvSE.exe
Failed to access process -> unsecapp.exe
Failed to access process -> avshadow.exe
Failed to access process -> SearchIndexer.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> ICCProxy.exe
Failed to access process -> dllhost.exe
Failed to access process -> WUDFHost.exe
Failed to access process -> IAStorDataMgrSvc.exe
Failed to access process -> RIconMan.exe
Failed to access process -> IntelMeFWService.exe
Failed to access process -> LMS.exe
Failed to access process -> UNS.exe
Failed to access process -> wmpnetwk.exe
Failed to access process -> OSPPSVC.EXE
Failed to access process -> csrss.exe
Failed to access process -> winlogon.exe
Failed to access process -> dwm.exe
Failed to access process -> PHotkey.exe
Failed to access process -> MsgTranAgt.exe
Failed to access process -> MsgTranAgt64.exe
Failed to access process -> Atouch64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
Failed to access process -> PVDesktop.exe
() C:\Program Files (x86)\PHotkey\PVDAgent.exe
Failed to access process -> MyWiMax.exe
() C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\updateui.exe
Failed to access process -> POsd.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
Failed to access process -> GPMTray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe
( ) C:\Windows\SysWOW64\lxebcoms.exe
() C:\Program Files (x86)\Lexmark Pro200-S500 Series\ezprint.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(TODO: <Company name>) C:\Program Files (x86)\PHotkey\HCSynApi.exe
(GlavSoft LLC.) C:\Program Files\TightVNC\tvnserver.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Dropbox, Inc.) C:\Users\WoJa\AppData\Roaming\Dropbox\bin\Dropbox.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\Monitor.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaw.exe
() C:\Program Files\WindowsApps\C27EB4BA.Dropbox_3.0.4.0_x86__xbfy0k16fey96\Dropbox.WindowsApp.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
Failed to access process -> updater.exe
Failed to access process -> plugincontainer.exe
Failed to access process -> Plugin.exe
Failed to access process -> SearchProtocolHost.exe
Failed to access process -> SearchFilterHost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13513288 2013-03-29] (Realtek Semiconductor)
HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [764032 2012-08-10] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-08-10] (Atheros Communications)
HKLM\...\Run: [lxebmon.exe] => C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe [772712 2013-01-23] ()
HKLM\...\Run: [EzPrint] => C:\Program Files (x86)\Lexmark Pro200-S500 Series\ezprint.exe [150264 2013-01-23] ()
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2930488 2012-09-21] (Synaptics Incorporated)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [tvncontrol] => C:\Program Files\TightVNC\tvnserver.exe [2179056 2013-07-19] (GlavSoft LLC.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-11-19] (Intel Corporation)
HKLM-x32\...\Run: [ATLauncher] => C:\Program Files\McAfee\MSC\OOBE\ATLauncher.exe [488120 2012-08-08] (McAfee, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491632 2012-09-26] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [258576 2012-10-22] (CyberLink Corp.)
HKLM-x32\...\Run: [Ulead AutoDetector v2] => C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\monitor.exe [90112 2006-11-29] (Ulead Systems, Inc.)
HKLM-x32\...\Run: [FreePDF Assistant] => C:\Program Files (x86)\FreePDF_XP\fpassist.exe [373760 2014-03-18] (shbox.de)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-16] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SHIWebOnDiskManager] => C:\Program Files (x86)\SHIWebOnDiskManager\SHIWebOnDiskManager.exe [245760 2013-09-03] (SHI Elektronische Medien GmbH)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [182352 2014-05-05] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2024800 2014-06-04] (Wondershare)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => "E:\KeePass Password Safe 2\KeePass.exe" --preload
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3381209366-1052480604-4067403755-1005\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23308256 2015-01-15] (Google)
HKU\S-1-5-21-3381209366-1052480604-4067403755-1005\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-3381209366-1052480604-4067403755-1005\...\Run: [GoogleChromeAutoLaunch_A8E54B6D2916471B1ADD0C74BB18AB2B] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-02-04] (Google Inc.)
HKU\S-1-5-21-3381209366-1052480604-4067403755-1005\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)
HKU\S-1-5-21-3381209366-1052480604-4067403755-1008\...\Run: [FixMyRegistry] => C:\Program Files (x86)\SmartTweak\FixMyRegistry\FixMyRegistry.exe [1886840 2014-05-26] ()
HKU\S-1-5-21-3381209366-1052480604-4067403755-1008\...\Run: [MyDriveConnect.exe] => C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe [1792376 2014-08-22] (TomTom)
HKU\S-1-5-21-3381209366-1052480604-4067403755-1008\...\Run: [Avanquest message] => C:\Program Files (x86)\Avanquest\Avanquest message\AQNotif.exe [361272 2015-01-23] (Avanquest Software)
HKU\S-1-5-21-3381209366-1052480604-4067403755-1008\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)
Startup: C:\Users\WoJa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\WoJa\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\WoJa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sidebar517.lnk
ShortcutTarget: Sidebar517.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
Startup: C:\Users\WoJa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet Pro 8600 (Netzwerk).lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Officejet Pro 8600 (Netzwerk).lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:53928;https=127.0.0.1:53928
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3381209366-1052480604-4067403755-1005\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://localoem.msn.com
HKU\S-1-5-21-3381209366-1052480604-4067403755-1008\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://localoem.msn.com
URLSearchHook: [S-1-5-21-3381209366-1052480604-4067403755-1008] ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKLM -> DefaultScope {EBCCD0A8-AB24-4C44-930F-1E4AC4FEE46E} URL = hxxp://www.sm.de/?q={searchTerms}
SearchScopes: HKLM -> {EBCCD0A8-AB24-4C44-930F-1E4AC4FEE46E} URL = hxxp://www.sm.de/?q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
SearchScopes: HKU\S-1-5-21-3381209366-1052480604-4067403755-1005 -> {5A0DEF8F-41B3-443D-A2C0-BD3EF82F751D} URL =
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
BHO-x32: Positive Finds -> {30c85a3d-1d96-4589-b63f-91fb7ef45a41} -> C:\Program Files (x86)\Positive Finds\Extensions\30c85a3d-1d96-4589-b63f-91fb7ef45a41.dll ()
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\WoJa\AppData\Roaming\Mozilla\Firefox\Profiles\rzup2k9o.default
FF NewTab: www.google.de
FF SearchEngineOrder.1: SuchMaschine
FF Homepage: https://www.google.de/?gws_rd=ssl
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\WoJa\AppData\Roaming\Mozilla\Firefox\Profiles\rzup2k9o.default\searchplugins\search_engine.xml
FF Extension: German Dictionary - C:\Users\WoJa\AppData\Roaming\Mozilla\Firefox\Profiles\rzup2k9o.default\Extensions\de-DE@dictionaries.addons.mozilla.org [2014-06-08]
FF Extension: Move Media Player - C:\Users\WoJa\AppData\Roaming\Mozilla\Firefox\Profiles\rzup2k9o.default\Extensions\moveplayer@movenetworks.com [2014-03-21]
FF Extension: No Name - C:\Users\WoJa\AppData\Roaming\Mozilla\Firefox\Profiles\rzup2k9o.default\Extensions\nostmp [2014-03-21]
FF Extension: Cooliris - C:\Users\WoJa\AppData\Roaming\Mozilla\Firefox\Profiles\rzup2k9o.default\Extensions\piclens@cooliris.com [2014-03-21]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\WoJa\AppData\Roaming\Mozilla\Firefox\Profiles\rzup2k9o.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2014-03-21]
FF Extension: Flagfox - C:\Users\WoJa\AppData\Roaming\Mozilla\Firefox\Profiles\rzup2k9o.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2014-03-21]
FF Extension: Positive Finds - C:\Users\WoJa\AppData\Roaming\Mozilla\Firefox\Profiles\rzup2k9o.default\Extensions\{7084813e-70d5-4251-9d2b-03bda4f44792}.xpi [2015-02-09]
FF Extension: Adblock Plus - C:\Users\WoJa\AppData\Roaming\Mozilla\Firefox\Profiles\rzup2k9o.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-21]
FF Extension: Tab Mix Plus - C:\Users\WoJa\AppData\Roaming\Mozilla\Firefox\Profiles\rzup2k9o.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2014-10-16]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.de/
CHR StartupUrls: Default -> "hxxp://www.google.de/"
CHR DefaultSearchKeyword: Default -> google.com_
CHR DefaultSearchURL: Default -> hxxp://www.google.com/search?q={searchTerms}&ie=utf-8&oe=utf-8&aq=t
CHR DefaultSuggestURL: Default -> hxxp://suggestqueries.google.com/complete/search?q={searchTerms}
CHR Profile: C:\Users\WoJa\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\WoJa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-24]
CHR Extension: (Google Drive) - C:\Users\WoJa\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-24]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\WoJa\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-07]
CHR Extension: (YouTube) - C:\Users\WoJa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-24]
CHR Extension: (GCVote) - C:\Users\WoJa\AppData\Local\Google\Chrome\User Data\Default\Extensions\boingbkmoapffongfpcancmephhnmehp [2014-06-24]
CHR Extension: (Google-Suche) - C:\Users\WoJa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-24]
CHR Extension: (Avira Browserschutz) - C:\Users\WoJa\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-06-24]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\WoJa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-08]
CHR Extension: (Google Wallet) - C:\Users\WoJa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-24]
CHR Extension: (Google Mail) - C:\Users\WoJa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-24]
CHR HKU\S-1-5-21-3381209366-1052480604-4067403755-1005\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 ASLDRService; C:\Program Files (x86)\PHotkey\ASLDRSrv.exe [104968 2009-12-18] ()
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [211584 2012-08-10] (Qualcomm Atheros Commnucations)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [124496 2014-05-05] (Avira Operations GmbH & Co. KG)
R2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2014-11-18] (Ellora Assets Corp.) [File not signed]
R2 GFNEXSrv; C:\Program Files (x86)\PHotkey\GFNEXSrv.exe [156672 2011-10-13] () [File not signed]
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2464400 2013-05-08] (Realsil Microelectronics Inc.)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-09-18] (Intel Corporation)
R2 irstrtsv; C:\windows\SysWOW64\irstrtsv.exe [668984 2013-04-24] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-09-18] (Intel Corporation)
R2 lmhosts; C:\Windows\system32\svchost.exe [37768 2013-08-22] (Microsoft Corporation)
R2 lmhosts; C:\Windows\SysWOW64\svchost.exe [31552 2013-08-22] (Microsoft Corporation)
S2 lxebCATSCustConnectService; C:\windows\system32\spool\DRIVERS\x64\3\\lxebserv.exe [45736 2010-04-14] (Lexmark International, Inc.)
S3 McAWFwk; C:\Program Files\McAfee\MSC\McAWFwk.exe [332080 2012-01-26] (McAfee, Inc.)
S2 McOobeSv2; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [219832 2012-06-17] (McAfee, Inc.)
R2 NlaSvc; C:\Windows\System32\svchost.exe [37768 2013-08-22] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\SysWOW64\svchost.exe [31552 2013-08-22] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [37768 2013-08-22] (Microsoft Corporation)
R2 nsi; C:\Windows\SysWOW64\svchost.exe [31552 2013-08-22] (Microsoft Corporation)
R2 Service Mgr PositiveFinds; C:\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\plugincontainer.exe [577272 2015-02-09] ()
R2 tvnserver; C:\Program Files\TightVNC\tvnserver.exe [2179056 2013-07-19] (GlavSoft LLC.)
R2 Update Mgr PositiveFinds; C:\Program Files (x86)\Common Files\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\updater.exe [384760 2015-02-09] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-08-10] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131608 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-08-10] (Qualcomm Atheros)
R3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [131584 2013-08-22] (Microsoft Corporation)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2013-04-24] (Intel Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)
S3 Pcan_usb; C:\Windows\System32\drivers\PCAN_USB.SYS [100864 2012-01-24] (PEAK-System Technik GmbH, Darmstadt, Germany)
R2 PEGAGFN; C:\Program Files (x86)\PHotkey\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-09-21] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [44344 2012-09-21] (Synaptics Incorporated)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-09 18:38 - 2015-02-09 18:38 - 00027605 _____ () C:\Users\WoJa\Downloads\FRST.txt
2015-02-09 18:38 - 2015-02-09 18:38 - 00000000 ____D () C:\FRST
2015-02-09 18:36 - 2015-02-09 18:37 - 02132992 _____ (Farbar) C:\Users\WoJa\Downloads\FRST64.exe
2015-02-09 12:24 - 2015-02-09 12:53 - 00000000 ____D () C:\Users\WoJa\Desktop\Video
2015-02-09 12:22 - 2015-02-09 12:22 - 00000000 ____D () C:\Users\WoJa\Documents\Any Video Converter
2015-02-09 12:22 - 2015-02-09 12:22 - 00000000 ____D () C:\Users\WoJa\AppData\Roaming\Anvsoft
2015-02-09 12:21 - 2015-02-09 18:22 - 00000000 ____D () C:\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602
2015-02-09 12:21 - 2015-02-09 12:21 - 00000000 ____D () C:\Users\K L S K\AppData\Roaming\OpenCandy
2015-02-09 12:21 - 2015-02-09 12:21 - 00000000 ____D () C:\Program Files (x86)\Positive Finds
2015-02-09 12:20 - 2015-02-09 12:21 - 33703656 _____ (Any-Video-Converter.com ) C:\Users\WoJa\Downloads\avc-577free.exe
2015-02-09 12:14 - 2015-02-09 12:15 - 00000000 ____D () C:\Users\WoJa\Desktop\Polizeihubschrauber_mit_Norbert_2014
2015-02-08 12:12 - 2015-02-08 12:12 - 00055311 _____ () C:\Users\WoJa\Desktop\default.html
2015-02-08 08:48 - 2015-02-08 08:48 - 00000000 ____D () C:\Users\WoJa\AppData\Local\IsolatedStorage
2015-02-08 08:31 - 2015-02-08 09:52 - 00000000 ____D () C:\Users\WoJa\Desktop\Bearbeitung
2015-02-07 15:29 - 2015-02-09 11:25 - 00004552 _____ () C:\WINDOWS\setupact.log
2015-02-07 15:29 - 2015-02-07 15:29 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-02-07 13:09 - 2015-02-07 13:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UseNeXT
2015-02-07 13:09 - 2015-02-07 13:09 - 00000000 ____D () C:\Program Files (x86)\UseNeXT
2015-02-07 13:04 - 2015-02-07 13:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-02-07 13:04 - 2015-02-07 13:04 - 00000000 ____D () C:\Program Files\CCleaner
2015-02-07 12:55 - 2015-02-07 12:55 - 05270008 _____ (Tangysoft Ltd. ) C:\Users\WoJa\Downloads\UseNeXTSetup_5.64(1).exe
2015-02-07 12:35 - 2015-02-07 12:35 - 00000000 __SHD () C:\Users\WoJa\AppData\Local\EmieBrowserModeList
2015-02-06 19:52 - 2015-02-06 19:52 - 00000000 ____D () C:\Program Files (x86)\Avanquest update
2015-02-03 17:48 - 2015-02-04 12:09 - 00000581 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePass 2.lnk
2015-02-03 17:44 - 2015-02-03 17:44 - 02536151 _____ (Dominik Reichl ) C:\Users\WoJa\Downloads\KeePass-2.28-Setup.exe
2015-01-28 16:37 - 2015-01-28 16:37 - 05270008 _____ (Tangysoft Ltd. ) C:\Users\WoJa\Downloads\UseNeXTSetup_5.64.exe
2015-01-28 09:04 - 2015-01-28 09:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-28 08:51 - 2015-01-28 08:51 - 03980064 _____ (TeamViewer) C:\Users\WoJa\Downloads\teamviewer.exe
2015-01-27 10:52 - 2015-01-27 11:03 - 00104145 _____ () C:\Users\WoJa\Desktop\Wiegeprotokoll_3_3_7.xlsx
2015-01-26 20:49 - 2015-01-26 20:49 - 00000000 ___SD () C:\Users\WoJa\Documents\Meine Datenquellen
2015-01-25 17:38 - 2015-02-08 08:48 - 00000000 ____D () C:\Users\WoJa\AppData\Local\Photo Explosion
2015-01-25 17:38 - 2015-01-25 17:38 - 00000125 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2015-01-25 16:56 - 2015-01-25 16:56 - 01525048 _____ (Avanquest Software) C:\Users\WoJa\Downloads\InPixioPhotoFocus3.0_DM.exe
2015-01-25 16:36 - 2015-01-25 16:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avanquest
2015-01-25 16:32 - 2015-01-25 16:35 - 86216328 _____ (Avanquest Software) C:\Users\WoJa\Downloads\Ausschneiden_2.0.3.exe
2015-01-25 16:28 - 2015-02-06 19:54 - 00000000 ____D () C:\Users\K L S K\AppData\Local\Avanquest
2015-01-25 16:26 - 2015-01-25 16:28 - 00000000 ____D () C:\Users\K L S K\AppData\Local\NGPR
2015-01-25 16:26 - 2015-01-25 16:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InPixio Photo Maximizer
2015-01-25 16:26 - 2015-01-25 16:26 - 00000000 ____D () C:\Program Files (x86)\InPixio Photo Maximizer
2015-01-25 16:15 - 2015-02-07 11:56 - 00000000 ____D () C:\Users\WoJa\AppData\Local\NGPR
2015-01-25 16:15 - 2015-01-25 17:39 - 00000000 ____D () C:\Users\WoJa\AppData\Local\Avanquest
2015-01-25 16:14 - 2015-02-06 19:52 - 00000000 ____D () C:\ProgramData\Avanquest
2015-01-25 16:14 - 2015-01-25 16:58 - 00000000 ____D () C:\Users\Public\Documents\Avanquest Software
2015-01-25 16:14 - 2015-01-25 16:58 - 00000000 ____D () C:\ProgramData\Configuration
2015-01-25 16:14 - 2015-01-25 16:14 - 00000000 ____D () C:\ProgramData\Avanquest Software
2015-01-25 16:10 - 2015-01-25 17:12 - 00000000 ___RD () C:\Users\WoJa\Desktop\Fotobearbeitung
2015-01-25 16:08 - 2015-01-25 16:10 - 42955192 _____ (Avanquest Software) C:\Users\WoJa\Downloads\InPixio_Photo_Maximizer_MLT.exe
2015-01-25 15:35 - 2015-01-25 16:58 - 00000000 ____D () C:\Program Files (x86)\Avanquest
2015-01-25 15:35 - 2015-01-25 15:35 - 01841528 _____ (Avanquest Software) C:\Users\WoJa\Downloads\Foto-Software_Ausschneiden_DE_FT.exe
2015-01-25 14:54 - 2015-01-25 14:54 - 00000000 ____D () C:\ProgramData\PDFEditor
2015-01-25 14:54 - 2015-01-25 14:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2015-01-25 14:54 - 2014-12-16 21:10 - 00096328 _____ (Wondershare Software) C:\WINDOWS\system32\WSMonEditor.dll
2015-01-23 14:34 - 2015-01-23 14:34 - 00020992 _____ () C:\Users\WoJa\Desktop\7,49.ufo
2015-01-17 09:24 - 2015-01-17 09:27 - 00000000 ____D () C:\Users\WoJa\Desktop\Weiterb._GWS_01_2015
2015-01-16 08:25 - 2015-01-16 10:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-01-16 06:45 - 2015-02-09 13:23 - 00000000 ___RD () C:\Users\WoJa\Dropbox
2015-01-16 06:45 - 2015-01-16 06:45 - 00000000 ____D () C:\Users\WoJa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-01-16 06:44 - 2015-02-09 07:45 - 00000000 ____D () C:\Users\WoJa\AppData\Roaming\Dropbox
2015-01-16 06:44 - 2015-01-16 06:45 - 00000000 ____D () C:\Users\K L S K\AppData\Roaming\Dropbox
2015-01-16 06:43 - 2015-01-16 06:43 - 00324136 _____ (Dropbox, Inc.) C:\Users\WoJa\Downloads\DropboxInstaller.exe
2015-01-15 19:35 - 2015-01-15 19:35 - 00201803 _____ () C:\Users\WoJa\Downloads\Dropbox.zip
2015-01-15 19:31 - 2015-01-16 06:45 - 00000000 ____D () C:\Users\WoJa\Desktop\Gollmer
2015-01-14 11:06 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-01-14 11:06 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-01-14 11:06 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-01-14 11:06 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-01-14 11:06 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-01-14 11:06 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-01-14 11:06 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-01-14 11:06 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-01-14 11:06 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-01-14 11:06 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-01-14 11:06 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-01-14 11:06 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-01-14 11:06 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-01-14 11:06 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-01-14 11:06 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-01-14 11:06 - 2014-10-29 05:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2015-01-14 11:06 - 2014-10-29 05:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2015-01-14 11:06 - 2014-10-29 04:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-01-14 11:06 - 2014-10-29 04:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-01-14 11:06 - 2014-10-29 04:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2015-01-14 11:06 - 2014-10-29 04:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2015-01-14 11:06 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2015-01-14 11:06 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2015-01-14 11:06 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-01-14 11:06 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-01-14 11:06 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2015-01-14 11:06 - 2014-10-29 03:44 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-01-14 11:06 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2015-01-14 11:06 - 2014-10-29 02:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2015-01-14 11:06 - 2014-10-29 02:02 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-01-14 11:06 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll
2015-01-13 17:15 - 2015-01-30 19:47 - 00000000 ____D () C:\Users\WoJa\Desktop\Schulter-OP

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-09 18:21 - 2014-07-17 13:57 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-02-09 18:21 - 2014-03-24 06:44 - 00001146 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-09 18:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-02-09 17:49 - 2014-03-21 13:39 - 01071209 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-09 13:21 - 2013-11-14 08:26 - 01780340 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-02-09 13:21 - 2013-11-14 08:11 - 00766620 _____ () C:\WINDOWS\system32\perfh007.dat
2015-02-09 13:21 - 2013-11-14 08:11 - 00159902 _____ () C:\WINDOWS\system32\perfc007.dat
2015-02-09 12:22 - 2013-05-13 13:44 - 00000870 _____ () C:\WINDOWS\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2015-02-09 12:21 - 2014-06-15 20:07 - 00000000 ____D () C:\Users\K L S K\AppData\Roaming\AnvSoft
2015-02-09 11:21 - 2014-03-24 06:44 - 00001142 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-09 11:07 - 2014-04-20 16:56 - 00000000 ____D () C:\Users\WoJa\AppData\Roaming\UseNeXT
2015-02-09 10:45 - 2014-05-15 15:47 - 00000000 ____D () C:\Users\WoJa\AppData\Roaming\vlc
2015-02-09 07:46 - 2014-03-21 14:23 - 00000000 ____D () C:\Users\WoJa\Documents\Youcam
2015-02-09 07:45 - 2014-03-31 16:06 - 00000000 ____D () C:\Users\WoJa\AppData\Local\FreePDF_XP
2015-02-09 07:45 - 2014-03-24 06:46 - 00000000 ___RD () C:\Users\WoJa\Google Drive
2015-02-09 07:45 - 2014-03-21 14:22 - 00000000 __RDO () C:\Users\WoJa\SkyDrive
2015-02-09 07:45 - 2014-03-21 14:19 - 00697525 _____ () C:\ProgramData\lxeb.log
2015-02-09 07:45 - 2014-03-21 11:05 - 00097532 _____ () C:\ProgramData\lxebscan.log
2015-02-09 07:45 - 2013-05-13 13:44 - 00000868 _____ () C:\WINDOWS\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2015-02-08 13:49 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-02-08 09:14 - 2014-03-22 16:21 - 02073600 ___SH () C:\Users\WoJa\Desktop\Thumbs.db
2015-02-07 13:50 - 2014-03-29 13:47 - 00000000 ____D () C:\Users\WoJa\AppData\Roaming\AIMP3
2015-02-07 13:04 - 2014-03-21 20:46 - 00000000 ____D () C:\WINDOWS\Minidump
2015-02-07 13:04 - 2014-03-21 13:33 - 00000000 ___DC () C:\WINDOWS\Panther
2015-02-07 12:31 - 2014-11-06 20:27 - 00000000 ____D () C:\Users\WoJa\Desktop\Spenner
2015-02-07 12:29 - 2014-04-29 12:40 - 00000000 ____D () C:\Users\WoJa\Documents\Outlook-Dateien
2015-02-07 11:52 - 2014-03-21 14:22 - 00000000 ____D () C:\Users\WoJa\AppData\Local\VirtualStore
2015-02-07 10:56 - 2014-11-27 06:16 - 00272296 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2015-02-07 10:56 - 2014-11-27 06:15 - 00176552 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2015-02-07 10:56 - 2014-11-27 06:15 - 00176552 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2015-02-07 10:56 - 2014-11-27 06:15 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-02-07 10:56 - 2014-11-27 06:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-02-07 10:56 - 2014-11-27 06:15 - 00000000 ____D () C:\Program Files (x86)\Java
2015-02-07 10:56 - 2014-09-27 07:20 - 00000000 ____D () C:\ProgramData\Oracle
2015-02-07 10:54 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\LiveKernelReports
2015-02-06 19:52 - 2013-05-13 13:56 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-02-06 19:16 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-02-04 12:11 - 2014-03-27 21:50 - 00000000 ____D () C:\Users\WoJa\AppData\Roaming\KeePass
2015-02-03 20:31 - 2013-08-22 16:38 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-02-03 20:31 - 2013-08-22 16:38 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-03 17:15 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-31 11:39 - 2014-03-21 11:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-30 18:32 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-01-29 17:58 - 2014-05-16 20:33 - 00000000 ___RD () C:\Users\WoJa\Desktop\Schulungen
2015-01-28 14:17 - 2014-03-24 06:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-01-28 08:51 - 2014-09-22 19:10 - 00000000 ____D () C:\Users\WoJa\AppData\Roaming\TeamViewer
2015-01-27 15:36 - 2013-08-22 15:44 - 00511368 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-01-25 16:58 - 2014-03-27 20:28 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-23 11:24 - 2014-12-16 19:44 - 00000000 ____D () C:\Users\WoJa\Desktop\Steuern
2015-01-19 13:08 - 2013-12-13 10:38 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-01-19 13:05 - 2013-04-11 08:30 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-01-16 11:38 - 2014-03-21 11:06 - 00000000 ____D () C:\ProgramData\Lx_cats
2015-01-16 06:45 - 2014-03-21 13:37 - 00000000 ____D () C:\Users\WoJa

==================== Files in the root of some directories =======

2014-05-16 20:44 - 2014-12-10 07:53 - 0005120 _____ () C:\Users\WoJa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-06-13 19:51 - 2014-06-13 19:51 - 0000057 _____ () C:\ProgramData\Ament.ini
2014-03-21 11:09 - 2014-03-21 11:09 - 0000252 _____ () C:\ProgramData\FastPics.log
2014-03-21 14:19 - 2015-02-09 07:45 - 0697525 _____ () C:\ProgramData\lxeb.log
2014-04-19 19:01 - 2014-07-02 10:19 - 0000309 _____ () C:\ProgramData\lxebDiagnostics.log
2014-03-21 11:08 - 2014-06-12 11:20 - 0097172 _____ () C:\ProgramData\lxebJSW.log
2014-03-21 11:05 - 2015-02-09 07:45 - 0097532 _____ () C:\ProgramData\lxebscan.log
2015-01-25 17:38 - 2015-01-25 17:38 - 0000125 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2014-03-21 11:04 - 2014-03-21 11:04 - 0000000 _____ () C:\ProgramData\UpdaterLog.txt
2013-12-13 09:24 - 2013-12-13 09:25 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2013-12-13 09:22 - 2013-12-13 09:23 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2013-12-13 09:23 - 2013-12-13 09:24 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log

Some content of TEMP:
====================
C:\Users\K L S K\AppData\Local\Temp\avgnt.exe
C:\Users\WoJa\AppData\Local\Temp\avgnt.exe
C:\Users\WoJa\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpblsutq.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

--- --- ---

--- --- ---
-09 18:38:39
Running from C:\Users\WoJa\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

8GadgetPack (HKLM-x32\...\{32A7C3B0-E5C3-4913-B1F2-49FE860FAA5E}) (Version: 11.0.0 - Helmut Buhler)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10)  MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AIMP3 (HKLM-x32\...\AIMP3) (Version: v3.55.1345, 26.03.2014 - AIMP DevTeam)
Any Video Converter 5.7.7 (HKLM-x32\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avanquest message (HKLM-x32\...\{20573C69-4A68-4BEF-A23D-365CB66924CD}) (Version: 1.03.0 - Avanquest Software)
Avanquest update (HKLM-x32\...\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}) (Version: 1.34 - Avanquest Software)
Avery Wizard 5.0 (HKLM-x32\...\{FC3B3A5D-7058-4627-9F1E-F95CC38B6054}) (Version: 5.0.5 - Avery)
Avira (HKLM-x32\...\{70a79d1f-686d-4d5c-962b-07aa1294eae0}) (Version: 1.1.12.20002 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.12.20002 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
CyberLink YouCam 5 (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.2219 - CyberLink Corp.)
Disketch CD-Beschriftungssoftware (HKU\S-1-5-21-3381209366-1052480604-4067403755-1005\...\Disketch) (Version: 3.09 - NCH Software)
dm-Fotowelt (HKLM-x32\...\dm-Fotowelt) (Version: 5.1.5 - CEWE Stiftung u Co. KGaA)
Dropbox (HKU\S-1-5-21-3381209366-1052480604-4067403755-1005\...\Dropbox) (Version: 3.0.5 - Dropbox, Inc.)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 15.3.20141106 - Landesfinanzdirektion Thüringen)
FixMyRegistry (HKLM-x32\...\FixMyRegistry) (Version: 38.1 - SmartTweak Software) <==== ATTENTION
Free FLV Converter V 7.6.1 (HKLM-x32\...\Free FLV Converter_is1) (Version: 7.6.1.0 - Koyote Lab Inc.)
Free YouTube Download version 3.2.49.1111 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.49.1111 - DVDVideoSoft Ltd.)
Freemake Video Downloader (HKLM-x32\...\Freemake Video Downloader_is1) (Version: 3.7.1 - Ellora Assets Corporation)
FreePDF (Remove only) (HKLM-x32\...\FreePDF_XP) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)
Google Drive (HKLM-x32\...\{65EACBB4-B0B8-4A5B-AE46-22DBE15C70B5}) (Version: 1.19.8406.6504 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.07) (Version: 9.07 - Artifex Software Inc.)
HAENNI EC 200 - 2.5.1 (HKLM-x32\...\"EC 200"_is1) (Version:  - HAENNI Instruments Inc.)
HP Officejet Pro 8600 - Grundlegende Software für das Gerät (HKLM\...\{D2D05FDB-4EDA-462D-8DB6-E0B9AD4FA25F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
InPixio Photo (HKLM-x32\...\{5F0C0CD8-77B1-4C3E-9F01-5AF10D85DBB4}) (Version: 6.03.0 - Avanquest Software)
InPixio Photo Focus (HKLM-x32\...\{D7DF4A1C-F5CD-49F6-927E-12E6A8EF4174}) (Version: 3.01.0 - Avanquest Software)
InPixio Photo Maximizer (HKLM-x32\...\{33DB8C17-40C9-4629-B6D4-05A4C7E8AA86}) (Version: 2.0.25799 - Avanquest Software)
InstaCards (HKLM-x32\...\{58259C24-7B5E-4977-93B0-E9EEA1B884CE}) (Version: 1.5.0 - Avanquest Software)
Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.36354 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation)
Intel(R) Rapid Start Technology (HKLM-x32\...\{3D073343-CEEB-4ce7-85AC-A69A7631B5D6}) (Version: 3.0.0.1008 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.7.0.1013 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
KeePass Password Safe 2.28 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.28 - Dominik Reichl)
Lexmark Pro200-S500 Series (HKLM\...\Lexmark Pro200-S500 Series) (Version:  - Lexmark International, Inc.)
LVP v4.0 (HKLM-x32\...\LVP v4.0) (Version: 4.0 - )
Mein CEWE FOTOBUCH (HKLM-x32\...\Mein CEWE FOTOBUCH) (Version: 5.1.5 - CEWE Stiftung u Co. KGaA)
Microsoft Expression Web 4 (HKLM-x32\...\Web_4.0.1460.0) (Version: 4.0.1460.0 - Microsoft Corporation)
Microsoft Image Composer 1.5 (HKLM-x32\...\Image Composer) (Version:  - )
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version:  - Pavel Cvrcek)
Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 31.4.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.4.0 (x86 de)) (Version: 31.4.0 - Mozilla)
MyDriveConnect 3.3.0.1756 (HKLM-x32\...\MyDriveConnect) (Version: 3.3.0.1756 - TomTom)
PEAK OEM-Treiber (HKLM-x32\...\PEAK OEM-Treiber) (Version: 3.8.02.10146 - PEAK-System Technik GmbH)
PHotkey (HKLM-x32\...\{E50C224A-BBF2-428D-9DCF-DBF9DF85C40E}) (Version: 1.00.0069 - Pegatron Corporation)
Positive Finds (HKLM-x32\...\Positive Finds) (Version: 2.0.5517.40576 - Positive Finds)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.206 - Ihr Firmenname)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6873 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.2.8400.30143 - Realtek Semiconductor Corp.)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: 1.90 - Ghostgum Software Pty Ltd)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.16.0 - Synaptics Incorporated)
TightVNC (HKLM\...\{D2372F87-7DA2-47F7-A102-AF2181B8EAA2}) (Version: 2.7.10.0 - GlavSoft LLC.)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.51a - Ghisler Software GmbH)
Ulead PhotoImpact 12 (HKLM-x32\...\{11AFE21E-B193-430D-B57A-DFF7815BB962}) (Version: 12.0 - Ulead System)
UnderCoverXP 1.23 (HKLM-x32\...\UnderCoverXP_is1) (Version:  - Wicked & Wild Inc.)
UseNeXT by Tangysoft (HKLM-x32\...\UseNeXT by Tangysoft_is1) (Version:  - Tangysoft Ltd.)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player 2.1.4 (HKLM\...\VLC media player) (Version: 2.1.4 - VideoLAN)
WEKA Ladungssicherung in der Praxis September 2013 (HKLM-x32\...\WEKA LADUNGSSICHERUNG IN DER PRAXIS SEPTEMBER 2013) (Version: September 2013 - WEKA)
Windows Driver Package - FTDI CDM Driver Package - Bus/D2XX Driver (01/18/2013 2.08.28) (HKLM\...\9E24492CE9279512BD465F61DB8523641BB7BBFC) (Version: 01/18/2013 2.08.28 - FTDI)
Windows Driver Package - FTDI CDM Driver Package - VCP Driver (01/18/2013 2.08.28) (HKLM\...\E61B77ECE57113AE1CA028BC7A8AD6C137BD13DD) (Version: 01/18/2013 2.08.28 - FTDI)
Windows Mobile-Gerätecenter (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR 5.11 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
WISO EÜR & Kasse 2014 (HKLM-x32\...\{50320153-AE64-4CBB-B5FC-73C5C22B545D}) (Version: 21.01.8499 - Buhl Data Service GmbH)
WISO EÜR & Kasse 2015 (HKLM-x32\...\{A6981B8B-FDEF-4BB4-917D-1CFFACEA241F}) (Version: 22.01.8841 - Buhl Data Service GmbH)
Wondershare PDFelement(Build 4.0.0) (HKLM-x32\...\{75BAE677-F65A-45A4-9931-363FE0CF5E58}_is1) (Version: 4.0.0.3 - Wondershare Software Co.,Ltd.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

ATTENTION: System Restore is disabled.
Check "winmgmt" service or repair WMI.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => ?
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => ?
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => ?
Task: C:\WINDOWS\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => ?
Task: C:\WINDOWS\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => ?
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => ?

==================== Loaded Modules (whitelisted) ==============

2013-05-13 14:15 - 2012-01-12 16:58 - 00477696 _____ () C:\Program Files (x86)\PHotkey\PVDAgent.exe
2012-04-16 13:45 - 2012-04-16 13:45 - 00119808 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\updateui.exe
2014-01-25 02:22 - 2014-01-25 02:22 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-08-10 17:28 - 2012-08-10 17:28 - 00384128 _____ () C:\Program Files (x86)\Bluetooth Suite\ContactsApi.dll
2012-08-10 17:23 - 2012-08-10 17:23 - 00020992 _____ () C:\Program Files (x86)\Bluetooth Suite\L10n\de-DE\BtTray.de-DE.dll
2014-03-21 11:04 - 2013-01-23 13:29 - 00772712 _____ () C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe
2014-03-21 11:04 - 2013-01-23 13:29 - 00150264 _____ () C:\Program Files (x86)\Lexmark Pro200-S500 Series\ezprint.exe
2015-02-04 10:21 - 2015-02-04 10:21 - 00370176 _____ () C:\Program Files\WindowsApps\C27EB4BA.Dropbox_3.0.4.0_x86__xbfy0k16fey96\Dropbox.WindowsApp.exe

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\WoJa\SkyDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Registry Areas =====================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3381209366-1052480604-4067403755-1005\Control Panel\Desktop\\Wallpaper -> C:\Users\WoJa\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-3381209366-1052480604-4067403755-500 - Administrator - Disabled)
Gast (S-1-5-21-3381209366-1052480604-4067403755-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3381209366-1052480604-4067403755-1007 - Limited - Enabled)
K L S K (S-1-5-21-3381209366-1052480604-4067403755-1008 - Administrator - Enabled) => C:\Users\K L S K
WoJa (S-1-5-21-3381209366-1052480604-4067403755-1005 - Limited - Enabled) => C:\Users\WoJa
Wolfgang (S-1-5-21-3381209366-1052480604-4067403755-1001 - Administrator - Enabled) => C:\Users\Wolfgang

==================== Faulty Device Manager Devices =============

Name: Bluetooth Audio Device
Description: Bluetooth Audio Device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Qualcomm Atheros Communications
Service: BTATH_A2DP
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Virtual Bluetooth Support (Include Audio)
Description: Virtual Bluetooth Support (Include Audio)
Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Manufacturer: Qualcomm Atheros Communications
Service: AthBTPort
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Bluetooth LWFLT Device
Description: Bluetooth LWFLT Device
Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Manufacturer: Qualcomm Atheros Communications
Service: BTATH_LWFLT
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


==================== Event log errors: =========================

Application errors:
==================
Error: (02/09/2015 11:28:00 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Explorer.EXE, Version 6.3.9600.17284 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: dc4

Startzeit: 01d04433f8dc6920

Endzeit: 0

Anwendungspfad: C:\WINDOWS\Explorer.EXE

Berichts-ID: 43c568f5-b046-11e4-bf0f-dc85de86b96e

Vollständiger Name des fehlerhaften Pakets:

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (02/06/2015 09:10:22 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm explorer.exe, Version 6.3.9600.17284 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 934

Startzeit: 01d041e3a8d6651a

Endzeit: 31

Anwendungspfad: C:\WINDOWS\explorer.exe

Berichts-ID: 94e86d51-add7-11e4-bf0f-dc85de86b96e

Vollständiger Name des fehlerhaften Pakets:

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (02/03/2015 00:18:56 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Das Volume "\\?\Volume{a439f205-8c97-4aa9-8782-5361c10f7ecc}\" wurde aufgrund eines Fehlers nicht optimiert: Falscher Parameter. (0x80070057)

Error: (01/31/2015 00:35:33 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Das Volume "\\?\Volume{a439f205-8c97-4aa9-8782-5361c10f7ecc}\" wurde aufgrund eines Fehlers nicht optimiert: Falscher Parameter. (0x80070057)

Error: (01/31/2015 11:34:36 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: WoJa-Win-8_PC)
Description: Das lokale Benutzerprofil wurde nicht gefunden. Sie werden mit einem temporären Benutzerprofil angemeldet. Änderungen, die Sie am Benutzerprofil vornehmen, gehen bei der Abmeldung verloren.

Error: (01/31/2015 11:34:36 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1515) (User: WoJa-Win-8_PC)
Description: Dieses Benutzerprofil wurde gesichert. Bei der nächsten Anmeldung dieses Benutzers wird automatisch versucht, dieses gesicherte Profil zu verwenden.

Error: (01/31/2015 11:34:36 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1502) (User: WoJa-Win-8_PC)
Description: Das lokal gespeicherte Profil kann nicht geladen werden. Mögliche Fehlerursachen sind nicht ausreichende Sicherheitsrechte oder ein beschädigtes lokales Profil.

 Details - Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.

Error: (01/31/2015 11:34:36 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT-AUTORITÄT)
Description: Die Registrierung konnte nicht geladen werden. Dieses Problem wird oft durch zuwenig Arbeitsspeicher oder nicht ausreichende Sicherheitsberechtigungen verursacht.

 Details - Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
 for C:\Users\K L S K\ntuser.dat

Error: (01/30/2015 08:22:18 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: WoJa-Win-8_PC)
Description: Das lokale Benutzerprofil wurde nicht gefunden. Sie werden mit einem temporären Benutzerprofil angemeldet. Änderungen, die Sie am Benutzerprofil vornehmen, gehen bei der Abmeldung verloren.

Error: (01/30/2015 08:22:18 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1515) (User: WoJa-Win-8_PC)
Description: Dieses Benutzerprofil wurde gesichert. Bei der nächsten Anmeldung dieses Benutzers wird automatisch versucht, dieses gesicherte Profil zu verwenden.


System errors:
=============
Error: (02/09/2015 11:36:58 AM) (Source: Microsoft-Windows-BitLocker-Driver) (EventID: 24620) (User: NT-AUTORITÄT)
Description: Überprüfung des verschlüsselten Volumes: Die Volumeinformationen auf "G:" können nicht gelesen werden.

Error: (02/09/2015 11:25:26 AM) (Source: disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR14 gefunden.

Error: (02/08/2015 05:22:00 PM) (Source: DCOM) (EventID: 10010) (User: WOJA-WIN-8_PC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (02/08/2015 05:22:00 PM) (Source: DCOM) (EventID: 10010) (User: WOJA-WIN-8_PC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (02/08/2015 08:05:09 AM) (Source: DCOM) (EventID: 10010) (User: WOJA-WIN-8_PC)
Description: {ED1D0FDF-4414-470A-A56D-CFB68623FC58}

Error: (02/08/2015 07:58:48 AM) (Source: DCOM) (EventID: 10010) (User: WOJA-WIN-8_PC)
Description: {ED1D0FDF-4414-470A-A56D-CFB68623FC58}

Error: (02/08/2015 07:49:07 AM) (Source: DCOM) (EventID: 10010) (User: WOJA-WIN-8_PC)
Description: {ED1D0FDF-4414-470A-A56D-CFB68623FC58}

Error: (02/08/2015 07:39:55 AM) (Source: DCOM) (EventID: 10010) (User: WOJA-WIN-8_PC)
Description: {ED1D0FDF-4414-470A-A56D-CFB68623FC58}

Error: (02/07/2015 01:02:38 PM) (Source: DCOM) (EventID: 10010) (User: WOJA-WIN-8_PC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (02/07/2015 01:02:38 PM) (Source: DCOM) (EventID: 10010) (User: WOJA-WIN-8_PC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}


Microsoft Office Sessions:
=========================
Error: (02/09/2015 11:28:00 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Explorer.EXE6.3.9600.17284dc401d04433f8dc69200C:\WINDOWS\Explorer.EXE43c568f5-b046-11e4-bf0f-dc85de86b96e

Error: (02/06/2015 09:10:22 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: explorer.exe6.3.9600.1728493401d041e3a8d6651a31C:\WINDOWS\explorer.exe94e86d51-add7-11e4-bf0f-dc85de86b96e

Error: (02/03/2015 00:18:56 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: \\?\Volume{a439f205-8c97-4aa9-8782-5361c10f7ecc}\Falscher Parameter. (0x80070057)

Error: (01/31/2015 00:35:33 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: \\?\Volume{a439f205-8c97-4aa9-8782-5361c10f7ecc}\Falscher Parameter. (0x80070057)

Error: (01/31/2015 11:34:36 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: WoJa-Win-8_PC)
Description:

Error: (01/31/2015 11:34:36 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1515) (User: WoJa-Win-8_PC)
Description:

Error: (01/31/2015 11:34:36 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1502) (User: WoJa-Win-8_PC)
Description: Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.

Error: (01/31/2015 11:34:36 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT-AUTORITÄT)
Description: Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
C:\Users\K L S K\ntuser.dat

Error: (01/30/2015 08:22:18 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: WoJa-Win-8_PC)
Description:

Error: (01/30/2015 08:22:18 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1515) (User: WoJa-Win-8_PC)
Description:


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-3517U CPU @ 1.90GHz
Percentage of memory in use: 47%
Total physical RAM: 8075 MB
Available physical RAM: 4258.69 MB
Total Pagefile: 9355 MB
Available Pagefile: 4745.45 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:229.8 GB) (Free:107.5 GB) NTFS

==================== MBR & Partition Table ==================

==================== End Of Log ============================

Aneri 09.02.2015 18:58
Hi,

Zitat:
Ran by WoJa (ATTENTION: The logged in user is not administrator) on WOJA-WIN-8_PC on 09-02-2015 18:38:09
Running from C:\Users\WoJa\Downloads
bitte erstelle die Logfiles erneut, das Programm benötigt Administratorrechte... des weiteren bitte die Tools immer vom Desktop ausführen...

Erstelle die Logfiles bitte erneut, kopiere vorher ds Programm auf deinen Desktop.
Setze en Haken bei Adittions.txt und drücke Scan.

Corsipo 09.02.2015 19:21
Scans
 
Hi,

ich habe jetzt vom Adminkonto aus gescant. Dort gibt es übrigens keinerlei popups.
Ich habe mir das Programm FRST jetzt über chrome heruntergeladen.

Hier die Ergebnisse des Scans:


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-02-2015
Ran by K L S K (administrator) on WOJA-WIN-8_PC on 09-02-2015 19:16:29
Running from C:\Users\K L S K\Downloads
Loaded Profiles: K L S K (Available profiles: Wolfgang & WoJa & K L S K)
Platform: Windows 8.1 Pro (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() C:\Program Files (x86)\PHotkey\AsLdrSrv.exe
() C:\Program Files (x86)\PHotkey\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Ellora Assets Corp.) C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(GlavSoft LLC.) C:\Program Files\TightVNC\tvnserver.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
() C:\Program Files (x86)\Common Files\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\updater.exe
() C:\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\plugincontainer.exe
() C:\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\plugins\5\Plugin.exe
() C:\Program Files (x86)\PHotkey\PHotkey.exe
() C:\Program Files (x86)\PHotkey\MsgTranAgt.exe
() C:\Program Files (x86)\PHotkey\MsgTranAgt64.exe
() C:\Program Files (x86)\PHotkey\Atouch64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exe
() C:\Program Files (x86)\PHotkey\PVDesktop.exe
() C:\Program Files (x86)\PHotkey\PVDAgent.exe
(Pegatron Corporation) C:\Program Files (x86)\PHotkey\MyWiMax.exe
() C:\Program Files (x86)\PHotkey\POsd.exe
() C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\updateui.exe
(Intel) C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe
() C:\Program Files (x86)\PHotkey\GPMTray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe
( ) C:\Windows\SysWOW64\lxebcoms.exe
() C:\Program Files (x86)\Lexmark Pro200-S500 Series\ezprint.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(GlavSoft LLC.) C:\Program Files\TightVNC\tvnserver.exe
(TomTom) C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe
(TODO: <Company name>) C:\Program Files (x86)\PHotkey\HCSynApi.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\Monitor.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13513288 2013-03-29] (Realtek Semiconductor)
HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [764032 2012-08-10] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-08-10] (Atheros Communications)
HKLM\...\Run: [lxebmon.exe] => C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe [772712 2013-01-23] ()
HKLM\...\Run: [EzPrint] => C:\Program Files (x86)\Lexmark Pro200-S500 Series\ezprint.exe [150264 2013-01-23] ()
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2930488 2012-09-21] (Synaptics Incorporated)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [tvncontrol] => C:\Program Files\TightVNC\tvnserver.exe [2179056 2013-07-19] (GlavSoft LLC.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-11-19] (Intel Corporation)
HKLM-x32\...\Run: [ATLauncher] => C:\Program Files\McAfee\MSC\OOBE\ATLauncher.exe [488120 2012-08-08] (McAfee, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491632 2012-09-26] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [258576 2012-10-22] (CyberLink Corp.)
HKLM-x32\...\Run: [Ulead AutoDetector v2] => C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\monitor.exe [90112 2006-11-29] (Ulead Systems, Inc.)
HKLM-x32\...\Run: [FreePDF Assistant] => C:\Program Files (x86)\FreePDF_XP\fpassist.exe [373760 2014-03-18] (shbox.de)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-16] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SHIWebOnDiskManager] => C:\Program Files (x86)\SHIWebOnDiskManager\SHIWebOnDiskManager.exe [245760 2013-09-03] (SHI Elektronische Medien GmbH)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [182352 2014-05-05] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2024800 2014-06-04] (Wondershare)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => "E:\KeePass Password Safe 2\KeePass.exe" --preload
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3381209366-1052480604-4067403755-1008\...\Run: [FixMyRegistry] => C:\Program Files (x86)\SmartTweak\FixMyRegistry\FixMyRegistry.exe [1886840 2014-05-26] ()
HKU\S-1-5-21-3381209366-1052480604-4067403755-1008\...\Run: [MyDriveConnect.exe] => C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe [1792376 2014-08-22] (TomTom)
HKU\S-1-5-21-3381209366-1052480604-4067403755-1008\...\Run: [Avanquest message] => C:\Program Files (x86)\Avanquest\Avanquest message\AQNotif.exe [361272 2015-01-23] (Avanquest Software)
HKU\S-1-5-21-3381209366-1052480604-4067403755-1008\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)
HKU\S-1-5-21-3381209366-1052480604-4067403755-1008\...\RunOnce: [Adobe Speed Launcher] => 1423505557
Startup: C:\Users\WoJa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\K L S K\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
Startup: C:\Users\WoJa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sidebar517.lnk
ShortcutTarget: Sidebar517.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
Startup: C:\Users\WoJa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet Pro 8600 (Netzwerk).lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Officejet Pro 8600 (Netzwerk).lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:53928;https=127.0.0.1:53928
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3381209366-1052480604-4067403755-1008\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://localoem.msn.com
SearchScopes: HKLM -> DefaultScope {EBCCD0A8-AB24-4C44-930F-1E4AC4FEE46E} URL = hxxp://www.sm.de/?q={searchTerms}
SearchScopes: HKLM -> {EBCCD0A8-AB24-4C44-930F-1E4AC4FEE46E} URL = hxxp://www.sm.de/?q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
BHO-x32: Positive Finds -> {30c85a3d-1d96-4589-b63f-91fb7ef45a41} -> C:\Program Files (x86)\Positive Finds\Extensions\30c85a3d-1d96-4589-b63f-91fb7ef45a41.dll ()
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\K L S K\AppData\Roaming\Mozilla\Firefox\Profiles\xciieqrs.default
FF SearchEngineOrder.1: SuchMaschine
FF SelectedSearchEngine: Web Search
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\K L S K\AppData\Roaming\Mozilla\Firefox\Profiles\xciieqrs.default\user.js
FF SearchPlugin: C:\Users\K L S K\AppData\Roaming\Mozilla\Firefox\Profiles\xciieqrs.default\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\K L S K\AppData\Roaming\Mozilla\Firefox\Profiles\xciieqrs.default\searchplugins\google-maps.xml
FF Extension: Download videos and MP3s from YouTube - C:\Users\K L S K\AppData\Roaming\Mozilla\Firefox\Profiles\xciieqrs.default\Extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900} [2014-11-24]
FF Extension: Snap.Do  - C:\Users\K L S K\AppData\Roaming\Mozilla\Firefox\Profiles\xciieqrs.default\Extensions\{d58e9cf5-f32e-9415-c1f8-6970b588f790} [2014-06-15]
FF Extension: Cliqz Beta - C:\Users\K L S K\AppData\Roaming\Mozilla\Firefox\Profiles\xciieqrs.default\Extensions\cliqz@cliqz.com.xpi [2014-11-15]
FF Extension: Positive Finds - C:\Users\K L S K\AppData\Roaming\Mozilla\Firefox\Profiles\xciieqrs.default\Extensions\{7084813e-70d5-4251-9d2b-03bda4f44792}.xpi [2015-02-09]
FF HKU\S-1-5-21-3381209366-1052480604-4067403755-1008\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\K L S K\AppData\Roaming\Mozilla\Firefox\Profiles\xciieqrs.default\extensions\cliqz@cliqz.com
FF HKU\S-1-5-21-3381209366-1052480604-4067403755-1008\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-11-24]

Chrome:
=======
CHR Profile: C:\Users\K L S K\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\K L S K\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-09-22]
CHR Extension: (Google Docs) - C:\Users\K L S K\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-22]
CHR Extension: (Google Drive) - C:\Users\K L S K\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-22]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\K L S K\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-07]
CHR Extension: (YouTube) - C:\Users\K L S K\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-22]
CHR Extension: (Google-Suche) - C:\Users\K L S K\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-22]
CHR Extension: (Google Tabellen) - C:\Users\K L S K\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-09-22]
CHR Extension: (Google Wallet) - C:\Users\K L S K\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-22]
CHR Extension: (Google Mail) - C:\Users\K L S K\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-22]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 ASLDRService; C:\Program Files (x86)\PHotkey\ASLDRSrv.exe [104968 2009-12-18] ()
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [211584 2012-08-10] (Qualcomm Atheros Commnucations)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [124496 2014-05-05] (Avira Operations GmbH & Co. KG)
R2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2014-11-18] (Ellora Assets Corp.) [File not signed]
R2 GFNEXSrv; C:\Program Files (x86)\PHotkey\GFNEXSrv.exe [156672 2011-10-13] () [File not signed]
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2464400 2013-05-08] (Realsil Microelectronics Inc.)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-09-18] (Intel Corporation)
R2 irstrtsv; C:\windows\SysWOW64\irstrtsv.exe [668984 2013-04-24] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-09-18] (Intel Corporation)
S2 lxebCATSCustConnectService; C:\windows\system32\spool\DRIVERS\x64\3\\lxebserv.exe [45736 2010-04-14] (Lexmark International, Inc.)
S3 McAWFwk; C:\Program Files\McAfee\MSC\McAWFwk.exe [332080 2012-01-26] (McAfee, Inc.)
S2 McOobeSv2; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [219832 2012-06-17] (McAfee, Inc.)
R2 Service Mgr PositiveFinds; C:\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\plugincontainer.exe [577272 2015-02-09] ()
R2 tvnserver; C:\Program Files\TightVNC\tvnserver.exe [2179056 2013-07-19] (GlavSoft LLC.)
R2 Update Mgr PositiveFinds; C:\Program Files (x86)\Common Files\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\updater.exe [384760 2015-02-09] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-08-10] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131608 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-08-10] (Qualcomm Atheros)
R3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [131584 2013-08-22] (Microsoft Corporation)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2013-04-24] (Intel Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)
S3 Pcan_usb; C:\Windows\System32\drivers\PCAN_USB.SYS [100864 2012-01-24] (PEAK-System Technik GmbH, Darmstadt, Germany)
R2 PEGAGFN; C:\Program Files (x86)\PHotkey\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-09-21] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [44344 2012-09-21] (Synaptics Incorporated)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-09 19:16 - 2015-02-09 19:16 - 00024287 _____ () C:\Users\K L S K\Downloads\FRST.txt
2015-02-09 19:15 - 2015-02-09 19:15 - 02132992 _____ (Farbar) C:\Users\K L S K\Downloads\FRST64.exe
2015-02-09 18:38 - 2015-02-09 19:16 - 00000000 ____D () C:\FRST
2015-02-09 18:38 - 2015-02-09 18:39 - 00045314 _____ () C:\Users\WoJa\Downloads\FRST.txt
2015-02-09 18:38 - 2015-02-09 18:38 - 00024874 _____ () C:\Users\WoJa\Downloads\Addition.txt
2015-02-09 18:36 - 2015-02-09 18:37 - 02132992 _____ (Farbar) C:\Users\WoJa\Downloads\FRST64.exe
2015-02-09 12:24 - 2015-02-09 12:53 - 00000000 ____D () C:\Users\WoJa\Desktop\Video
2015-02-09 12:22 - 2015-02-09 12:22 - 00000000 ____D () C:\Users\WoJa\Documents\Any Video Converter
2015-02-09 12:22 - 2015-02-09 12:22 - 00000000 ____D () C:\Users\WoJa\AppData\Roaming\Anvsoft
2015-02-09 12:21 - 2015-02-09 18:22 - 00000000 ____D () C:\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602
2015-02-09 12:21 - 2015-02-09 12:21 - 00000000 ____D () C:\Users\K L S K\AppData\Roaming\OpenCandy
2015-02-09 12:21 - 2015-02-09 12:21 - 00000000 ____D () C:\Program Files (x86)\Positive Finds
2015-02-09 12:20 - 2015-02-09 12:21 - 33703656 _____ (Any-Video-Converter.com ) C:\Users\WoJa\Downloads\avc-577free.exe
2015-02-09 12:14 - 2015-02-09 12:15 - 00000000 ____D () C:\Users\WoJa\Desktop\Polizeihubschrauber_mit_Norbert_2014
2015-02-08 12:12 - 2015-02-08 12:12 - 00055311 _____ () C:\Users\WoJa\Desktop\default.html
2015-02-08 08:48 - 2015-02-08 08:48 - 00000000 ____D () C:\Users\WoJa\AppData\Local\IsolatedStorage
2015-02-08 08:31 - 2015-02-08 09:52 - 00000000 ____D () C:\Users\WoJa\Desktop\Bearbeitung
2015-02-07 15:29 - 2015-02-09 11:25 - 00004552 _____ () C:\WINDOWS\setupact.log
2015-02-07 15:29 - 2015-02-07 15:29 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-02-07 13:09 - 2015-02-07 13:09 - 00001880 _____ () C:\Users\K L S K\Desktop\UseNeXT by Tangysoft.lnk
2015-02-07 13:09 - 2015-02-07 13:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UseNeXT
2015-02-07 13:09 - 2015-02-07 13:09 - 00000000 ____D () C:\Program Files (x86)\UseNeXT
2015-02-07 13:04 - 2015-02-07 13:04 - 00002776 _____ () C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2015-02-07 13:04 - 2015-02-07 13:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-02-07 13:04 - 2015-02-07 13:04 - 00000000 ____D () C:\Program Files\CCleaner
2015-02-07 13:03 - 2015-02-07 13:03 - 04196968 _____ (Piriform Ltd) C:\Users\K L S K\Downloads\ccsetup502_slim.exe
2015-02-07 12:55 - 2015-02-07 12:55 - 05270008 _____ (Tangysoft Ltd. ) C:\Users\WoJa\Downloads\UseNeXTSetup_5.64(1).exe
2015-02-07 12:35 - 2015-02-07 12:35 - 00000000 __SHD () C:\Users\WoJa\AppData\Local\EmieBrowserModeList
2015-02-06 19:52 - 2015-02-06 19:52 - 00000000 ____D () C:\Program Files (x86)\Avanquest update
2015-02-03 17:48 - 2015-02-04 12:09 - 00000581 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePass 2.lnk
2015-02-03 17:44 - 2015-02-03 17:44 - 02536151 _____ (Dominik Reichl ) C:\Users\WoJa\Downloads\KeePass-2.28-Setup.exe
2015-01-28 16:37 - 2015-01-28 16:37 - 05270008 _____ (Tangysoft Ltd. ) C:\Users\WoJa\Downloads\UseNeXTSetup_5.64.exe
2015-01-28 09:04 - 2015-01-28 09:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-28 08:51 - 2015-01-28 08:51 - 03980064 _____ (TeamViewer) C:\Users\WoJa\Downloads\teamviewer.exe
2015-01-27 10:52 - 2015-01-27 11:03 - 00104145 _____ () C:\Users\WoJa\Desktop\Wiegeprotokoll_3_3_7.xlsx
2015-01-26 20:49 - 2015-01-26 20:49 - 00000000 ___SD () C:\Users\WoJa\Documents\Meine Datenquellen
2015-01-25 17:38 - 2015-02-08 08:48 - 00000000 ____D () C:\Users\WoJa\AppData\Local\Photo Explosion
2015-01-25 17:38 - 2015-01-25 17:38 - 00000125 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2015-01-25 16:56 - 2015-01-25 16:56 - 01525048 _____ (Avanquest Software) C:\Users\WoJa\Downloads\InPixioPhotoFocus3.0_DM.exe
2015-01-25 16:36 - 2015-01-25 16:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avanquest
2015-01-25 16:32 - 2015-01-25 16:35 - 86216328 _____ (Avanquest Software) C:\Users\WoJa\Downloads\Ausschneiden_2.0.3.exe
2015-01-25 16:28 - 2015-02-06 19:54 - 00000000 ____D () C:\Users\K L S K\AppData\Local\Avanquest
2015-01-25 16:26 - 2015-01-25 16:28 - 00000000 ____D () C:\Users\K L S K\AppData\Local\NGPR
2015-01-25 16:26 - 2015-01-25 16:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InPixio Photo Maximizer
2015-01-25 16:26 - 2015-01-25 16:26 - 00000000 ____D () C:\Program Files (x86)\InPixio Photo Maximizer
2015-01-25 16:15 - 2015-02-07 11:56 - 00000000 ____D () C:\Users\WoJa\AppData\Local\NGPR
2015-01-25 16:15 - 2015-01-25 17:39 - 00000000 ____D () C:\Users\WoJa\AppData\Local\Avanquest
2015-01-25 16:14 - 2015-02-06 19:52 - 00000000 ____D () C:\ProgramData\Avanquest
2015-01-25 16:14 - 2015-01-25 16:58 - 00000000 ____D () C:\Users\Public\Documents\Avanquest Software
2015-01-25 16:14 - 2015-01-25 16:58 - 00000000 ____D () C:\ProgramData\Configuration
2015-01-25 16:14 - 2015-01-25 16:14 - 00000000 ____D () C:\ProgramData\Avanquest Software
2015-01-25 16:10 - 2015-01-25 17:12 - 00000000 ___RD () C:\Users\WoJa\Desktop\Fotobearbeitung
2015-01-25 16:08 - 2015-01-25 16:10 - 42955192 _____ (Avanquest Software) C:\Users\WoJa\Downloads\InPixio_Photo_Maximizer_MLT.exe
2015-01-25 15:35 - 2015-01-25 16:58 - 00000000 ____D () C:\Program Files (x86)\Avanquest
2015-01-25 15:35 - 2015-01-25 15:35 - 01841528 _____ (Avanquest Software) C:\Users\WoJa\Downloads\Foto-Software_Ausschneiden_DE_FT.exe
2015-01-25 14:54 - 2015-01-25 14:54 - 00000000 ____D () C:\ProgramData\PDFEditor
2015-01-25 14:54 - 2015-01-25 14:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2015-01-25 14:54 - 2014-12-16 21:10 - 00096328 _____ (Wondershare Software) C:\WINDOWS\system32\WSMonEditor.dll
2015-01-23 14:34 - 2015-01-23 14:34 - 00020992 _____ () C:\Users\WoJa\Desktop\7,49.ufo
2015-01-17 09:24 - 2015-01-17 09:27 - 00000000 ____D () C:\Users\WoJa\Desktop\Weiterb._GWS_01_2015
2015-01-16 08:25 - 2015-01-16 10:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-01-16 06:45 - 2015-02-09 13:23 - 00000000 ___RD () C:\Users\WoJa\Dropbox
2015-01-16 06:45 - 2015-01-16 06:45 - 00000000 ____D () C:\Users\WoJa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-01-16 06:44 - 2015-02-09 07:45 - 00000000 ____D () C:\Users\WoJa\AppData\Roaming\Dropbox
2015-01-16 06:44 - 2015-01-16 06:45 - 00000000 ____D () C:\Users\K L S K\AppData\Roaming\Dropbox
2015-01-16 06:43 - 2015-01-16 06:43 - 00324136 _____ (Dropbox, Inc.) C:\Users\WoJa\Downloads\DropboxInstaller.exe
2015-01-15 19:35 - 2015-01-15 19:35 - 00201803 _____ () C:\Users\WoJa\Downloads\Dropbox.zip
2015-01-15 19:31 - 2015-01-16 06:45 - 00000000 ____D () C:\Users\WoJa\Desktop\Gollmer
2015-01-14 11:06 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-01-14 11:06 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-01-14 11:06 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-01-14 11:06 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-01-14 11:06 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-01-14 11:06 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-01-14 11:06 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-01-14 11:06 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-01-14 11:06 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-01-14 11:06 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-01-14 11:06 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-01-14 11:06 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-01-14 11:06 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-01-14 11:06 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-01-14 11:06 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-01-14 11:06 - 2014-10-29 05:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2015-01-14 11:06 - 2014-10-29 05:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2015-01-14 11:06 - 2014-10-29 04:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-01-14 11:06 - 2014-10-29 04:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-01-14 11:06 - 2014-10-29 04:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2015-01-14 11:06 - 2014-10-29 04:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2015-01-14 11:06 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2015-01-14 11:06 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2015-01-14 11:06 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-01-14 11:06 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-01-14 11:06 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2015-01-14 11:06 - 2014-10-29 03:44 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-01-14 11:06 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2015-01-14 11:06 - 2014-10-29 02:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2015-01-14 11:06 - 2014-10-29 02:02 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-01-14 11:06 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll
2015-01-13 17:15 - 2015-01-30 19:47 - 00000000 ____D () C:\Users\WoJa\Desktop\Schulter-OP

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-09 19:13 - 2014-05-08 15:59 - 00000000 ____D () C:\Users\K L S K\Documents\Youcam
2015-02-09 19:13 - 2014-03-21 13:39 - 01128577 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-09 19:12 - 2014-03-24 06:44 - 00001142 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-09 19:12 - 2014-03-21 14:19 - 00697639 _____ () C:\ProgramData\lxeb.log
2015-02-09 19:12 - 2014-03-21 11:05 - 00097642 _____ () C:\ProgramData\lxebscan.log
2015-02-09 19:12 - 2013-05-13 14:49 - 00003314 _____ () C:\WINDOWS\System32\Tasks\Intel® Rapid Start Technology Manager
2015-02-09 19:12 - 2013-05-13 13:44 - 00000868 _____ () C:\WINDOWS\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2015-02-09 19:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-02-09 18:21 - 2014-07-17 13:57 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-02-09 18:21 - 2014-03-24 06:44 - 00001146 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-09 13:55 - 2014-03-21 15:06 - 00003946 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{132EB2ED-B4C8-4356-953F-243BB0BA9D63}
2015-02-09 13:21 - 2013-11-14 08:26 - 01780340 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-02-09 13:21 - 2013-11-14 08:11 - 00766620 _____ () C:\WINDOWS\system32\perfh007.dat
2015-02-09 13:21 - 2013-11-14 08:11 - 00159902 _____ () C:\WINDOWS\system32\perfc007.dat
2015-02-09 12:40 - 2014-03-21 14:27 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3381209366-1052480604-4067403755-1005
2015-02-09 12:22 - 2013-05-13 13:44 - 00000870 _____ () C:\WINDOWS\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2015-02-09 12:21 - 2014-06-15 20:07 - 00001226 _____ () C:\Users\K L S K\Desktop\Any Video Converter.lnk
2015-02-09 12:21 - 2014-06-15 20:07 - 00000000 ____D () C:\Users\K L S K\AppData\Roaming\AnvSoft
2015-02-09 11:07 - 2014-04-20 16:56 - 00000000 ____D () C:\Users\WoJa\AppData\Roaming\UseNeXT
2015-02-09 10:45 - 2014-05-15 15:47 - 00000000 ____D () C:\Users\WoJa\AppData\Roaming\vlc
2015-02-09 07:46 - 2014-03-21 14:23 - 00000000 ____D () C:\Users\WoJa\Documents\Youcam
2015-02-09 07:45 - 2014-03-31 16:06 - 00000000 ____D () C:\Users\WoJa\AppData\Local\FreePDF_XP
2015-02-09 07:45 - 2014-03-24 06:46 - 00000000 ___RD () C:\Users\WoJa\Google Drive
2015-02-09 07:45 - 2014-03-21 14:22 - 00000000 __RDO () C:\Users\WoJa\SkyDrive
2015-02-08 13:49 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-02-08 09:14 - 2014-03-22 16:21 - 02073600 ___SH () C:\Users\WoJa\Desktop\Thumbs.db
2015-02-07 13:50 - 2014-03-29 13:47 - 00000000 ____D () C:\Users\WoJa\AppData\Roaming\AIMP3
2015-02-07 13:07 - 2014-05-08 16:04 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3381209366-1052480604-4067403755-1008
2015-02-07 13:04 - 2014-03-21 20:46 - 00000000 ____D () C:\WINDOWS\Minidump
2015-02-07 13:04 - 2014-03-21 13:33 - 00000000 ___DC () C:\WINDOWS\Panther
2015-02-07 12:31 - 2014-11-06 20:27 - 00000000 ____D () C:\Users\WoJa\Desktop\Spenner
2015-02-07 12:29 - 2014-04-29 12:40 - 00000000 ____D () C:\Users\WoJa\Documents\Outlook-Dateien
2015-02-07 11:52 - 2014-03-21 14:22 - 00000000 ____D () C:\Users\WoJa\AppData\Local\VirtualStore
2015-02-07 11:16 - 2014-03-24 06:44 - 00004118 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-07 11:16 - 2014-03-24 06:44 - 00003882 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-07 10:56 - 2014-11-27 06:16 - 00272296 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2015-02-07 10:56 - 2014-11-27 06:15 - 00176552 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2015-02-07 10:56 - 2014-11-27 06:15 - 00176552 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2015-02-07 10:56 - 2014-11-27 06:15 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-02-07 10:56 - 2014-11-27 06:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-02-07 10:56 - 2014-11-27 06:15 - 00000000 ____D () C:\Program Files (x86)\Java
2015-02-07 10:56 - 2014-09-27 07:20 - 00000000 ____D () C:\ProgramData\Oracle
2015-02-07 10:55 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\LiveKernelReports
2015-02-06 19:52 - 2013-05-13 13:56 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-02-06 19:16 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-02-05 14:21 - 2014-07-17 13:57 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-02-04 12:11 - 2014-03-27 21:50 - 00000000 ____D () C:\Users\WoJa\AppData\Roaming\KeePass
2015-02-03 20:31 - 2013-08-22 16:38 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-02-03 20:31 - 2013-08-22 16:38 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-03 17:15 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-03 13:45 - 2013-08-22 14:25 - 02359296 ___SH () C:\WINDOWS\system32\config\BBI
2015-01-31 11:39 - 2014-03-21 11:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-30 18:32 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-01-29 17:58 - 2014-05-16 20:33 - 00000000 ___RD () C:\Users\WoJa\Desktop\Schulungen
2015-01-28 14:17 - 2014-03-24 06:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-01-28 08:51 - 2014-09-22 19:10 - 00000000 ____D () C:\Users\WoJa\AppData\Roaming\TeamViewer
2015-01-27 15:36 - 2013-08-22 15:44 - 00511368 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-01-25 16:58 - 2014-03-27 20:28 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-23 11:24 - 2014-12-16 19:44 - 00000000 ____D () C:\Users\WoJa\Desktop\Steuern
2015-01-19 13:08 - 2013-12-13 10:38 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-01-19 13:05 - 2013-04-11 08:30 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-01-16 11:38 - 2014-03-21 11:06 - 00000000 ____D () C:\ProgramData\Lx_cats
2015-01-16 06:45 - 2014-03-21 13:37 - 00000000 ____D () C:\Users\WoJa

==================== Files in the root of some directories =======

2014-06-13 19:51 - 2014-06-13 19:51 - 0000057 _____ () C:\ProgramData\Ament.ini
2014-03-21 11:09 - 2014-03-21 11:09 - 0000252 _____ () C:\ProgramData\FastPics.log
2014-03-21 14:19 - 2015-02-09 19:12 - 0697639 _____ () C:\ProgramData\lxeb.log
2014-04-19 19:01 - 2014-07-02 10:19 - 0000309 _____ () C:\ProgramData\lxebDiagnostics.log
2014-03-21 11:08 - 2014-06-12 11:20 - 0097172 _____ () C:\ProgramData\lxebJSW.log
2014-03-21 11:05 - 2015-02-09 19:12 - 0097642 _____ () C:\ProgramData\lxebscan.log
2015-01-25 17:38 - 2015-01-25 17:38 - 0000125 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2014-03-21 11:04 - 2014-03-21 11:04 - 0000000 _____ () C:\ProgramData\UpdaterLog.txt
2013-12-13 09:24 - 2013-12-13 09:25 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2013-12-13 09:22 - 2013-12-13 09:23 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2013-12-13 09:23 - 2013-12-13 09:24 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log

Some content of TEMP:
====================
C:\Users\K L S K\AppData\Local\Temp\avgnt.exe
C:\Users\WoJa\AppData\Local\Temp\avgnt.exe
C:\Users\WoJa\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpblsutq.dll
C:\Users\Wolfgang\AppData\Local\Temp\avgnt.exe
C:\Users\Wolfgang\AppData\Local\Temp\ose00000.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-31 12:35

==================== End Of Log ============================
--- --- ---


Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-02-2015
Ran by K L S K at 2015-02-09 19:16:51
Running from C:\Users\K L S K\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

8GadgetPack (HKLM-x32\...\{32A7C3B0-E5C3-4913-B1F2-49FE860FAA5E}) (Version: 11.0.0 - Helmut Buhler)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10)  MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AIMP3 (HKLM-x32\...\AIMP3) (Version: v3.55.1345, 26.03.2014 - AIMP DevTeam)
Any Video Converter 5.7.7 (HKLM-x32\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avanquest message (HKLM-x32\...\{20573C69-4A68-4BEF-A23D-365CB66924CD}) (Version: 1.03.0 - Avanquest Software)
Avanquest update (HKLM-x32\...\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}) (Version: 1.34 - Avanquest Software)
Avery Wizard 5.0 (HKLM-x32\...\{FC3B3A5D-7058-4627-9F1E-F95CC38B6054}) (Version: 5.0.5 - Avery)
Avira (HKLM-x32\...\{70a79d1f-686d-4d5c-962b-07aa1294eae0}) (Version: 1.1.12.20002 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.12.20002 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
CyberLink YouCam 5 (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.2219 - CyberLink Corp.)
dm-Fotowelt (HKLM-x32\...\dm-Fotowelt) (Version: 5.1.5 - CEWE Stiftung u Co. KGaA)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 15.3.20141106 - Landesfinanzdirektion Thüringen)
FixMyRegistry (HKLM-x32\...\FixMyRegistry) (Version: 38.1 - SmartTweak Software) <==== ATTENTION
Free FLV Converter V 7.6.1 (HKLM-x32\...\Free FLV Converter_is1) (Version: 7.6.1.0 - Koyote Lab Inc.)
Free YouTube Download version 3.2.49.1111 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.49.1111 - DVDVideoSoft Ltd.)
Freemake Video Downloader (HKLM-x32\...\Freemake Video Downloader_is1) (Version: 3.7.1 - Ellora Assets Corporation)
FreePDF (Remove only) (HKLM-x32\...\FreePDF_XP) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)
Google Drive (HKLM-x32\...\{65EACBB4-B0B8-4A5B-AE46-22DBE15C70B5}) (Version: 1.19.8406.6504 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.07) (Version: 9.07 - Artifex Software Inc.)
HAENNI EC 200 - 2.5.1 (HKLM-x32\...\"EC 200"_is1) (Version:  - HAENNI Instruments Inc.)
HP Officejet Pro 8600 - Grundlegende Software für das Gerät (HKLM\...\{D2D05FDB-4EDA-462D-8DB6-E0B9AD4FA25F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
InPixio Photo (HKLM-x32\...\{5F0C0CD8-77B1-4C3E-9F01-5AF10D85DBB4}) (Version: 6.03.0 - Avanquest Software)
InPixio Photo Focus (HKLM-x32\...\{D7DF4A1C-F5CD-49F6-927E-12E6A8EF4174}) (Version: 3.01.0 - Avanquest Software)
InPixio Photo Maximizer (HKLM-x32\...\{33DB8C17-40C9-4629-B6D4-05A4C7E8AA86}) (Version: 2.0.25799 - Avanquest Software)
InstaCards (HKLM-x32\...\{58259C24-7B5E-4977-93B0-E9EEA1B884CE}) (Version: 1.5.0 - Avanquest Software)
Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.36354 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation)
Intel(R) Rapid Start Technology (HKLM-x32\...\{3D073343-CEEB-4ce7-85AC-A69A7631B5D6}) (Version: 3.0.0.1008 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.7.0.1013 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
KeePass Password Safe 2.28 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.28 - Dominik Reichl)
LasiBe 4.40 (HKU\S-1-5-21-3381209366-1052480604-4067403755-1008\...\LasiBe 4.40) (Version:  - )
Lexmark Pro200-S500 Series (HKLM\...\Lexmark Pro200-S500 Series) (Version:  - Lexmark International, Inc.)
LVP v4.0 (HKLM-x32\...\LVP v4.0) (Version: 4.0 - )
Mein CEWE FOTOBUCH (HKLM-x32\...\Mein CEWE FOTOBUCH) (Version: 5.1.5 - CEWE Stiftung u Co. KGaA)
Microsoft Expression Web 4 (HKLM-x32\...\Web_4.0.1460.0) (Version: 4.0.1460.0 - Microsoft Corporation)
Microsoft Image Composer 1.5 (HKLM-x32\...\Image Composer) (Version:  - )
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version:  - Pavel Cvrcek)
Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 31.4.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.4.0 (x86 de)) (Version: 31.4.0 - Mozilla)
MyDriveConnect 3.3.0.1756 (HKLM-x32\...\MyDriveConnect) (Version: 3.3.0.1756 - TomTom)
PEAK OEM-Treiber (HKLM-x32\...\PEAK OEM-Treiber) (Version: 3.8.02.10146 - PEAK-System Technik GmbH)
PHotkey (HKLM-x32\...\{E50C224A-BBF2-428D-9DCF-DBF9DF85C40E}) (Version: 1.00.0069 - Pegatron Corporation)
Positive Finds (HKLM-x32\...\Positive Finds) (Version: 2.0.5517.40576 - Positive Finds)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.206 - Ihr Firmenname)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6873 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.2.8400.30143 - Realtek Semiconductor Corp.)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: 1.90 - Ghostgum Software Pty Ltd)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Snap.Do Engine (HKU\S-1-5-21-3381209366-1052480604-4067403755-1008\...\{d2b43f07-d4ff-44d1-bbfb-7a6616f3260d}) (Version: 11.77.1.17697 - ReSoft Ltd.) <==== ATTENTION
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.16.0 - Synaptics Incorporated)
TightVNC (HKLM\...\{D2372F87-7DA2-47F7-A102-AF2181B8EAA2}) (Version: 2.7.10.0 - GlavSoft LLC.)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.51a - Ghisler Software GmbH)
Ulead PhotoImpact 12 (HKLM-x32\...\{11AFE21E-B193-430D-B57A-DFF7815BB962}) (Version: 12.0 - Ulead System)
UnderCoverXP 1.23 (HKLM-x32\...\UnderCoverXP_is1) (Version:  - Wicked & Wild Inc.)
UseNeXT by Tangysoft (HKLM-x32\...\UseNeXT by Tangysoft_is1) (Version:  - Tangysoft Ltd.)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player 2.1.4 (HKLM\...\VLC media player) (Version: 2.1.4 - VideoLAN)
WEKA Ladungssicherung in der Praxis September 2013 (HKLM-x32\...\WEKA LADUNGSSICHERUNG IN DER PRAXIS SEPTEMBER 2013) (Version: September 2013 - WEKA)
Windows Driver Package - FTDI CDM Driver Package - Bus/D2XX Driver (01/18/2013 2.08.28) (HKLM\...\9E24492CE9279512BD465F61DB8523641BB7BBFC) (Version: 01/18/2013 2.08.28 - FTDI)
Windows Driver Package - FTDI CDM Driver Package - VCP Driver (01/18/2013 2.08.28) (HKLM\...\E61B77ECE57113AE1CA028BC7A8AD6C137BD13DD) (Version: 01/18/2013 2.08.28 - FTDI)
Windows Mobile-Gerätecenter (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR 5.11 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
WISO EÜR & Kasse 2014 (HKLM-x32\...\{50320153-AE64-4CBB-B5FC-73C5C22B545D}) (Version: 21.01.8499 - Buhl Data Service GmbH)
WISO EÜR & Kasse 2015 (HKLM-x32\...\{A6981B8B-FDEF-4BB4-917D-1CFFACEA241F}) (Version: 22.01.8841 - Buhl Data Service GmbH)
Wondershare PDFelement(Build 4.0.0) (HKLM-x32\...\{75BAE677-F65A-45A4-9931-363FE0CF5E58}_is1) (Version: 4.0.0.3 - Wondershare Software Co.,Ltd.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3381209366-1052480604-4067403755-1008_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\WoJa\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3381209366-1052480604-4067403755-1008_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\WoJa\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3381209366-1052480604-4067403755-1008_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\WoJa\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3381209366-1052480604-4067403755-1008_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\WoJa\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3381209366-1052480604-4067403755-1008_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\WoJa\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3381209366-1052480604-4067403755-1008_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\WoJa\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3381209366-1052480604-4067403755-1008_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\WoJa\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3381209366-1052480604-4067403755-1008_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\WoJa\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3381209366-1052480604-4067403755-1008_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\WoJa\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

25-01-2015 16:37:04 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
06-02-2015 19:15:55 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {25E4C798-8ED2-4AC2-BF5F-C3ABBC36E959} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-01-20] (Piriform Ltd)
Task: {39D5118D-6143-4D60-96AB-D145C5D6139D} - System32\Tasks\Intel® Rapid Start Technology Manager => C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe [2013-04-24] (Intel)
Task: {43C3E3D9-92ED-4486-87AE-F6C41D86BDF7} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-04-16] (Intel Corporation)
Task: {49B4EFB6-69F8-4C66-BDD2-4BD5E3F9E17C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-24] (Google Inc.)
Task: {57420711-F41A-44C7-AC02-834F46003FCB} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {83EF02B9-22D8-4AFA-BAEC-B3BDD726B01A} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-01-19] (Microsoft Corporation)
Task: {93DA1BCF-B87D-466A-8D8E-3F78CC7EB3E2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-24] (Google Inc.)
Task: {AB7CEB29-C0D5-437D-948B-DD9DB8942ECC} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {FA7A8119-A10A-4E8B-AC6F-1C80BCB65D41} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-04-16] (Intel Corporation)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\WINDOWS\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Loaded Modules (whitelisted) ==============

2013-05-13 14:15 - 2009-12-18 14:40 - 00104968 _____ () C:\Program Files (x86)\PHotkey\ASLDRSrv.exe
2013-05-13 14:15 - 2011-10-13 13:38 - 00156672 _____ () C:\Program Files (x86)\PHotkey\GFNEXSrv.exe
2014-03-21 20:28 - 2012-06-21 07:25 - 00113152 _____ () C:\WINDOWS\System32\redmon64.dll
2014-03-21 11:05 - 2009-11-04 08:17 - 00189440 _____ () C:\WINDOWS\system32\spool\PRTPROCS\x64\lxebdrpp.dll
2015-02-09 08:08 - 2015-02-09 08:32 - 00384760 _____ () C:\Program Files (x86)\Common Files\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\updater.exe
2015-02-09 08:08 - 2015-02-09 08:33 - 00577272 _____ () C:\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\plugincontainer.exe
2015-02-09 07:33 - 2015-02-09 07:33 - 00518904 _____ () C:\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\plugins\5\plugin.exe
2013-05-13 14:15 - 2012-08-15 12:49 - 02603520 _____ () C:\Program Files (x86)\PHotkey\PHotkey.exe
2013-05-13 14:15 - 2010-01-12 16:36 - 00117256 _____ () C:\Program Files (x86)\PHotkey\MsgTranAgt.exe
2013-05-13 14:15 - 2010-01-12 16:36 - 00121864 _____ () C:\Program Files (x86)\PHotkey\MsgTranAgt64.exe
2013-05-13 14:15 - 2010-12-17 13:04 - 00449032 _____ () C:\Program Files (x86)\PHotkey\ATouch64.exe
2013-05-13 14:15 - 2012-01-12 16:58 - 00552960 _____ () C:\Program Files (x86)\PHotkey\PVDesktop.exe
2013-05-13 14:15 - 2012-01-12 16:58 - 00477696 _____ () C:\Program Files (x86)\PHotkey\PVDAgent.exe
2013-05-13 14:15 - 2012-03-27 19:48 - 03471872 _____ () C:\Program Files (x86)\PHotkey\POSD.exe
2012-04-16 13:45 - 2012-04-16 13:45 - 00119808 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\updateui.exe
2013-05-13 14:15 - 2012-08-08 17:10 - 07536128 _____ () C:\Program Files (x86)\PHotkey\GPMTray.exe
2014-01-25 02:22 - 2014-01-25 02:22 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-08-10 17:28 - 2012-08-10 17:28 - 00384128 _____ () C:\Program Files (x86)\Bluetooth Suite\ContactsApi.dll
2012-08-10 17:23 - 2012-08-10 17:23 - 00020992 _____ () C:\Program Files (x86)\Bluetooth Suite\L10n\de-DE\BtTray.de-DE.dll
2014-03-21 11:04 - 2013-01-23 13:29 - 00772712 _____ () C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe
2014-03-21 11:04 - 2013-01-23 13:29 - 00150264 _____ () C:\Program Files (x86)\Lexmark Pro200-S500 Series\ezprint.exe
2015-01-21 03:06 - 2015-01-21 03:06 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2014-05-05 09:37 - 2014-05-05 09:37 - 00138320 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll
2014-05-05 09:37 - 2014-05-05 09:37 - 00065616 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.AvConnectorNative.dll
2014-10-18 09:57 - 2014-10-18 09:57 - 00016384 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PSIClient\2133a50009fa3b357bfbd29a218be0f6\PSIClient.ni.dll
2013-05-13 13:44 - 2012-07-18 19:55 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2013-05-13 14:15 - 2009-12-18 14:36 - 00973432 _____ () C:\Program Files (x86)\PHotkey\acAuth.dll
2013-05-13 14:15 - 2009-12-18 14:41 - 00129544 _____ () C:\Program Files (x86)\PHotkey\GFNEX.dll
2011-08-15 19:12 - 2011-08-15 19:12 - 02603520 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtCore4.dll
2011-08-17 15:48 - 2011-08-17 15:48 - 00322048 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\log4cplus.dll
2011-08-15 19:15 - 2011-08-15 19:15 - 00382464 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtXml4.dll
2011-08-17 15:48 - 2011-08-17 15:48 - 00195584 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\libgsoap.dll
2012-04-16 10:37 - 2012-04-16 10:37 - 00071680 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ServiceManagerStarter.dll
2011-08-15 18:23 - 2011-08-15 18:23 - 00062464 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\zlib1.dll
2011-08-15 19:12 - 2011-08-15 19:12 - 01006592 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtNetwork4.dll
2012-04-16 10:42 - 2012-04-16 10:42 - 00015872 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\featureController.dll
2011-08-17 15:41 - 2011-08-17 15:41 - 00400384 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\sqlite3.dll
2012-04-16 10:41 - 2012-04-16 10:41 - 00484864 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\DeviceProfile.dll
2012-04-16 10:56 - 2012-04-16 10:56 - 00500032 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\plugin\PServerPlugin.dll
2012-04-16 10:38 - 2012-04-16 10:38 - 00013824 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\eventsSender.dll
2011-07-19 15:05 - 2011-07-19 15:05 - 14978048 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtWebKit4.dll
2011-08-15 19:17 - 2011-08-15 19:17 - 09224704 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtGui4.dll
2011-07-19 15:04 - 2011-07-19 15:04 - 00317952 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\phonon4.dll
2015-02-06 09:17 - 2015-02-04 10:02 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libglesv2.dll
2015-02-06 09:17 - 2015-02-04 10:02 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libegl.dll
2014-03-21 11:04 - 2010-04-01 12:23 - 00389120 _____ () C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebscw.dll
2014-03-21 11:04 - 2009-05-27 07:16 - 00192512 _____ () C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebdatr.dll
2014-03-21 11:04 - 2010-04-01 12:24 - 01159168 _____ () C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebDRS.dll
2014-03-21 11:04 - 2009-03-10 00:43 - 00155648 _____ () C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebcaps.dll
2014-03-21 11:05 - 2009-02-20 03:48 - 00381440 _____ () C:\WINDOWS\SYSTEM32\lxebsm.dll
2014-03-21 11:05 - 2009-04-28 02:56 - 00024064 _____ () C:\WINDOWS\system32\lxebsmr.dll
2014-03-21 11:04 - 2010-04-05 05:56 - 00716954 _____ () C:\Program Files (x86)\Lexmark Pro200-S500 Series\Epwizard.DLL
2014-03-21 11:04 - 2010-04-05 05:55 - 00159890 _____ () C:\Program Files (x86)\Lexmark Pro200-S500 Series\customui.dll
2014-03-21 11:04 - 2010-04-05 05:54 - 00123033 _____ () C:\Program Files (x86)\Lexmark Pro200-S500 Series\Eputil.DLL
2014-03-21 11:04 - 2010-04-05 05:55 - 00061604 _____ () C:\Program Files (x86)\Lexmark Pro200-S500 Series\Epfunct.DLL
2014-03-21 11:04 - 2010-04-05 05:54 - 00143502 _____ () C:\Program Files (x86)\Lexmark Pro200-S500 Series\Imagutil.DLL
2014-03-21 11:04 - 2010-04-05 05:56 - 02203803 _____ () C:\Program Files (x86)\Lexmark Pro200-S500 Series\EPWizRes.dll
2014-03-21 11:04 - 2010-04-05 05:56 - 00045221 _____ () C:\Program Files (x86)\Lexmark Pro200-S500 Series\epstring.dll
2014-03-21 11:04 - 2010-04-05 05:56 - 00094359 _____ () C:\Program Files (x86)\Lexmark Pro200-S500 Series\EPOEMDll.dll
2014-03-21 11:04 - 2009-04-07 14:25 - 00409600 _____ () C:\Program Files (x86)\Lexmark Pro200-S500 Series\iptk.dll
2014-03-21 11:04 - 2009-03-02 09:25 - 00151552 _____ () C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebptp.dll
2014-08-22 09:38 - 2014-08-22 09:38 - 00026488 _____ () C:\Program Files (x86)\MyDrive Connect\DeviceDetection.dll
2014-08-22 09:38 - 2014-08-22 09:38 - 00087416 _____ () C:\Program Files (x86)\MyDrive Connect\TomTomSupporterBase.dll
2014-08-22 09:38 - 2014-08-22 09:38 - 00398712 _____ () C:\Program Files (x86)\MyDrive Connect\TomTomSupporterProxy.dll
2013-12-13 09:23 - 2012-06-08 04:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 11:34 - 2012-06-08 11:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2014-03-21 18:36 - 2005-01-04 17:05 - 00028672 ____N () C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\DetMethod.dll
2014-05-08 15:59 - 2014-05-05 09:37 - 00049744 _____ () C:\Users\KLSK~1\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2014-05-13 19:11 - 2014-06-04 10:21 - 00571904 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2014-05-13 19:11 - 2014-05-19 17:19 - 00137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2015-02-06 09:17 - 2015-02-04 10:02 - 09170760 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\pdf.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\WoJa\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Wolfgang\SkyDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Registry Areas =====================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3381209366-1052480604-4067403755-1008\Control Panel\Desktop\\Wallpaper ->

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3381209366-1052480604-4067403755-1008\...\StartupApproved\Run: => "Avanquest message"

==================== Accounts: =============================

Administrator (S-1-5-21-3381209366-1052480604-4067403755-500 - Administrator - Disabled)
Gast (S-1-5-21-3381209366-1052480604-4067403755-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3381209366-1052480604-4067403755-1007 - Limited - Enabled)
K L S K (S-1-5-21-3381209366-1052480604-4067403755-1008 - Administrator - Enabled) => C:\Users\K L S K
WoJa (S-1-5-21-3381209366-1052480604-4067403755-1005 - Limited - Enabled) => C:\Users\WoJa
Wolfgang (S-1-5-21-3381209366-1052480604-4067403755-1001 - Administrator - Enabled) => C:\Users\Wolfgang

==================== Faulty Device Manager Devices =============

Name: Bluetooth Audio Device
Description: Bluetooth Audio Device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Qualcomm Atheros Communications
Service: BTATH_A2DP
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Virtual Bluetooth Support (Include Audio)
Description: Virtual Bluetooth Support (Include Audio)
Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Manufacturer: Qualcomm Atheros Communications
Service: AthBTPort
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Bluetooth LWFLT Device
Description: Bluetooth LWFLT Device
Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Manufacturer: Qualcomm Atheros Communications
Service: BTATH_LWFLT
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


==================== Event log errors: =========================

Application errors:
==================
Error: (02/09/2015 11:28:00 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Explorer.EXE, Version 6.3.9600.17284 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: dc4

Startzeit: 01d04433f8dc6920

Endzeit: 0

Anwendungspfad: C:\WINDOWS\Explorer.EXE

Berichts-ID: 43c568f5-b046-11e4-bf0f-dc85de86b96e

Vollständiger Name des fehlerhaften Pakets:

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (02/06/2015 09:10:22 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm explorer.exe, Version 6.3.9600.17284 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 934

Startzeit: 01d041e3a8d6651a

Endzeit: 31

Anwendungspfad: C:\WINDOWS\explorer.exe

Berichts-ID: 94e86d51-add7-11e4-bf0f-dc85de86b96e

Vollständiger Name des fehlerhaften Pakets:

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (02/03/2015 00:18:56 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Das Volume "\\?\Volume{a439f205-8c97-4aa9-8782-5361c10f7ecc}\" wurde aufgrund eines Fehlers nicht optimiert: Falscher Parameter. (0x80070057)

Error: (01/31/2015 00:35:33 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Das Volume "\\?\Volume{a439f205-8c97-4aa9-8782-5361c10f7ecc}\" wurde aufgrund eines Fehlers nicht optimiert: Falscher Parameter. (0x80070057)

Error: (01/31/2015 11:34:36 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: WoJa-Win-8_PC)
Description: Das lokale Benutzerprofil wurde nicht gefunden. Sie werden mit einem temporären Benutzerprofil angemeldet. Änderungen, die Sie am Benutzerprofil vornehmen, gehen bei der Abmeldung verloren.

Error: (01/31/2015 11:34:36 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1515) (User: WoJa-Win-8_PC)
Description: Dieses Benutzerprofil wurde gesichert. Bei der nächsten Anmeldung dieses Benutzers wird automatisch versucht, dieses gesicherte Profil zu verwenden.

Error: (01/31/2015 11:34:36 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1502) (User: WoJa-Win-8_PC)
Description: Das lokal gespeicherte Profil kann nicht geladen werden. Mögliche Fehlerursachen sind nicht ausreichende Sicherheitsrechte oder ein beschädigtes lokales Profil.

 Details - Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.

Error: (01/31/2015 11:34:36 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT-AUTORITÄT)
Description: Die Registrierung konnte nicht geladen werden. Dieses Problem wird oft durch zuwenig Arbeitsspeicher oder nicht ausreichende Sicherheitsberechtigungen verursacht.

 Details - Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
 for C:\Users\K L S K\ntuser.dat

Error: (01/30/2015 08:22:18 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: WoJa-Win-8_PC)
Description: Das lokale Benutzerprofil wurde nicht gefunden. Sie werden mit einem temporären Benutzerprofil angemeldet. Änderungen, die Sie am Benutzerprofil vornehmen, gehen bei der Abmeldung verloren.

Error: (01/30/2015 08:22:18 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1515) (User: WoJa-Win-8_PC)
Description: Dieses Benutzerprofil wurde gesichert. Bei der nächsten Anmeldung dieses Benutzers wird automatisch versucht, dieses gesicherte Profil zu verwenden.


System errors:
=============
Error: (02/09/2015 07:12:02 PM) (Source: DCOM) (EventID: 10010) (User: WoJa-Win-8_PC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (02/09/2015 07:12:02 PM) (Source: DCOM) (EventID: 10010) (User: WoJa-Win-8_PC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (02/09/2015 07:12:00 PM) (Source: DCOM) (EventID: 10010) (User: WoJa-Win-8_PC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (02/09/2015 07:12:00 PM) (Source: DCOM) (EventID: 10010) (User: WoJa-Win-8_PC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (02/09/2015 07:02:40 PM) (Source: disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR25 gefunden.

Error: (02/09/2015 11:36:58 AM) (Source: Microsoft-Windows-BitLocker-Driver) (EventID: 24620) (User: NT-AUTORITÄT)
Description: Überprüfung des verschlüsselten Volumes: Die Volumeinformationen auf "G:" können nicht gelesen werden.

Error: (02/09/2015 11:25:26 AM) (Source: disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR14 gefunden.

Error: (02/08/2015 05:22:00 PM) (Source: DCOM) (EventID: 10010) (User: WoJa-Win-8_PC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (02/08/2015 05:22:00 PM) (Source: DCOM) (EventID: 10010) (User: WoJa-Win-8_PC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (02/08/2015 08:05:09 AM) (Source: DCOM) (EventID: 10010) (User: WoJa-Win-8_PC)
Description: {ED1D0FDF-4414-470A-A56D-CFB68623FC58}


Microsoft Office Sessions:
=========================
Error: (02/09/2015 11:28:00 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Explorer.EXE6.3.9600.17284dc401d04433f8dc69200C:\WINDOWS\Explorer.EXE43c568f5-b046-11e4-bf0f-dc85de86b96e

Error: (02/06/2015 09:10:22 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: explorer.exe6.3.9600.1728493401d041e3a8d6651a31C:\WINDOWS\explorer.exe94e86d51-add7-11e4-bf0f-dc85de86b96e

Error: (02/03/2015 00:18:56 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: \\?\Volume{a439f205-8c97-4aa9-8782-5361c10f7ecc}\Falscher Parameter. (0x80070057)

Error: (01/31/2015 00:35:33 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: \\?\Volume{a439f205-8c97-4aa9-8782-5361c10f7ecc}\Falscher Parameter. (0x80070057)

Error: (01/31/2015 11:34:36 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: WoJa-Win-8_PC)
Description:

Error: (01/31/2015 11:34:36 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1515) (User: WoJa-Win-8_PC)
Description:

Error: (01/31/2015 11:34:36 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1502) (User: WoJa-Win-8_PC)
Description: Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.

Error: (01/31/2015 11:34:36 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT-AUTORITÄT)
Description: Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
C:\Users\K L S K\ntuser.dat

Error: (01/30/2015 08:22:18 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: WoJa-Win-8_PC)
Description:

Error: (01/30/2015 08:22:18 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1515) (User: WoJa-Win-8_PC)
Description:


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-3517U CPU @ 1.90GHz
Percentage of memory in use: 27%
Total physical RAM: 8075 MB
Available physical RAM: 5882.98 MB
Total Pagefile: 9355 MB
Available Pagefile: 6846.57 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:229.8 GB) (Free:107.15 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: 5AA31459)

Partition: GPT Partition Type.

==================== End Of Log ============================

Aneri 09.02.2015 19:25
Hi,

Zitat:
Ran by K L S K (administrator) on WOJA-WIN-8_PC on 09-02-2015 19:16:29
Running from C:\Users\K L S K\Downloads
wieder nicht vom DEsktop, aber nun gut ...

Schritt 1:
Lade Dir bitte von hier Revo Uninstaller Download Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
  • Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
  • Klicke auf Optionen und wähle als Sprache Deutsch.
  • Suche im Uninstallerfeld nach den Programmen:
    FixMyRegistry
    Snap.Do Engine

  • Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

 



Schritt 2:
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Schritt 3:

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.



Schritt 4:

erstelle ein neues FRST Logfile und poste es hier

Corsipo 09.02.2015 20:26
Scans die Nächste
 
Hallo Aneri,

ich hoffe, dass ich jetzt alles richtig gemacht habe. Alle Einträge kommen jetzt vom Desktop:

1) adw

Code:
# AdwCleaner v4.110 - Bericht erstellt 09/02/2015 um 19:46:25
# Aktualisiert 05/02/2015 von Xplode
# Datenbank : 2015-02-08.1 [Server]
# Betriebssystem : Windows 8.1 Pro  (x64)
# Benutzername : K L S K - WOJA-WIN-8_PC
# Gestarted von : C:\Users\K L S K\Desktop\AdwCleaner_4.110.exe
# Option : Löschen

***** [ Dienste ] *****

[#] Dienst Gelöscht : BackupStack
Dienst Gelöscht : Service Mgr PositiveFinds
Dienst Gelöscht : Update Mgr PositiveFinds

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602
Ordner Gelöscht : C:\Program Files (x86)\MyPC Backup
Ordner Gelöscht : C:\Program Files (x86)\SmartTweak
Ordner Gelöscht : C:\Program Files (x86)\Positive Finds
Ordner Gelöscht : C:\Program Files (x86)\Common Files\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602
Ordner Gelöscht : C:\Users\K L S K\AppData\LocalLow\Smartbar
Ordner Gelöscht : C:\Users\K L S K\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Users\K L S K\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\K L S K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
Ordner Gelöscht : C:\Users\K L S K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SmartTweak Software
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Users\K L S K\Favorites\Startfenster.lnk
Datei Gelöscht : C:\Users\K L S K\Favorites\Links\Startfenster.lnk
Datei Gelöscht : C:\WINDOWS\System32\roboot64.exe
Datei Gelöscht : C:\Users\K L S K\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Startfenster.lnk
Datei Gelöscht : C:\Users\K L S K\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Startfenster.lnk
Datei Gelöscht : C:\Users\K L S K\AppData\Roaming\Microsoft\Windows\Start Menu\Startfenster.lnk
Datei Gelöscht : C:\Users\K L S K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
Datei Gelöscht : C:\Users\K L S K\Desktop\MyPC Backup.lnk
Datei Gelöscht : C:\Users\K L S K\Desktop\Startfenster.lnk
Datei Gelöscht : C:\Users\K L S K\Desktop\Sync Folder.lnk
Datei Gelöscht : C:\Users\K L S K\AppData\Roaming\Mozilla\Firefox\Profiles\xciieqrs.default\user.js

***** [ Geplante Tasks ] *****

Task Gelöscht : LaunchSignup

***** [ Verknüpfungen ] *****

Verknüpfung Desinfiziert : C:\Users\K L S K\Desktop\Search.lnk
Verknüpfung Desinfiziert : C:\Users\K L S K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk

***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.bandobjectattribute
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.dockingpanel
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbarbandobject
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.smartbardisplaystate
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.smartbarmenuform
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{30C85A3D-1D96-4589-B63F-91FB7EF45A41}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{50F60937-910A-4C05-8E36-FE4E299191CF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{63C63464-1423-4FDB-BA5D-6F75F491C63E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30C85A3D-1D96-4589-B63F-91FB7EF45A41}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{50F60937-910A-4C05-8E36-FE4E299191CF}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EBCCD0A8-AB24-4C44-930F-1E4AC4FEE46E}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Optimizer Pro
Schlüssel Gelöscht : HKCU\Software\smarttweak
Schlüssel Gelöscht : HKLM\SOFTWARE\systweak
Schlüssel Gelöscht : HKLM\SOFTWARE\PositiveFinds
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Positive Finds
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Mozilla Firefox v35.0.1 (x86 de)

[xciieqrs.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.selectedEngine", "Web Search");
[xciieqrs.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.helperbar.DockingPositionDown", false);
[xciieqrs.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.helperbar.SmartbarDisabled", false);
[xciieqrs.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
[xciieqrs.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.helperbar.Visibility", false);
[xciieqrs.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.helperbar.keepAliveLastevent", "1402820686");
[xciieqrs.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.helperbar.lastExternalJsUpdate", "1402812545118");
[rzup2k9o.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.toolbar.mindspark.lastInstalled", "videodownloadconverter@mindspark.com");
[rzup2k9o.default\prefs.js] - Zeile Gelöscht : user_pref("om.sssData", "{\"relatedKeywords\":{},\"OD-37_context\":{\"keywordGroups\":[],\"currentGroup\":-1,\"currentKeyword\":0,\"keywordsLeft\":0,\"impressionsLeft\":0},\"OD-43_context\":{\"keyword[...]
[c4vbr7up.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.defaultenginename", "Conduit Search");
[c4vbr7up.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.selectedEngine", "Web Search");
[c4vbr7up.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.selectedEngine", "Web Search");

-\\ Google Chrome v40.0.2214.111

[C:\Users\WoJa\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.delta-search.com/?q={searchTerms}&affID=120519&tt=220413_www&babsrc=SP_ss&mntrId=CED5701A04D77573
[C:\Users\WoJa\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://startsear.ch/?aff=1&src=sp&cf=be0d7cad-2044-11e1-909d-0026b9209f54&q={searchTerms}

*************************

AdwCleaner[R0].txt - [8611 Bytes] - [09/02/2015 19:44:59]
AdwCleaner[S0].txt - [8478 Bytes] - [09/02/2015 19:46:25]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8537  Bytes] ##########
2) JRT

Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 8.1 Pro x64
Ran by K L S K on 09.02.2015 at 19:52:01,94
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 09.02.2015 at 19:53:54,12
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
3) FRST


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-02-2015
Ran by K L S K (administrator) on WOJA-WIN-8_PC on 09-02-2015 19:54:26
Running from C:\Users\K L S K\Desktop
Loaded Profiles: K L S K (Available profiles: Wolfgang & WoJa & K L S K)
Platform: Windows 8.1 Pro (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() C:\Program Files (x86)\PHotkey\AsLdrSrv.exe
() C:\Program Files (x86)\PHotkey\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Ellora Assets Corp.) C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(GlavSoft LLC.) C:\Program Files\TightVNC\tvnserver.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exe
(Intel) C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe
() C:\Program Files (x86)\PHotkey\PHotkey.exe
() C:\Program Files (x86)\PHotkey\MsgTranAgt.exe
() C:\Program Files (x86)\PHotkey\MsgTranAgt64.exe
() C:\Program Files (x86)\PHotkey\Atouch64.exe
() C:\Program Files (x86)\PHotkey\PVDesktop.exe
() C:\Program Files (x86)\PHotkey\PVDAgent.exe
(Pegatron Corporation) C:\Program Files (x86)\PHotkey\MyWiMax.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files (x86)\PHotkey\POsd.exe
() C:\Program Files (x86)\PHotkey\GPMTray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe
() C:\Program Files (x86)\Lexmark Pro200-S500 Series\ezprint.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(GlavSoft LLC.) C:\Program Files\TightVNC\tvnserver.exe
(TODO: <Company name>) C:\Program Files (x86)\PHotkey\HCSynApi.exe
(TomTom) C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe
( ) C:\Windows\SysWOW64\lxebcoms.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\Monitor.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13513288 2013-03-29] (Realtek Semiconductor)
HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [764032 2012-08-10] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-08-10] (Atheros Communications)
HKLM\...\Run: [lxebmon.exe] => C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe [772712 2013-01-23] ()
HKLM\...\Run: [EzPrint] => C:\Program Files (x86)\Lexmark Pro200-S500 Series\ezprint.exe [150264 2013-01-23] ()
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2930488 2012-09-21] (Synaptics Incorporated)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [tvncontrol] => C:\Program Files\TightVNC\tvnserver.exe [2179056 2013-07-19] (GlavSoft LLC.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-11-19] (Intel Corporation)
HKLM-x32\...\Run: [ATLauncher] => C:\Program Files\McAfee\MSC\OOBE\ATLauncher.exe [488120 2012-08-08] (McAfee, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491632 2012-09-26] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [258576 2012-10-22] (CyberLink Corp.)
HKLM-x32\...\Run: [Ulead AutoDetector v2] => C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\monitor.exe [90112 2006-11-29] (Ulead Systems, Inc.)
HKLM-x32\...\Run: [FreePDF Assistant] => C:\Program Files (x86)\FreePDF_XP\fpassist.exe [373760 2014-03-18] (shbox.de)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-16] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SHIWebOnDiskManager] => C:\Program Files (x86)\SHIWebOnDiskManager\SHIWebOnDiskManager.exe [245760 2013-09-03] (SHI Elektronische Medien GmbH)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [182352 2014-05-05] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2024800 2014-06-04] (Wondershare)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => "E:\KeePass Password Safe 2\KeePass.exe" --preload
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3381209366-1052480604-4067403755-1008\...\Run: [MyDriveConnect.exe] => C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe [1792376 2014-08-22] (TomTom)
HKU\S-1-5-21-3381209366-1052480604-4067403755-1008\...\Run: [Avanquest message] => C:\Program Files (x86)\Avanquest\Avanquest message\AQNotif.exe [361272 2015-01-23] (Avanquest Software)
HKU\S-1-5-21-3381209366-1052480604-4067403755-1008\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)
Startup: C:\Users\WoJa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\K L S K\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
Startup: C:\Users\WoJa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sidebar517.lnk
ShortcutTarget: Sidebar517.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
Startup: C:\Users\WoJa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet Pro 8600 (Netzwerk).lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Officejet Pro 8600 (Netzwerk).lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:53928;https=127.0.0.1:53928
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3381209366-1052480604-4067403755-1008\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://localoem.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\K L S K\AppData\Roaming\Mozilla\Firefox\Profiles\xciieqrs.default
FF SearchEngineOrder.1: SuchMaschine
FF Homepage: www.google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\K L S K\AppData\Roaming\Mozilla\Firefox\Profiles\xciieqrs.default\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\K L S K\AppData\Roaming\Mozilla\Firefox\Profiles\xciieqrs.default\searchplugins\google-maps.xml
FF Extension: Download videos and MP3s from YouTube - C:\Users\K L S K\AppData\Roaming\Mozilla\Firefox\Profiles\xciieqrs.default\Extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900} [2014-11-24]
FF Extension: Snap.Do  - C:\Users\K L S K\AppData\Roaming\Mozilla\Firefox\Profiles\xciieqrs.default\Extensions\{d58e9cf5-f32e-9415-c1f8-6970b588f790} [2014-06-15]
FF Extension: Cliqz Beta - C:\Users\K L S K\AppData\Roaming\Mozilla\Firefox\Profiles\xciieqrs.default\Extensions\cliqz@cliqz.com.xpi [2014-11-15]
FF Extension: Positive Finds - C:\Users\K L S K\AppData\Roaming\Mozilla\Firefox\Profiles\xciieqrs.default\Extensions\{7084813e-70d5-4251-9d2b-03bda4f44792}.xpi [2015-02-09]
FF HKU\S-1-5-21-3381209366-1052480604-4067403755-1008\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\K L S K\AppData\Roaming\Mozilla\Firefox\Profiles\xciieqrs.default\extensions\cliqz@cliqz.com
FF HKU\S-1-5-21-3381209366-1052480604-4067403755-1008\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-11-24]

Chrome:
=======
CHR Profile: C:\Users\K L S K\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\K L S K\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-09-22]
CHR Extension: (Google Docs) - C:\Users\K L S K\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-22]
CHR Extension: (Google Drive) - C:\Users\K L S K\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-22]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\K L S K\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-07]
CHR Extension: (YouTube) - C:\Users\K L S K\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-22]
CHR Extension: (Google-Suche) - C:\Users\K L S K\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-22]
CHR Extension: (Google Tabellen) - C:\Users\K L S K\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-09-22]
CHR Extension: (Google Wallet) - C:\Users\K L S K\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-22]
CHR Extension: (Google Mail) - C:\Users\K L S K\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-22]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 ASLDRService; C:\Program Files (x86)\PHotkey\ASLDRSrv.exe [104968 2009-12-18] ()
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [211584 2012-08-10] (Qualcomm Atheros Commnucations)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [124496 2014-05-05] (Avira Operations GmbH & Co. KG)
R2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2014-11-18] (Ellora Assets Corp.) [File not signed]
R2 GFNEXSrv; C:\Program Files (x86)\PHotkey\GFNEXSrv.exe [156672 2011-10-13] () [File not signed]
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2464400 2013-05-08] (Realsil Microelectronics Inc.)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-09-18] (Intel Corporation)
R2 irstrtsv; C:\windows\SysWOW64\irstrtsv.exe [668984 2013-04-24] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-09-18] (Intel Corporation)
S2 lxebCATSCustConnectService; C:\windows\system32\spool\DRIVERS\x64\3\\lxebserv.exe [45736 2010-04-14] (Lexmark International, Inc.)
S3 McAWFwk; C:\Program Files\McAfee\MSC\McAWFwk.exe [332080 2012-01-26] (McAfee, Inc.)
S2 McOobeSv2; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [219832 2012-06-17] (McAfee, Inc.)
R2 tvnserver; C:\Program Files\TightVNC\tvnserver.exe [2179056 2013-07-19] (GlavSoft LLC.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-08-10] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131608 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-08-10] (Qualcomm Atheros)
R3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [131584 2013-08-22] (Microsoft Corporation)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2013-04-24] (Intel Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)
S3 Pcan_usb; C:\Windows\System32\drivers\PCAN_USB.SYS [100864 2012-01-24] (PEAK-System Technik GmbH, Darmstadt, Germany)
R2 PEGAGFN; C:\Program Files (x86)\PHotkey\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-09-21] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [44344 2012-09-21] (Synaptics Incorporated)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-09 19:53 - 2015-02-09 19:53 - 00000620 _____ () C:\Users\K L S K\Desktop\JRT.txt
2015-02-09 19:50 - 2015-02-09 19:50 - 01388274 _____ (Thisisu) C:\Users\K L S K\Desktop\JRT.exe
2015-02-09 19:47 - 2015-02-09 19:47 - 00008673 _____ () C:\Users\K L S K\Desktop\AdwCleaner[S0].txt
2015-02-09 19:46 - 2015-02-09 19:46 - 00001142 _____ () C:\WINDOWS\PFRO.log
2015-02-09 19:44 - 2015-02-09 19:46 - 00000000 ____D () C:\AdwCleaner
2015-02-09 19:44 - 2015-02-09 19:44 - 02112512 _____ () C:\Users\K L S K\Desktop\AdwCleaner_4.110.exe
2015-02-09 19:35 - 2015-02-09 19:35 - 00001291 _____ () C:\Users\K L S K\Desktop\Revo Uninstaller.lnk
2015-02-09 19:35 - 2015-02-09 19:35 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-02-09 19:34 - 2015-02-09 19:34 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\K L S K\Downloads\revosetup95.exe
2015-02-09 19:18 - 2015-02-09 19:54 - 00022338 _____ () C:\Users\K L S K\Desktop\FRST.txt
2015-02-09 19:16 - 2015-02-09 19:17 - 00043824 _____ () C:\Users\K L S K\Downloads\FRST.txt
2015-02-09 19:16 - 2015-02-09 19:17 - 00036731 _____ () C:\Users\K L S K\Downloads\Addition.txt
2015-02-09 19:15 - 2015-02-09 19:15 - 02132992 _____ (Farbar) C:\Users\K L S K\Desktop\FRST64.exe
2015-02-09 18:38 - 2015-02-09 19:54 - 00000000 ____D () C:\FRST
2015-02-09 18:38 - 2015-02-09 18:39 - 00045314 _____ () C:\Users\WoJa\Downloads\FRST.txt
2015-02-09 18:38 - 2015-02-09 18:38 - 00024874 _____ () C:\Users\WoJa\Downloads\Addition.txt
2015-02-09 18:36 - 2015-02-09 18:37 - 02132992 _____ (Farbar) C:\Users\WoJa\Downloads\FRST64.exe
2015-02-09 12:24 - 2015-02-09 12:53 - 00000000 ____D () C:\Users\WoJa\Desktop\Video
2015-02-09 12:22 - 2015-02-09 12:22 - 00000000 ____D () C:\Users\WoJa\Documents\Any Video Converter
2015-02-09 12:22 - 2015-02-09 12:22 - 00000000 ____D () C:\Users\WoJa\AppData\Roaming\Anvsoft
2015-02-09 12:20 - 2015-02-09 12:21 - 33703656 _____ (Any-Video-Converter.com ) C:\Users\WoJa\Downloads\avc-577free.exe
2015-02-09 12:14 - 2015-02-09 12:15 - 00000000 ____D () C:\Users\WoJa\Desktop\Polizeihubschrauber_mit_Norbert_2014
2015-02-08 12:12 - 2015-02-08 12:12 - 00055311 _____ () C:\Users\WoJa\Desktop\default.html
2015-02-08 08:48 - 2015-02-08 08:48 - 00000000 ____D () C:\Users\WoJa\AppData\Local\IsolatedStorage
2015-02-08 08:31 - 2015-02-08 09:52 - 00000000 ____D () C:\Users\WoJa\Desktop\Bearbeitung
2015-02-07 15:29 - 2015-02-09 19:46 - 00004706 _____ () C:\WINDOWS\setupact.log
2015-02-07 15:29 - 2015-02-07 15:29 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-02-07 13:09 - 2015-02-07 13:09 - 00001880 _____ () C:\Users\K L S K\Desktop\UseNeXT by Tangysoft.lnk
2015-02-07 13:09 - 2015-02-07 13:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UseNeXT
2015-02-07 13:09 - 2015-02-07 13:09 - 00000000 ____D () C:\Program Files (x86)\UseNeXT
2015-02-07 13:04 - 2015-02-07 13:04 - 00002776 _____ () C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2015-02-07 13:04 - 2015-02-07 13:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-02-07 13:04 - 2015-02-07 13:04 - 00000000 ____D () C:\Program Files\CCleaner
2015-02-07 13:03 - 2015-02-07 13:03 - 04196968 _____ (Piriform Ltd) C:\Users\K L S K\Downloads\ccsetup502_slim.exe
2015-02-07 12:55 - 2015-02-07 12:55 - 05270008 _____ (Tangysoft Ltd. ) C:\Users\WoJa\Downloads\UseNeXTSetup_5.64(1).exe
2015-02-07 12:35 - 2015-02-07 12:35 - 00000000 __SHD () C:\Users\WoJa\AppData\Local\EmieBrowserModeList
2015-02-06 19:52 - 2015-02-06 19:52 - 00000000 ____D () C:\Program Files (x86)\Avanquest update
2015-02-03 17:48 - 2015-02-04 12:09 - 00000581 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePass 2.lnk
2015-02-03 17:44 - 2015-02-03 17:44 - 02536151 _____ (Dominik Reichl ) C:\Users\WoJa\Downloads\KeePass-2.28-Setup.exe
2015-01-28 16:37 - 2015-01-28 16:37 - 05270008 _____ (Tangysoft Ltd. ) C:\Users\WoJa\Downloads\UseNeXTSetup_5.64.exe
2015-01-28 09:04 - 2015-01-28 09:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-28 08:51 - 2015-01-28 08:51 - 03980064 _____ (TeamViewer) C:\Users\WoJa\Downloads\teamviewer.exe
2015-01-27 10:52 - 2015-01-27 11:03 - 00104145 _____ () C:\Users\WoJa\Desktop\Wiegeprotokoll_3_3_7.xlsx
2015-01-26 20:49 - 2015-01-26 20:49 - 00000000 ___SD () C:\Users\WoJa\Documents\Meine Datenquellen
2015-01-25 17:38 - 2015-02-08 08:48 - 00000000 ____D () C:\Users\WoJa\AppData\Local\Photo Explosion
2015-01-25 17:38 - 2015-01-25 17:38 - 00000125 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2015-01-25 16:56 - 2015-01-25 16:56 - 01525048 _____ (Avanquest Software) C:\Users\WoJa\Downloads\InPixioPhotoFocus3.0_DM.exe
2015-01-25 16:36 - 2015-01-25 16:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avanquest
2015-01-25 16:32 - 2015-01-25 16:35 - 86216328 _____ (Avanquest Software) C:\Users\WoJa\Downloads\Ausschneiden_2.0.3.exe
2015-01-25 16:28 - 2015-02-06 19:54 - 00000000 ____D () C:\Users\K L S K\AppData\Local\Avanquest
2015-01-25 16:26 - 2015-01-25 16:28 - 00000000 ____D () C:\Users\K L S K\AppData\Local\NGPR
2015-01-25 16:26 - 2015-01-25 16:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InPixio Photo Maximizer
2015-01-25 16:26 - 2015-01-25 16:26 - 00000000 ____D () C:\Program Files (x86)\InPixio Photo Maximizer
2015-01-25 16:15 - 2015-02-07 11:56 - 00000000 ____D () C:\Users\WoJa\AppData\Local\NGPR
2015-01-25 16:15 - 2015-01-25 17:39 - 00000000 ____D () C:\Users\WoJa\AppData\Local\Avanquest
2015-01-25 16:14 - 2015-02-06 19:52 - 00000000 ____D () C:\ProgramData\Avanquest
2015-01-25 16:14 - 2015-01-25 16:58 - 00000000 ____D () C:\Users\Public\Documents\Avanquest Software
2015-01-25 16:14 - 2015-01-25 16:58 - 00000000 ____D () C:\ProgramData\Configuration
2015-01-25 16:14 - 2015-01-25 16:14 - 00000000 ____D () C:\ProgramData\Avanquest Software
2015-01-25 16:10 - 2015-01-25 17:12 - 00000000 ___RD () C:\Users\WoJa\Desktop\Fotobearbeitung
2015-01-25 16:08 - 2015-01-25 16:10 - 42955192 _____ (Avanquest Software) C:\Users\WoJa\Downloads\InPixio_Photo_Maximizer_MLT.exe
2015-01-25 15:35 - 2015-01-25 16:58 - 00000000 ____D () C:\Program Files (x86)\Avanquest
2015-01-25 15:35 - 2015-01-25 15:35 - 01841528 _____ (Avanquest Software) C:\Users\WoJa\Downloads\Foto-Software_Ausschneiden_DE_FT.exe
2015-01-25 14:54 - 2015-01-25 14:54 - 00000000 ____D () C:\ProgramData\PDFEditor
2015-01-25 14:54 - 2015-01-25 14:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2015-01-25 14:54 - 2014-12-16 21:10 - 00096328 _____ (Wondershare Software) C:\WINDOWS\system32\WSMonEditor.dll
2015-01-23 14:34 - 2015-01-23 14:34 - 00020992 _____ () C:\Users\WoJa\Desktop\7,49.ufo
2015-01-17 09:24 - 2015-01-17 09:27 - 00000000 ____D () C:\Users\WoJa\Desktop\Weiterb._GWS_01_2015
2015-01-16 08:25 - 2015-01-16 10:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-01-16 06:45 - 2015-02-09 13:23 - 00000000 ___RD () C:\Users\WoJa\Dropbox
2015-01-16 06:45 - 2015-01-16 06:45 - 00000000 ____D () C:\Users\WoJa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-01-16 06:44 - 2015-02-09 07:45 - 00000000 ____D () C:\Users\WoJa\AppData\Roaming\Dropbox
2015-01-16 06:44 - 2015-01-16 06:45 - 00000000 ____D () C:\Users\K L S K\AppData\Roaming\Dropbox
2015-01-16 06:43 - 2015-01-16 06:43 - 00324136 _____ (Dropbox, Inc.) C:\Users\WoJa\Downloads\DropboxInstaller.exe
2015-01-15 19:35 - 2015-01-15 19:35 - 00201803 _____ () C:\Users\WoJa\Downloads\Dropbox.zip
2015-01-15 19:31 - 2015-01-16 06:45 - 00000000 ____D () C:\Users\WoJa\Desktop\Gollmer
2015-01-14 11:06 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-01-14 11:06 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-01-14 11:06 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-01-14 11:06 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-01-14 11:06 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-01-14 11:06 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-01-14 11:06 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-01-14 11:06 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-01-14 11:06 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-01-14 11:06 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-01-14 11:06 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-01-14 11:06 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-01-14 11:06 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-01-14 11:06 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-01-14 11:06 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-01-14 11:06 - 2014-10-29 05:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2015-01-14 11:06 - 2014-10-29 05:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2015-01-14 11:06 - 2014-10-29 04:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-01-14 11:06 - 2014-10-29 04:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-01-14 11:06 - 2014-10-29 04:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2015-01-14 11:06 - 2014-10-29 04:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2015-01-14 11:06 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2015-01-14 11:06 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2015-01-14 11:06 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-01-14 11:06 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-01-14 11:06 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2015-01-14 11:06 - 2014-10-29 03:44 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-01-14 11:06 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2015-01-14 11:06 - 2014-10-29 02:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2015-01-14 11:06 - 2014-10-29 02:02 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-01-14 11:06 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll
2015-01-13 17:15 - 2015-01-30 19:47 - 00000000 ____D () C:\Users\WoJa\Desktop\Schulter-OP

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-09 19:52 - 2014-05-08 16:04 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3381209366-1052480604-4067403755-1008
2015-02-09 19:52 - 2014-03-21 13:39 - 01796474 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-09 19:52 - 2013-11-14 08:26 - 01780340 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-02-09 19:52 - 2013-11-14 08:11 - 00766620 _____ () C:\WINDOWS\system32\perfh007.dat
2015-02-09 19:52 - 2013-11-14 08:11 - 00159902 _____ () C:\WINDOWS\system32\perfc007.dat
2015-02-09 19:51 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-02-09 19:48 - 2014-05-08 15:59 - 00000000 ____D () C:\Users\K L S K\Documents\Youcam
2015-02-09 19:47 - 2014-03-24 06:44 - 00001142 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-09 19:47 - 2014-03-21 14:19 - 00697753 _____ () C:\ProgramData\lxeb.log
2015-02-09 19:47 - 2014-03-21 11:05 - 00097752 _____ () C:\ProgramData\lxebscan.log
2015-02-09 19:47 - 2013-05-13 14:49 - 00003308 _____ () C:\WINDOWS\System32\Tasks\Intel® Rapid Start Technology Manager
2015-02-09 19:47 - 2013-05-13 13:44 - 00000868 _____ () C:\WINDOWS\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2015-02-09 19:46 - 2014-06-15 09:24 - 00001102 _____ () C:\Users\K L S K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2015-02-09 19:46 - 2014-06-15 09:24 - 00001072 _____ () C:\Users\K L S K\Desktop\Search.lnk
2015-02-09 19:46 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-09 19:46 - 2013-08-22 14:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-02-09 19:21 - 2014-07-17 13:57 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-02-09 19:21 - 2014-03-24 06:44 - 00001146 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-09 19:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-02-09 13:55 - 2014-03-21 15:06 - 00003946 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{132EB2ED-B4C8-4356-953F-243BB0BA9D63}
2015-02-09 12:40 - 2014-03-21 14:27 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3381209366-1052480604-4067403755-1005
2015-02-09 12:22 - 2013-05-13 13:44 - 00000870 _____ () C:\WINDOWS\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2015-02-09 12:21 - 2014-06-15 20:07 - 00001226 _____ () C:\Users\K L S K\Desktop\Any Video Converter.lnk
2015-02-09 12:21 - 2014-06-15 20:07 - 00000000 ____D () C:\Users\K L S K\AppData\Roaming\AnvSoft
2015-02-09 11:07 - 2014-04-20 16:56 - 00000000 ____D () C:\Users\WoJa\AppData\Roaming\UseNeXT
2015-02-09 10:45 - 2014-05-15 15:47 - 00000000 ____D () C:\Users\WoJa\AppData\Roaming\vlc
2015-02-09 07:46 - 2014-03-21 14:23 - 00000000 ____D () C:\Users\WoJa\Documents\Youcam
2015-02-09 07:45 - 2014-03-31 16:06 - 00000000 ____D () C:\Users\WoJa\AppData\Local\FreePDF_XP
2015-02-09 07:45 - 2014-03-24 06:46 - 00000000 ___RD () C:\Users\WoJa\Google Drive
2015-02-09 07:45 - 2014-03-21 14:22 - 00000000 __RDO () C:\Users\WoJa\SkyDrive
2015-02-08 09:14 - 2014-03-22 16:21 - 02073600 ___SH () C:\Users\WoJa\Desktop\Thumbs.db
2015-02-07 13:50 - 2014-03-29 13:47 - 00000000 ____D () C:\Users\WoJa\AppData\Roaming\AIMP3
2015-02-07 13:04 - 2014-03-21 20:46 - 00000000 ____D () C:\WINDOWS\Minidump
2015-02-07 13:04 - 2014-03-21 13:33 - 00000000 ___DC () C:\WINDOWS\Panther
2015-02-07 12:31 - 2014-11-06 20:27 - 00000000 ____D () C:\Users\WoJa\Desktop\Spenner
2015-02-07 12:29 - 2014-04-29 12:40 - 00000000 ____D () C:\Users\WoJa\Documents\Outlook-Dateien
2015-02-07 11:52 - 2014-03-21 14:22 - 00000000 ____D () C:\Users\WoJa\AppData\Local\VirtualStore
2015-02-07 11:16 - 2014-03-24 06:44 - 00004118 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-07 11:16 - 2014-03-24 06:44 - 00003882 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-07 10:56 - 2014-11-27 06:16 - 00272296 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2015-02-07 10:56 - 2014-11-27 06:15 - 00176552 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2015-02-07 10:56 - 2014-11-27 06:15 - 00176552 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2015-02-07 10:56 - 2014-11-27 06:15 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-02-07 10:56 - 2014-11-27 06:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-02-07 10:56 - 2014-11-27 06:15 - 00000000 ____D () C:\Program Files (x86)\Java
2015-02-07 10:56 - 2014-09-27 07:20 - 00000000 ____D () C:\ProgramData\Oracle
2015-02-07 10:55 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\LiveKernelReports
2015-02-06 19:52 - 2013-05-13 13:56 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-02-06 19:16 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-02-05 14:21 - 2014-07-17 13:57 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-02-04 12:11 - 2014-03-27 21:50 - 00000000 ____D () C:\Users\WoJa\AppData\Roaming\KeePass
2015-02-03 20:31 - 2013-08-22 16:38 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-02-03 20:31 - 2013-08-22 16:38 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-31 11:39 - 2014-03-21 11:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-30 18:32 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-01-29 17:58 - 2014-05-16 20:33 - 00000000 ___RD () C:\Users\WoJa\Desktop\Schulungen
2015-01-28 14:17 - 2014-03-24 06:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-01-28 08:51 - 2014-09-22 19:10 - 00000000 ____D () C:\Users\WoJa\AppData\Roaming\TeamViewer
2015-01-27 15:36 - 2013-08-22 15:44 - 00511368 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-01-25 16:58 - 2014-03-27 20:28 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-23 11:24 - 2014-12-16 19:44 - 00000000 ____D () C:\Users\WoJa\Desktop\Steuern
2015-01-19 13:08 - 2013-12-13 10:38 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-01-19 13:05 - 2013-04-11 08:30 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-01-16 11:38 - 2014-03-21 11:06 - 00000000 ____D () C:\ProgramData\Lx_cats
2015-01-16 06:45 - 2014-03-21 13:37 - 00000000 ____D () C:\Users\WoJa

==================== Files in the root of some directories =======

2014-06-13 19:51 - 2014-06-13 19:51 - 0000057 _____ () C:\ProgramData\Ament.ini
2014-03-21 11:09 - 2014-03-21 11:09 - 0000252 _____ () C:\ProgramData\FastPics.log
2014-03-21 14:19 - 2015-02-09 19:47 - 0697753 _____ () C:\ProgramData\lxeb.log
2014-04-19 19:01 - 2014-07-02 10:19 - 0000309 _____ () C:\ProgramData\lxebDiagnostics.log
2014-03-21 11:08 - 2014-06-12 11:20 - 0097172 _____ () C:\ProgramData\lxebJSW.log
2014-03-21 11:05 - 2015-02-09 19:47 - 0097752 _____ () C:\ProgramData\lxebscan.log
2015-01-25 17:38 - 2015-01-25 17:38 - 0000125 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2014-03-21 11:04 - 2014-03-21 11:04 - 0000000 _____ () C:\ProgramData\UpdaterLog.txt
2013-12-13 09:24 - 2013-12-13 09:25 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2013-12-13 09:22 - 2013-12-13 09:23 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2013-12-13 09:23 - 2013-12-13 09:24 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log

Some content of TEMP:
====================
C:\Users\K L S K\AppData\Local\Temp\avgnt.exe
C:\Users\K L S K\AppData\Local\Temp\MyPcBackup.exe
C:\Users\K L S K\AppData\Local\Temp\OnlineBackup.exe
C:\Users\K L S K\AppData\Local\Temp\Quarantine.exe
C:\Users\K L S K\AppData\Local\Temp\sqlite3.dll
C:\Users\K L S K\AppData\Local\Temp\vcredist_x64.exe
C:\Users\WoJa\AppData\Local\Temp\avgnt.exe
C:\Users\WoJa\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpblsutq.dll
C:\Users\Wolfgang\AppData\Local\Temp\avgnt.exe
C:\Users\Wolfgang\AppData\Local\Temp\ose00000.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-31 12:35

==================== End Of Log ============================
--- --- ---

--- --- ---


4) falls erforderlich Addition

Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-02-2015
Ran by K L S K at 2015-02-09 19:54:52
Running from C:\Users\K L S K\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

8GadgetPack (HKLM-x32\...\{32A7C3B0-E5C3-4913-B1F2-49FE860FAA5E}) (Version: 11.0.0 - Helmut Buhler)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10)  MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AIMP3 (HKLM-x32\...\AIMP3) (Version: v3.55.1345, 26.03.2014 - AIMP DevTeam)
Any Video Converter 5.7.7 (HKLM-x32\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avanquest message (HKLM-x32\...\{20573C69-4A68-4BEF-A23D-365CB66924CD}) (Version: 1.03.0 - Avanquest Software)
Avanquest update (HKLM-x32\...\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}) (Version: 1.34 - Avanquest Software)
Avery Wizard 5.0 (HKLM-x32\...\{FC3B3A5D-7058-4627-9F1E-F95CC38B6054}) (Version: 5.0.5 - Avery)
Avira (HKLM-x32\...\{70a79d1f-686d-4d5c-962b-07aa1294eae0}) (Version: 1.1.12.20002 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.12.20002 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
CyberLink YouCam 5 (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.2219 - CyberLink Corp.)
dm-Fotowelt (HKLM-x32\...\dm-Fotowelt) (Version: 5.1.5 - CEWE Stiftung u Co. KGaA)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 15.3.20141106 - Landesfinanzdirektion Thüringen)
Free FLV Converter V 7.6.1 (HKLM-x32\...\Free FLV Converter_is1) (Version: 7.6.1.0 - Koyote Lab Inc.)
Free YouTube Download version 3.2.49.1111 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.49.1111 - DVDVideoSoft Ltd.)
Freemake Video Downloader (HKLM-x32\...\Freemake Video Downloader_is1) (Version: 3.7.1 - Ellora Assets Corporation)
FreePDF (Remove only) (HKLM-x32\...\FreePDF_XP) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)
Google Drive (HKLM-x32\...\{65EACBB4-B0B8-4A5B-AE46-22DBE15C70B5}) (Version: 1.19.8406.6504 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.07) (Version: 9.07 - Artifex Software Inc.)
HAENNI EC 200 - 2.5.1 (HKLM-x32\...\"EC 200"_is1) (Version:  - HAENNI Instruments Inc.)
HP Officejet Pro 8600 - Grundlegende Software für das Gerät (HKLM\...\{D2D05FDB-4EDA-462D-8DB6-E0B9AD4FA25F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
InPixio Photo (HKLM-x32\...\{5F0C0CD8-77B1-4C3E-9F01-5AF10D85DBB4}) (Version: 6.03.0 - Avanquest Software)
InPixio Photo Focus (HKLM-x32\...\{D7DF4A1C-F5CD-49F6-927E-12E6A8EF4174}) (Version: 3.01.0 - Avanquest Software)
InPixio Photo Maximizer (HKLM-x32\...\{33DB8C17-40C9-4629-B6D4-05A4C7E8AA86}) (Version: 2.0.25799 - Avanquest Software)
InstaCards (HKLM-x32\...\{58259C24-7B5E-4977-93B0-E9EEA1B884CE}) (Version: 1.5.0 - Avanquest Software)
Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.36354 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation)
Intel(R) Rapid Start Technology (HKLM-x32\...\{3D073343-CEEB-4ce7-85AC-A69A7631B5D6}) (Version: 3.0.0.1008 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.7.0.1013 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
KeePass Password Safe 2.28 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.28 - Dominik Reichl)
LasiBe 4.40 (HKU\S-1-5-21-3381209366-1052480604-4067403755-1008\...\LasiBe 4.40) (Version:  - )
Lexmark Pro200-S500 Series (HKLM\...\Lexmark Pro200-S500 Series) (Version:  - Lexmark International, Inc.)
LVP v4.0 (HKLM-x32\...\LVP v4.0) (Version: 4.0 - )
Mein CEWE FOTOBUCH (HKLM-x32\...\Mein CEWE FOTOBUCH) (Version: 5.1.5 - CEWE Stiftung u Co. KGaA)
Microsoft Expression Web 4 (HKLM-x32\...\Web_4.0.1460.0) (Version: 4.0.1460.0 - Microsoft Corporation)
Microsoft Image Composer 1.5 (HKLM-x32\...\Image Composer) (Version:  - )
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version:  - Pavel Cvrcek)
Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 31.4.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.4.0 (x86 de)) (Version: 31.4.0 - Mozilla)
MyDriveConnect 3.3.0.1756 (HKLM-x32\...\MyDriveConnect) (Version: 3.3.0.1756 - TomTom)
PEAK OEM-Treiber (HKLM-x32\...\PEAK OEM-Treiber) (Version: 3.8.02.10146 - PEAK-System Technik GmbH)
PHotkey (HKLM-x32\...\{E50C224A-BBF2-428D-9DCF-DBF9DF85C40E}) (Version: 1.00.0069 - Pegatron Corporation)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.206 - Ihr Firmenname)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6873 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.2.8400.30143 - Realtek Semiconductor Corp.)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: 1.90 - Ghostgum Software Pty Ltd)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.16.0 - Synaptics Incorporated)
TightVNC (HKLM\...\{D2372F87-7DA2-47F7-A102-AF2181B8EAA2}) (Version: 2.7.10.0 - GlavSoft LLC.)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.51a - Ghisler Software GmbH)
Ulead PhotoImpact 12 (HKLM-x32\...\{11AFE21E-B193-430D-B57A-DFF7815BB962}) (Version: 12.0 - Ulead System)
UnderCoverXP 1.23 (HKLM-x32\...\UnderCoverXP_is1) (Version:  - Wicked & Wild Inc.)
UseNeXT by Tangysoft (HKLM-x32\...\UseNeXT by Tangysoft_is1) (Version:  - Tangysoft Ltd.)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player 2.1.4 (HKLM\...\VLC media player) (Version: 2.1.4 - VideoLAN)
WEKA Ladungssicherung in der Praxis September 2013 (HKLM-x32\...\WEKA LADUNGSSICHERUNG IN DER PRAXIS SEPTEMBER 2013) (Version: September 2013 - WEKA)
Windows Driver Package - FTDI CDM Driver Package - Bus/D2XX Driver (01/18/2013 2.08.28) (HKLM\...\9E24492CE9279512BD465F61DB8523641BB7BBFC) (Version: 01/18/2013 2.08.28 - FTDI)
Windows Driver Package - FTDI CDM Driver Package - VCP Driver (01/18/2013 2.08.28) (HKLM\...\E61B77ECE57113AE1CA028BC7A8AD6C137BD13DD) (Version: 01/18/2013 2.08.28 - FTDI)
Windows Mobile-Gerätecenter (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR 5.11 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
WISO EÜR & Kasse 2014 (HKLM-x32\...\{50320153-AE64-4CBB-B5FC-73C5C22B545D}) (Version: 21.01.8499 - Buhl Data Service GmbH)
WISO EÜR & Kasse 2015 (HKLM-x32\...\{A6981B8B-FDEF-4BB4-917D-1CFFACEA241F}) (Version: 22.01.8841 - Buhl Data Service GmbH)
Wondershare PDFelement(Build 4.0.0) (HKLM-x32\...\{75BAE677-F65A-45A4-9931-363FE0CF5E58}_is1) (Version: 4.0.0.3 - Wondershare Software Co.,Ltd.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3381209366-1052480604-4067403755-1008_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\WoJa\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3381209366-1052480604-4067403755-1008_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\WoJa\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3381209366-1052480604-4067403755-1008_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\WoJa\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3381209366-1052480604-4067403755-1008_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\WoJa\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3381209366-1052480604-4067403755-1008_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\WoJa\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3381209366-1052480604-4067403755-1008_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\WoJa\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3381209366-1052480604-4067403755-1008_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\WoJa\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3381209366-1052480604-4067403755-1008_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\WoJa\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3381209366-1052480604-4067403755-1008_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\WoJa\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

25-01-2015 16:37:04 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
06-02-2015 19:15:55 Windows Update
09-02-2015 19:37:28 Revo Uninstaller's restore point - FixMyRegistry

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {25E4C798-8ED2-4AC2-BF5F-C3ABBC36E959} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-01-20] (Piriform Ltd)
Task: {43C3E3D9-92ED-4486-87AE-F6C41D86BDF7} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-04-16] (Intel Corporation)
Task: {49B4EFB6-69F8-4C66-BDD2-4BD5E3F9E17C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-24] (Google Inc.)
Task: {57420711-F41A-44C7-AC02-834F46003FCB} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {83EF02B9-22D8-4AFA-BAEC-B3BDD726B01A} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-01-19] (Microsoft Corporation)
Task: {8613D1F3-EBB8-421F-BC49-F4D0E3944D59} - System32\Tasks\Intel® Rapid Start Technology Manager => C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe [2013-04-24] (Intel)
Task: {93DA1BCF-B87D-466A-8D8E-3F78CC7EB3E2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-24] (Google Inc.)
Task: {AB7CEB29-C0D5-437D-948B-DD9DB8942ECC} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {FA7A8119-A10A-4E8B-AC6F-1C80BCB65D41} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-04-16] (Intel Corporation)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\WINDOWS\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Loaded Modules (whitelisted) ==============

2013-05-13 14:15 - 2009-12-18 14:40 - 00104968 _____ () C:\Program Files (x86)\PHotkey\ASLDRSrv.exe
2013-05-13 14:15 - 2011-10-13 13:38 - 00156672 _____ () C:\Program Files (x86)\PHotkey\GFNEXSrv.exe
2014-03-21 20:28 - 2012-06-21 07:25 - 00113152 _____ () C:\WINDOWS\System32\redmon64.dll
2014-03-21 11:05 - 2009-11-04 08:17 - 00189440 _____ () C:\WINDOWS\system32\spool\PRTPROCS\x64\lxebdrpp.dll
2013-05-13 14:15 - 2012-08-15 12:49 - 02603520 _____ () C:\Program Files (x86)\PHotkey\PHotkey.exe
2013-05-13 14:15 - 2010-01-12 16:36 - 00117256 _____ () C:\Program Files (x86)\PHotkey\MsgTranAgt.exe
2013-05-13 14:15 - 2010-01-12 16:36 - 00121864 _____ () C:\Program Files (x86)\PHotkey\MsgTranAgt64.exe
2013-05-13 14:15 - 2010-12-17 13:04 - 00449032 _____ () C:\Program Files (x86)\PHotkey\ATouch64.exe
2013-05-13 14:15 - 2012-01-12 16:58 - 00552960 _____ () C:\Program Files (x86)\PHotkey\PVDesktop.exe
2013-05-13 14:15 - 2012-01-12 16:58 - 00477696 _____ () C:\Program Files (x86)\PHotkey\PVDAgent.exe
2013-05-13 14:15 - 2012-03-27 19:48 - 03471872 _____ () C:\Program Files (x86)\PHotkey\POSD.exe
2013-05-13 14:15 - 2012-08-08 17:10 - 07536128 _____ () C:\Program Files (x86)\PHotkey\GPMTray.exe
2014-01-25 02:22 - 2014-01-25 02:22 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-08-10 17:28 - 2012-08-10 17:28 - 00384128 _____ () C:\Program Files (x86)\Bluetooth Suite\ContactsApi.dll
2012-08-10 17:23 - 2012-08-10 17:23 - 00020992 _____ () C:\Program Files (x86)\Bluetooth Suite\L10n\de-DE\BtTray.de-DE.dll
2014-03-21 11:04 - 2013-01-23 13:29 - 00772712 _____ () C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe
2014-03-21 11:04 - 2013-01-23 13:29 - 00150264 _____ () C:\Program Files (x86)\Lexmark Pro200-S500 Series\ezprint.exe
2015-01-21 03:06 - 2015-01-21 03:06 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2014-05-05 09:37 - 2014-05-05 09:37 - 00138320 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll
2014-05-05 09:37 - 2014-05-05 09:37 - 00065616 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.AvConnectorNative.dll
2011-08-15 19:12 - 2011-08-15 19:12 - 02603520 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtCore4.dll
2011-08-17 15:48 - 2011-08-17 15:48 - 00322048 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\log4cplus.dll
2011-08-15 19:15 - 2011-08-15 19:15 - 00382464 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtXml4.dll
2011-08-17 15:48 - 2011-08-17 15:48 - 00195584 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\libgsoap.dll
2012-04-16 10:37 - 2012-04-16 10:37 - 00071680 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ServiceManagerStarter.dll
2011-08-15 18:23 - 2011-08-15 18:23 - 00062464 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\zlib1.dll
2011-08-15 19:12 - 2011-08-15 19:12 - 01006592 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtNetwork4.dll
2012-04-16 10:42 - 2012-04-16 10:42 - 00015872 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\featureController.dll
2011-08-17 15:41 - 2011-08-17 15:41 - 00400384 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\sqlite3.dll
2012-04-16 10:41 - 2012-04-16 10:41 - 00484864 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\DeviceProfile.dll
2012-04-16 10:56 - 2012-04-16 10:56 - 00500032 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\plugin\PServerPlugin.dll
2012-04-16 10:38 - 2012-04-16 10:38 - 00013824 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\eventsSender.dll
2013-05-13 14:15 - 2009-12-18 14:36 - 00973432 _____ () C:\Program Files (x86)\PHotkey\acAuth.dll
2013-05-13 14:15 - 2009-12-18 14:41 - 00129544 _____ () C:\Program Files (x86)\PHotkey\GFNEX.dll
2014-03-21 11:04 - 2010-04-01 12:23 - 00389120 _____ () C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebscw.dll
2014-03-21 11:04 - 2009-05-27 07:16 - 00192512 _____ () C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebdatr.dll
2014-03-21 11:04 - 2010-04-01 12:24 - 01159168 _____ () C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebDRS.dll
2014-03-21 11:04 - 2009-03-10 00:43 - 00155648 _____ () C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebcaps.dll
2014-03-21 11:05 - 2009-02-20 03:48 - 00381440 _____ () C:\WINDOWS\SYSTEM32\lxebsm.dll
2014-03-21 11:05 - 2009-04-28 02:56 - 00024064 _____ () C:\WINDOWS\system32\lxebsmr.dll
2014-03-21 11:04 - 2010-04-05 05:56 - 00716954 _____ () C:\Program Files (x86)\Lexmark Pro200-S500 Series\Epwizard.DLL
2014-03-21 11:04 - 2010-04-05 05:55 - 00159890 _____ () C:\Program Files (x86)\Lexmark Pro200-S500 Series\customui.dll
2014-03-21 11:04 - 2010-04-05 05:54 - 00123033 _____ () C:\Program Files (x86)\Lexmark Pro200-S500 Series\Eputil.DLL
2014-03-21 11:04 - 2010-04-05 05:55 - 00061604 _____ () C:\Program Files (x86)\Lexmark Pro200-S500 Series\Epfunct.DLL
2014-03-21 11:04 - 2010-04-05 05:54 - 00143502 _____ () C:\Program Files (x86)\Lexmark Pro200-S500 Series\Imagutil.DLL
2014-03-21 11:04 - 2010-04-05 05:56 - 02203803 _____ () C:\Program Files (x86)\Lexmark Pro200-S500 Series\EPWizRes.dll
2014-03-21 11:04 - 2010-04-05 05:56 - 00045221 _____ () C:\Program Files (x86)\Lexmark Pro200-S500 Series\epstring.dll
2014-03-21 11:04 - 2010-04-05 05:56 - 00094359 _____ () C:\Program Files (x86)\Lexmark Pro200-S500 Series\EPOEMDll.dll
2014-03-21 11:04 - 2009-04-07 14:25 - 00409600 _____ () C:\Program Files (x86)\Lexmark Pro200-S500 Series\iptk.dll
2014-03-21 11:04 - 2009-03-02 09:25 - 00151552 _____ () C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebptp.dll
2014-08-22 09:38 - 2014-08-22 09:38 - 00026488 _____ () C:\Program Files (x86)\MyDrive Connect\DeviceDetection.dll
2014-08-22 09:38 - 2014-08-22 09:38 - 00087416 _____ () C:\Program Files (x86)\MyDrive Connect\TomTomSupporterBase.dll
2014-08-22 09:38 - 2014-08-22 09:38 - 00398712 _____ () C:\Program Files (x86)\MyDrive Connect\TomTomSupporterProxy.dll
2013-12-13 09:23 - 2012-06-08 04:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 11:34 - 2012-06-08 11:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2014-03-21 18:36 - 2005-01-04 17:05 - 00028672 ____N () C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\DetMethod.dll
2014-05-08 15:59 - 2014-05-05 09:37 - 00049744 _____ () C:\Users\KLSK~1\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2014-05-13 19:11 - 2014-06-04 10:21 - 00571904 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2014-05-13 19:11 - 2014-05-19 17:19 - 00137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2014-10-18 09:57 - 2014-10-18 09:57 - 00016384 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PSIClient\2133a50009fa3b357bfbd29a218be0f6\PSIClient.ni.dll
2013-05-13 13:44 - 2012-07-18 19:55 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\WoJa\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Wolfgang\SkyDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Registry Areas =====================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3381209366-1052480604-4067403755-1008\Control Panel\Desktop\\Wallpaper ->

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3381209366-1052480604-4067403755-1008\...\StartupApproved\Run: => "Avanquest message"

==================== Accounts: =============================

Administrator (S-1-5-21-3381209366-1052480604-4067403755-500 - Administrator - Disabled)
Gast (S-1-5-21-3381209366-1052480604-4067403755-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3381209366-1052480604-4067403755-1007 - Limited - Enabled)
K L S K (S-1-5-21-3381209366-1052480604-4067403755-1008 - Administrator - Enabled) => C:\Users\K L S K
WoJa (S-1-5-21-3381209366-1052480604-4067403755-1005 - Limited - Enabled) => C:\Users\WoJa
Wolfgang (S-1-5-21-3381209366-1052480604-4067403755-1001 - Administrator - Enabled) => C:\Users\Wolfgang

==================== Faulty Device Manager Devices =============

Name: Bluetooth Audio Device
Description: Bluetooth Audio Device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Qualcomm Atheros Communications
Service: BTATH_A2DP
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Virtual Bluetooth Support (Include Audio)
Description: Virtual Bluetooth Support (Include Audio)
Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Manufacturer: Qualcomm Atheros Communications
Service: AthBTPort
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Bluetooth LWFLT Device
Description: Bluetooth LWFLT Device
Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Manufacturer: Qualcomm Atheros Communications
Service: BTATH_LWFLT
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-3517U CPU @ 1.90GHz
Percentage of memory in use: 19%
Total physical RAM: 8075 MB
Available physical RAM: 6472.53 MB
Total Pagefile: 9355 MB
Available Pagefile: 7711.35 MB
Total Virtual: 131072 MB
Available Virtual: 131071.83 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:229.8 GB) (Free:106.8 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: 5AA31459)

Partition: GPT Partition Type.

==================== End Of Log ============================


Bin ich, bzw.mein Rechner jetzt sauber?

Gruß,

Corsipo

Wohl doch noch nicht in Ordnung.

Jetzt zeigen sich die komischen pop ups auch im Adminkonto.....:heulen:


corsipo

Aneri 09.02.2015 20:40
Hi,

Schritt 1:

Lade dir TFC (TempFileCleaner von Oldtimer) herunter und speichere es auf den Desktop.
  • Öffne die TFC.exe.
    Vista und Win 7 User mit Rechtsklick "als Administrator starten".
  • Schließe alle anderen Programme.
  • Drücke auf den Button Start.
  • Falls du zu einem Neustart aufgefordert wirst, bestätige diesen.



Schritt 2:

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.



Schritt 3:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset



Schritt 4:

Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

Corsipo 09.02.2015 23:40
weitere Scans
 
Hi,

hier die weiteren gewünschten Dateien:

Code:
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=2af4fa6bdac8554e87ef58c099c7e665
# engine=22386
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-02-09 10:15:30
# local_time=2015-02-09 11:15:30 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 12522 30198866 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 7601204 29356304 0 0
# scanned=488608
# found=17
# cleaned=17
# scan_time=6963
sh=01DE189B14C4800A2BAB83E55B4E48C6AB41D20F ft=1 fh=7e80c3c8bbc85c06 vn="Variante von Win32/BrowseFox.AF evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\updater.bak.vir"
sh=29F72316E7D6E164233FA312BBEC7A3A70BB2641 ft=1 fh=f8340978f860a190 vn="Variante von Win32/BrowseFox.AF evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\updater.exe.vir"
sh=AAA623029121715DD514658EB72C344C182CE5D4 ft=1 fh=2063f527e15bc225 vn="Variante von MSIL/MyPCBackup.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyPC Backup\BackupStackUI.dll.vir"
sh=BAFC87AA0D99C347EA00A77BB09CE78915DF75E5 ft=1 fh=edcb43f436e617cd vn="MSIL/MyPCBackup.E evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyPC Backup\MyPC Backup.exe.vir"
sh=B064982D25187B6033F1CE381C3E631B76E14EE3 ft=1 fh=2285837253f0f8eb vn="Variante von Win32/BrowseFox.AF evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\plugincontainer.bak.vir"
sh=F5CF5F9BAD6A6F705B8CF4C227F6FAB2D7857072 ft=1 fh=f7246aeac641a5af vn="Variante von Win32/BrowseFox.AF evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\plugincontainer.exe.vir"
sh=D2CCD093F69B1E33D1F6EA5DC210ACECD698B5EE ft=1 fh=768d21deaa53690a vn="Variante von Win32/BrowseFox.AF evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\plugins\5\Plugin.exe.vir"
sh=BCFB8F7CEC44F164DFFA6924E0F730E65C03E861 ft=1 fh=7ec0c2f2bc566cd7 vn="Variante von Win32/BrowseFox.AF evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\plugins\5bak\Plugin.exe.vir"
sh=C5AA96F17ED2B68CA4C839EA7394F4534B4F5C3F ft=1 fh=57a85fb4fd4bc01c vn="Variante von Win64/Systweak.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\WINDOWS\System32\roboot64.exe.vir"
sh=561249B34D97B2B2BC46BCD6123F67137BE6E30F ft=1 fh=958ee95189059e15 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\K L S K\AppData\Roaming\Mozilla\Firefox\Profiles\xciieqrs.default\extensions\{d58e9cf5-f32e-9415-c1f8-6970b588f790}\components\SmartbarFireFoxRemotePlugin_25.dll"
sh=C4572103452CB2E459912D1C5F12F59066A50FA9 ft=1 fh=d0c221068451f4c6 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\K L S K\AppData\Roaming\Mozilla\Firefox\Profiles\xciieqrs.default\extensions\{d58e9cf5-f32e-9415-c1f8-6970b588f790}\components\SmartbarFireFoxRemotePlugin_26.dll"
sh=8AF0B8395CA2B561C93D4704838FD4549F6D59DB ft=1 fh=7c4e70a6fcfc43b7 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\K L S K\AppData\Roaming\Mozilla\Firefox\Profiles\xciieqrs.default\extensions\{d58e9cf5-f32e-9415-c1f8-6970b588f790}\components\SmartbarFireFoxRemotePlugin_27.dll"
sh=2B6CFCD7C81463D2544FDE96AD85BF6AA873379D ft=1 fh=6950e4890066eaa5 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\K L S K\AppData\Roaming\Mozilla\Firefox\Profiles\xciieqrs.default\extensions\{d58e9cf5-f32e-9415-c1f8-6970b588f790}\components\SmartbarFireFoxRemotePlugin_28.dll"
sh=6EB1CCC67427C21F93B928D2FFDFD38C13637D68 ft=1 fh=34833efd3fe0ff41 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\K L S K\AppData\Roaming\Mozilla\Firefox\Profiles\xciieqrs.default\extensions\{d58e9cf5-f32e-9415-c1f8-6970b588f790}\components\SmartbarFireFoxRemotePlugin_29.dll"
sh=C9A7CA3C06A8BD159C76E82BE3C0129DFAF370E2 ft=1 fh=c647e824ec6e2f74 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\K L S K\AppData\Roaming\Mozilla\Firefox\Profiles\xciieqrs.default\extensions\{d58e9cf5-f32e-9415-c1f8-6970b588f790}\components\SmartbarFireFoxRemotePlugin_30.dll"
sh=2C7A9D43DB764A137323CE5F6660194E84E03C23 ft=1 fh=7b3803e1d77c40d0 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\WoJa\Downloads\Microsoft Expression Web - CHIP-Installer.exe"
sh=E79CE0DA43C79F2A4E48A4F4A02905DE783FBD16 ft=1 fh=a9eb553813c219ce vn="NSIS/StartPage.CC Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\WoJa\Downloads\vlc-2.1.4-win64.exe"


Code:
Results of screen317's Security Check version 0.99.96 
  x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop     
Windows Defender 
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````
 Java 8 Update 31 
 Java version 32-bit out of Date!
  Java 64-bit 8 Update 31 
 Adobe Flash Player        16.0.0.305 
 Adobe Reader XI 
 Mozilla Firefox (35.0.1)
 Mozilla Thunderbird (31.4.0)
 Google Chrome (40.0.2214.111)
 Google Chrome (40.0.2214.94)
````````Process Check: objlist.exe by Laurent```````` 
 Avira Antivir avgnt.exe
 Avira Antivir avguard.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````

Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 18.10.2014
Suchlauf-Zeit: 09:53:41
Logdatei: mbam.txt
Administrator: Nein

Version: 2.00.2.1012
Malware Datenbank: v2014.10.18.03
Rootkit Datenbank: v2014.10.17.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: WoJa

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 436688
Verstrichene Zeit: 19 Min, 22 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 0
(Keine schädliche Elemente erkannt)

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 1
PUP.Optional.SnapDo.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPBDDI6Pk-fpITtt_7-dx2uy24NiqVsjTaQ8QzBK289Ru9AQSDWOxvdI-434tBBm5862AlbvFCCvfYI816d-6GFld-WXBYXX0cXY_EHPgvgMOwGIsh-kDEgtemIXxkzINdhD_zu-Tt0GDn9Z3naYTd5GoEGn4h2KqiYZVD1UQ,,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPBDDI6Pk-fpITtt_7-dx2uy24NiqVsjTaQ8QzBK289Ru9AQSDWOxvdI-434tBBm5862AlbvFCCvfYI816d-6GFld-WXBYXX0cXY_EHPgvgMOwGIsh-kDEgtemIXxkzINdhD_zu-Tt0GDn9Z3naYTd5GoEGn4h2KqiYZVD1UQ,,&q={searchTerms}),Ersetzt,[5dcef81e4e2e2511f61031e73acba957]

Ordner: 0
(Keine schädliche Elemente erkannt)

Dateien: 0
(Keine schädliche Elemente erkannt)

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)


Wie geht es weiter?

Gruß Corsipo

Aneri 09.02.2015 23:53
macht das System noch Probleme mit Werbung?

bitte ein neues FRST Logfile posten , dann mchen wir den Rest manuell.

Gute Nacht erstmal

Corsipo 10.02.2015 07:28
Hi Aneri,

guten Morgen.

Das System macht immer noch Probleme. Ich denke, es beschränkt sich auf den Firefox.

Hier die beiden Dateien nach dem FRST-Scan:


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-02-2015
Ran by K L S K (administrator) on WOJA-WIN-8_PC on 10-02-2015 07:22:46
Running from C:\Users\K L S K\Desktop
Loaded Profiles: K L S K (Available profiles: Wolfgang & WoJa & K L S K)
Platform: Windows 8.1 Pro (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() C:\Program Files (x86)\PHotkey\AsLdrSrv.exe
() C:\Program Files (x86)\PHotkey\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Ellora Assets Corp.) C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(GlavSoft LLC.) C:\Program Files\TightVNC\tvnserver.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Program Files (x86)\PHotkey\PHotkey.exe
() C:\Program Files (x86)\PHotkey\MsgTranAgt.exe
() C:\Program Files (x86)\PHotkey\MsgTranAgt64.exe
() C:\Program Files (x86)\PHotkey\Atouch64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exe
() C:\Program Files (x86)\PHotkey\PVDesktop.exe
() C:\Program Files (x86)\PHotkey\PVDAgent.exe
(Pegatron Corporation) C:\Program Files (x86)\PHotkey\MyWiMax.exe
() C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\updateui.exe
() C:\Program Files (x86)\PHotkey\POsd.exe
(Intel) C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe
() C:\Program Files (x86)\PHotkey\GPMTray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe
( ) C:\Windows\SysWOW64\lxebcoms.exe
() C:\Program Files (x86)\Lexmark Pro200-S500 Series\ezprint.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(TODO: <Company name>) C:\Program Files (x86)\PHotkey\HCSynApi.exe
(GlavSoft LLC.) C:\Program Files\TightVNC\tvnserver.exe
(TomTom) C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\Monitor.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\System32\CompatTel\QueryAppBlock.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13513288 2013-03-29] (Realtek Semiconductor)
HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [764032 2012-08-10] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-08-10] (Atheros Communications)
HKLM\...\Run: [lxebmon.exe] => C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe [772712 2013-01-23] ()
HKLM\...\Run: [EzPrint] => C:\Program Files (x86)\Lexmark Pro200-S500 Series\ezprint.exe [150264 2013-01-23] ()
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2930488 2012-09-21] (Synaptics Incorporated)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [tvncontrol] => C:\Program Files\TightVNC\tvnserver.exe [2179056 2013-07-19] (GlavSoft LLC.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-11-19] (Intel Corporation)
HKLM-x32\...\Run: [ATLauncher] => C:\Program Files\McAfee\MSC\OOBE\ATLauncher.exe [488120 2012-08-08] (McAfee, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491632 2012-09-26] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [258576 2012-10-22] (CyberLink Corp.)
HKLM-x32\...\Run: [Ulead AutoDetector v2] => C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\monitor.exe [90112 2006-11-29] (Ulead Systems, Inc.)
HKLM-x32\...\Run: [FreePDF Assistant] => C:\Program Files (x86)\FreePDF_XP\fpassist.exe [373760 2014-03-18] (shbox.de)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-16] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SHIWebOnDiskManager] => C:\Program Files (x86)\SHIWebOnDiskManager\SHIWebOnDiskManager.exe [245760 2013-09-03] (SHI Elektronische Medien GmbH)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [182352 2014-05-05] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2024800 2014-06-04] (Wondershare)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => "E:\KeePass Password Safe 2\KeePass.exe" --preload
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3381209366-1052480604-4067403755-1008\...\Run: [MyDriveConnect.exe] => C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe [1792376 2014-08-22] (TomTom)
HKU\S-1-5-21-3381209366-1052480604-4067403755-1008\...\Run: [Avanquest message] => C:\Program Files (x86)\Avanquest\Avanquest message\AQNotif.exe [361272 2015-01-23] (Avanquest Software)
HKU\S-1-5-21-3381209366-1052480604-4067403755-1008\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)
HKU\S-1-5-21-3381209366-1052480604-4067403755-1008\...\RunOnce: [Adobe Speed Launcher] => 1423549146
Startup: C:\Users\WoJa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\K L S K\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
Startup: C:\Users\WoJa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sidebar122.lnk
ShortcutTarget: Sidebar122.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
Startup: C:\Users\WoJa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet Pro 8600 (Netzwerk).lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Officejet Pro 8600 (Netzwerk).lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:53928;https=127.0.0.1:53928
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3381209366-1052480604-4067403755-1008\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://localoem.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\K L S K\AppData\Roaming\Mozilla\Firefox\Profiles\xciieqrs.default
FF SearchEngineOrder.1: SuchMaschine
FF Homepage: www.google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\K L S K\AppData\Roaming\Mozilla\Firefox\Profiles\xciieqrs.default\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\K L S K\AppData\Roaming\Mozilla\Firefox\Profiles\xciieqrs.default\searchplugins\google-maps.xml
FF Extension: Download videos and MP3s from YouTube - C:\Users\K L S K\AppData\Roaming\Mozilla\Firefox\Profiles\xciieqrs.default\Extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900} [2014-11-24]
FF Extension: Snap.Do  - C:\Users\K L S K\AppData\Roaming\Mozilla\Firefox\Profiles\xciieqrs.default\Extensions\{d58e9cf5-f32e-9415-c1f8-6970b588f790} [2014-06-15]
FF Extension: Cliqz Beta - C:\Users\K L S K\AppData\Roaming\Mozilla\Firefox\Profiles\xciieqrs.default\Extensions\cliqz@cliqz.com.xpi [2014-11-15]
FF Extension: Positive Finds - C:\Users\K L S K\AppData\Roaming\Mozilla\Firefox\Profiles\xciieqrs.default\Extensions\{7084813e-70d5-4251-9d2b-03bda4f44792}.xpi [2015-02-09]
FF HKU\S-1-5-21-3381209366-1052480604-4067403755-1008\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\K L S K\AppData\Roaming\Mozilla\Firefox\Profiles\xciieqrs.default\extensions\cliqz@cliqz.com
FF HKU\S-1-5-21-3381209366-1052480604-4067403755-1008\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-11-24]

Chrome:
=======
CHR Profile: C:\Users\K L S K\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\K L S K\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-09-22]
CHR Extension: (Google Docs) - C:\Users\K L S K\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-22]
CHR Extension: (Google Drive) - C:\Users\K L S K\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-22]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\K L S K\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-07]
CHR Extension: (YouTube) - C:\Users\K L S K\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-22]
CHR Extension: (Google-Suche) - C:\Users\K L S K\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-22]
CHR Extension: (Google Tabellen) - C:\Users\K L S K\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-09-22]
CHR Extension: (Google Wallet) - C:\Users\K L S K\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-22]
CHR Extension: (Google Mail) - C:\Users\K L S K\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-22]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 ASLDRService; C:\Program Files (x86)\PHotkey\ASLDRSrv.exe [104968 2009-12-18] ()
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [211584 2012-08-10] (Qualcomm Atheros Commnucations)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [124496 2014-05-05] (Avira Operations GmbH & Co. KG)
R2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2014-11-18] (Ellora Assets Corp.) [File not signed]
R2 GFNEXSrv; C:\Program Files (x86)\PHotkey\GFNEXSrv.exe [156672 2011-10-13] () [File not signed]
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2464400 2013-05-08] (Realsil Microelectronics Inc.)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-09-18] (Intel Corporation)
R2 irstrtsv; C:\windows\SysWOW64\irstrtsv.exe [668984 2013-04-24] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-09-18] (Intel Corporation)
S2 lxebCATSCustConnectService; C:\windows\system32\spool\DRIVERS\x64\3\\lxebserv.exe [45736 2010-04-14] (Lexmark International, Inc.)
S3 McAWFwk; C:\Program Files\McAfee\MSC\McAWFwk.exe [332080 2012-01-26] (McAfee, Inc.)
S2 McOobeSv2; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [219832 2012-06-17] (McAfee, Inc.)
R2 tvnserver; C:\Program Files\TightVNC\tvnserver.exe [2179056 2013-07-19] (GlavSoft LLC.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-08-10] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131608 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-08-10] (Qualcomm Atheros)
R3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [131584 2013-08-22] (Microsoft Corporation)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2013-04-24] (Intel Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)
S3 Pcan_usb; C:\Windows\System32\drivers\PCAN_USB.SYS [100864 2012-01-24] (PEAK-System Technik GmbH, Darmstadt, Germany)
R2 PEGAGFN; C:\Program Files (x86)\PHotkey\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-09-21] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [44344 2012-09-21] (Synaptics Incorporated)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-10 07:22 - 2015-02-10 07:22 - 00022876 _____ () C:\Users\K L S K\Desktop\FRST.txt
2015-02-10 07:21 - 2015-02-10 07:21 - 02132992 _____ (Farbar) C:\Users\K L S K\Desktop\FRST64.exe
2015-02-09 20:56 - 2015-02-09 23:28 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-02-09 20:56 - 2015-02-09 20:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-09 20:56 - 2015-02-09 20:56 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-09 20:56 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-02-09 20:56 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-02-09 20:56 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-02-09 19:50 - 2015-02-09 19:50 - 01388274 _____ (Thisisu) C:\Users\K L S K\Desktop\JRT.exe
2015-02-09 19:47 - 2015-02-09 19:47 - 00008673 _____ () C:\Users\K L S K\Desktop\AdwCleaner[S0].txt
2015-02-09 19:46 - 2015-02-09 23:46 - 00002236 _____ () C:\WINDOWS\PFRO.log
2015-02-09 19:44 - 2015-02-09 19:46 - 00000000 ____D () C:\AdwCleaner
2015-02-09 19:35 - 2015-02-09 19:35 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-02-09 18:38 - 2015-02-10 07:22 - 00000000 ____D () C:\FRST
2015-02-09 18:38 - 2015-02-09 18:39 - 00045314 _____ () C:\Users\WoJa\Downloads\FRST.txt
2015-02-09 18:38 - 2015-02-09 18:38 - 00024874 _____ () C:\Users\WoJa\Downloads\Addition.txt
2015-02-09 18:36 - 2015-02-09 18:37 - 02132992 _____ (Farbar) C:\Users\WoJa\Downloads\FRST64.exe
2015-02-09 12:24 - 2015-02-09 12:53 - 00000000 ____D () C:\Users\WoJa\Desktop\Video
2015-02-09 12:22 - 2015-02-09 12:22 - 00000000 ____D () C:\Users\WoJa\Documents\Any Video Converter
2015-02-09 12:22 - 2015-02-09 12:22 - 00000000 ____D () C:\Users\WoJa\AppData\Roaming\Anvsoft
2015-02-09 12:20 - 2015-02-09 12:21 - 33703656 _____ (Any-Video-Converter.com ) C:\Users\WoJa\Downloads\avc-577free.exe
2015-02-09 12:14 - 2015-02-09 12:15 - 00000000 ____D () C:\Users\WoJa\Desktop\Polizeihubschrauber_mit_Norbert_2014
2015-02-08 12:12 - 2015-02-08 12:12 - 00055311 _____ () C:\Users\WoJa\Desktop\default.html
2015-02-08 08:48 - 2015-02-08 08:48 - 00000000 ____D () C:\Users\WoJa\AppData\Local\IsolatedStorage
2015-02-08 08:31 - 2015-02-08 09:52 - 00000000 ____D () C:\Users\WoJa\Desktop\Bearbeitung
2015-02-07 15:29 - 2015-02-10 07:15 - 00005553 _____ () C:\WINDOWS\setupact.log
2015-02-07 15:29 - 2015-02-07 15:29 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-02-07 13:09 - 2015-02-07 13:09 - 00001880 _____ () C:\Users\K L S K\Desktop\UseNeXT by Tangysoft.lnk
2015-02-07 13:09 - 2015-02-07 13:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UseNeXT
2015-02-07 13:09 - 2015-02-07 13:09 - 00000000 ____D () C:\Program Files (x86)\UseNeXT
2015-02-07 13:04 - 2015-02-07 13:04 - 00002776 _____ () C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2015-02-07 13:04 - 2015-02-07 13:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-02-07 13:04 - 2015-02-07 13:04 - 00000000 ____D () C:\Program Files\CCleaner
2015-02-07 12:55 - 2015-02-07 12:55 - 05270008 _____ (Tangysoft Ltd. ) C:\Users\WoJa\Downloads\UseNeXTSetup_5.64(1).exe
2015-02-07 12:35 - 2015-02-07 12:35 - 00000000 __SHD () C:\Users\WoJa\AppData\Local\EmieBrowserModeList
2015-02-06 19:52 - 2015-02-06 19:52 - 00000000 ____D () C:\Program Files (x86)\Avanquest update
2015-02-03 17:48 - 2015-02-04 12:09 - 00000581 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePass 2.lnk
2015-02-03 17:44 - 2015-02-03 17:44 - 02536151 _____ (Dominik Reichl ) C:\Users\WoJa\Downloads\KeePass-2.28-Setup.exe
2015-01-28 16:37 - 2015-01-28 16:37 - 05270008 _____ (Tangysoft Ltd. ) C:\Users\WoJa\Downloads\UseNeXTSetup_5.64.exe
2015-01-28 09:04 - 2015-01-28 09:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-28 08:51 - 2015-01-28 08:51 - 03980064 _____ (TeamViewer) C:\Users\WoJa\Downloads\teamviewer.exe
2015-01-27 10:52 - 2015-01-27 11:03 - 00104145 _____ () C:\Users\WoJa\Desktop\Wiegeprotokoll_3_3_7.xlsx
2015-01-26 20:49 - 2015-01-26 20:49 - 00000000 ___SD () C:\Users\WoJa\Documents\Meine Datenquellen
2015-01-25 17:38 - 2015-02-08 08:48 - 00000000 ____D () C:\Users\WoJa\AppData\Local\Photo Explosion
2015-01-25 17:38 - 2015-01-25 17:38 - 00000125 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2015-01-25 16:56 - 2015-01-25 16:56 - 01525048 _____ (Avanquest Software) C:\Users\WoJa\Downloads\InPixioPhotoFocus3.0_DM.exe
2015-01-25 16:36 - 2015-01-25 16:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avanquest
2015-01-25 16:32 - 2015-01-25 16:35 - 86216328 _____ (Avanquest Software) C:\Users\WoJa\Downloads\Ausschneiden_2.0.3.exe
2015-01-25 16:28 - 2015-02-06 19:54 - 00000000 ____D () C:\Users\K L S K\AppData\Local\Avanquest
2015-01-25 16:26 - 2015-01-25 16:28 - 00000000 ____D () C:\Users\K L S K\AppData\Local\NGPR
2015-01-25 16:26 - 2015-01-25 16:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InPixio Photo Maximizer
2015-01-25 16:26 - 2015-01-25 16:26 - 00000000 ____D () C:\Program Files (x86)\InPixio Photo Maximizer
2015-01-25 16:15 - 2015-02-07 11:56 - 00000000 ____D () C:\Users\WoJa\AppData\Local\NGPR
2015-01-25 16:15 - 2015-01-25 17:39 - 00000000 ____D () C:\Users\WoJa\AppData\Local\Avanquest
2015-01-25 16:14 - 2015-02-06 19:52 - 00000000 ____D () C:\ProgramData\Avanquest
2015-01-25 16:14 - 2015-01-25 16:58 - 00000000 ____D () C:\Users\Public\Documents\Avanquest Software
2015-01-25 16:14 - 2015-01-25 16:58 - 00000000 ____D () C:\ProgramData\Configuration
2015-01-25 16:14 - 2015-01-25 16:14 - 00000000 ____D () C:\ProgramData\Avanquest Software
2015-01-25 16:10 - 2015-01-25 17:12 - 00000000 ___RD () C:\Users\WoJa\Desktop\Fotobearbeitung
2015-01-25 16:08 - 2015-01-25 16:10 - 42955192 _____ (Avanquest Software) C:\Users\WoJa\Downloads\InPixio_Photo_Maximizer_MLT.exe
2015-01-25 15:35 - 2015-01-25 16:58 - 00000000 ____D () C:\Program Files (x86)\Avanquest
2015-01-25 15:35 - 2015-01-25 15:35 - 01841528 _____ (Avanquest Software) C:\Users\WoJa\Downloads\Foto-Software_Ausschneiden_DE_FT.exe
2015-01-25 14:54 - 2015-01-25 14:54 - 00000000 ____D () C:\ProgramData\PDFEditor
2015-01-25 14:54 - 2015-01-25 14:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2015-01-25 14:54 - 2014-12-16 21:10 - 00096328 _____ (Wondershare Software) C:\WINDOWS\system32\WSMonEditor.dll
2015-01-23 14:34 - 2015-01-23 14:34 - 00020992 _____ () C:\Users\WoJa\Desktop\7,49.ufo
2015-01-17 09:24 - 2015-01-17 09:27 - 00000000 ____D () C:\Users\WoJa\Desktop\Weiterb._GWS_01_2015
2015-01-16 08:25 - 2015-01-16 10:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-01-16 06:45 - 2015-02-10 07:16 - 00000000 ___RD () C:\Users\WoJa\Dropbox
2015-01-16 06:45 - 2015-01-16 06:45 - 00000000 ____D () C:\Users\WoJa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-01-16 06:44 - 2015-02-10 07:16 - 00000000 ____D () C:\Users\WoJa\AppData\Roaming\Dropbox
2015-01-16 06:44 - 2015-01-16 06:45 - 00000000 ____D () C:\Users\K L S K\AppData\Roaming\Dropbox
2015-01-16 06:43 - 2015-01-16 06:43 - 00324136 _____ (Dropbox, Inc.) C:\Users\WoJa\Downloads\DropboxInstaller.exe
2015-01-15 19:35 - 2015-01-15 19:35 - 00201803 _____ () C:\Users\WoJa\Downloads\Dropbox.zip
2015-01-15 19:31 - 2015-01-16 06:45 - 00000000 ____D () C:\Users\WoJa\Desktop\Gollmer
2015-01-14 11:06 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-01-14 11:06 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-01-14 11:06 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-01-14 11:06 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-01-14 11:06 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-01-14 11:06 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-01-14 11:06 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-01-14 11:06 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-01-14 11:06 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-01-14 11:06 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-01-14 11:06 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-01-14 11:06 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-01-14 11:06 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-01-14 11:06 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-01-14 11:06 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-01-14 11:06 - 2014-10-29 05:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2015-01-14 11:06 - 2014-10-29 05:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2015-01-14 11:06 - 2014-10-29 04:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-01-14 11:06 - 2014-10-29 04:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-01-14 11:06 - 2014-10-29 04:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2015-01-14 11:06 - 2014-10-29 04:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2015-01-14 11:06 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2015-01-14 11:06 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2015-01-14 11:06 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-01-14 11:06 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-01-14 11:06 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2015-01-14 11:06 - 2014-10-29 03:44 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-01-14 11:06 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2015-01-14 11:06 - 2014-10-29 02:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2015-01-14 11:06 - 2014-10-29 02:02 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-01-14 11:06 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll
2015-01-13 17:15 - 2015-01-30 19:47 - 00000000 ____D () C:\Users\WoJa\Desktop\Schulter-OP

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-10 07:21 - 2014-07-17 13:57 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-02-10 07:21 - 2014-03-24 06:44 - 00001146 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-10 07:19 - 2014-05-08 15:59 - 00000000 ____D () C:\Users\K L S K\Documents\Youcam
2015-02-10 07:19 - 2014-03-21 14:19 - 00698665 _____ () C:\ProgramData\lxeb.log
2015-02-10 07:19 - 2014-03-21 13:39 - 02065845 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-10 07:19 - 2014-03-21 11:05 - 00098632 _____ () C:\ProgramData\lxebscan.log
2015-02-10 07:18 - 2014-03-24 06:44 - 00001142 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-10 07:18 - 2013-05-13 14:49 - 00003308 _____ () C:\WINDOWS\System32\Tasks\Intel® Rapid Start Technology Manager
2015-02-10 07:18 - 2013-05-13 13:44 - 00000868 _____ () C:\WINDOWS\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2015-02-10 07:16 - 2014-03-31 16:06 - 00000000 ____D () C:\Users\WoJa\AppData\Local\FreePDF_XP
2015-02-10 07:16 - 2014-03-24 06:46 - 00000000 ___RD () C:\Users\WoJa\Google Drive
2015-02-10 07:16 - 2014-03-21 14:23 - 00000000 ____D () C:\Users\WoJa\Documents\Youcam
2015-02-10 07:16 - 2013-11-14 08:26 - 01780340 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-02-10 07:16 - 2013-11-14 08:11 - 00766620 _____ () C:\WINDOWS\system32\perfh007.dat
2015-02-10 07:16 - 2013-11-14 08:11 - 00159902 _____ () C:\WINDOWS\system32\perfc007.dat
2015-02-10 07:15 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-02-09 23:47 - 2014-03-21 14:22 - 00000000 __RDO () C:\Users\WoJa\SkyDrive
2015-02-09 23:46 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-02-09 23:46 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-09 23:46 - 2013-08-22 14:25 - 00786432 ___SH () C:\WINDOWS\system32\config\BBI
2015-02-09 21:16 - 2014-05-08 16:04 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3381209366-1052480604-4067403755-1008
2015-02-09 20:07 - 2014-03-22 16:21 - 02073600 ___SH () C:\Users\WoJa\Desktop\Thumbs.db
2015-02-09 19:46 - 2014-06-15 09:24 - 00001102 _____ () C:\Users\K L S K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2015-02-09 19:46 - 2014-06-15 09:24 - 00001072 _____ () C:\Users\K L S K\Desktop\Search.lnk
2015-02-09 13:55 - 2014-03-21 15:06 - 00003946 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{132EB2ED-B4C8-4356-953F-243BB0BA9D63}
2015-02-09 12:40 - 2014-03-21 14:27 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3381209366-1052480604-4067403755-1005
2015-02-09 12:22 - 2013-05-13 13:44 - 00000870 _____ () C:\WINDOWS\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2015-02-09 12:21 - 2014-06-15 20:07 - 00001226 _____ () C:\Users\K L S K\Desktop\Any Video Converter.lnk
2015-02-09 12:21 - 2014-06-15 20:07 - 00000000 ____D () C:\Users\K L S K\AppData\Roaming\AnvSoft
2015-02-09 11:07 - 2014-04-20 16:56 - 00000000 ____D () C:\Users\WoJa\AppData\Roaming\UseNeXT
2015-02-09 10:45 - 2014-05-15 15:47 - 00000000 ____D () C:\Users\WoJa\AppData\Roaming\vlc
2015-02-07 13:50 - 2014-03-29 13:47 - 00000000 ____D () C:\Users\WoJa\AppData\Roaming\AIMP3
2015-02-07 13:04 - 2014-03-21 20:46 - 00000000 ____D () C:\WINDOWS\Minidump
2015-02-07 13:04 - 2014-03-21 13:33 - 00000000 ___DC () C:\WINDOWS\Panther
2015-02-07 12:31 - 2014-11-06 20:27 - 00000000 ____D () C:\Users\WoJa\Desktop\Spenner
2015-02-07 12:29 - 2014-04-29 12:40 - 00000000 ____D () C:\Users\WoJa\Documents\Outlook-Dateien
2015-02-07 11:52 - 2014-03-21 14:22 - 00000000 ____D () C:\Users\WoJa\AppData\Local\VirtualStore
2015-02-07 11:16 - 2014-03-24 06:44 - 00004118 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-07 11:16 - 2014-03-24 06:44 - 00003882 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-07 10:56 - 2014-11-27 06:16 - 00272296 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2015-02-07 10:56 - 2014-11-27 06:15 - 00176552 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2015-02-07 10:56 - 2014-11-27 06:15 - 00176552 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2015-02-07 10:56 - 2014-11-27 06:15 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-02-07 10:56 - 2014-11-27 06:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-02-07 10:56 - 2014-11-27 06:15 - 00000000 ____D () C:\Program Files (x86)\Java
2015-02-07 10:56 - 2014-09-27 07:20 - 00000000 ____D () C:\ProgramData\Oracle
2015-02-07 10:55 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\LiveKernelReports
2015-02-06 19:52 - 2013-05-13 13:56 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-02-06 19:16 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-02-05 14:21 - 2014-07-17 13:57 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-02-04 12:11 - 2014-03-27 21:50 - 00000000 ____D () C:\Users\WoJa\AppData\Roaming\KeePass
2015-02-03 20:31 - 2013-08-22 16:38 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-02-03 20:31 - 2013-08-22 16:38 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-31 11:39 - 2014-03-21 11:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-30 18:32 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-01-29 17:58 - 2014-05-16 20:33 - 00000000 ___RD () C:\Users\WoJa\Desktop\Schulungen
2015-01-28 14:17 - 2014-03-24 06:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-01-28 08:51 - 2014-09-22 19:10 - 00000000 ____D () C:\Users\WoJa\AppData\Roaming\TeamViewer
2015-01-27 15:36 - 2013-08-22 15:44 - 00511368 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-01-25 16:58 - 2014-03-27 20:28 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-23 11:24 - 2014-12-16 19:44 - 00000000 ____D () C:\Users\WoJa\Desktop\Steuern
2015-01-19 13:08 - 2013-12-13 10:38 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-01-19 13:05 - 2013-04-11 08:30 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-01-16 11:38 - 2014-03-21 11:06 - 00000000 ____D () C:\ProgramData\Lx_cats
2015-01-16 06:45 - 2014-03-21 13:37 - 00000000 ____D () C:\Users\WoJa

==================== Files in the root of some directories =======

2014-06-13 19:51 - 2014-06-13 19:51 - 0000057 _____ () C:\ProgramData\Ament.ini
2014-03-21 11:09 - 2014-03-21 11:09 - 0000252 _____ () C:\ProgramData\FastPics.log
2014-03-21 14:19 - 2015-02-10 07:19 - 0698665 _____ () C:\ProgramData\lxeb.log
2014-04-19 19:01 - 2014-07-02 10:19 - 0000309 _____ () C:\ProgramData\lxebDiagnostics.log
2014-03-21 11:08 - 2014-06-12 11:20 - 0097172 _____ () C:\ProgramData\lxebJSW.log
2014-03-21 11:05 - 2015-02-10 07:19 - 0098632 _____ () C:\ProgramData\lxebscan.log
2015-01-25 17:38 - 2015-01-25 17:38 - 0000125 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2014-03-21 11:04 - 2014-03-21 11:04 - 0000000 _____ () C:\ProgramData\UpdaterLog.txt
2013-12-13 09:24 - 2013-12-13 09:25 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2013-12-13 09:22 - 2013-12-13 09:23 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2013-12-13 09:23 - 2013-12-13 09:24 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log

Some content of TEMP:
====================
C:\Users\K L S K\AppData\Local\Temp\avgnt.exe
C:\Users\WoJa\AppData\Local\Temp\avgnt.exe
C:\Users\WoJa\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpaoqlue.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-31 12:35

==================== End Of Log ============================
--- --- ---



Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-02-2015
Ran by K L S K at 2015-02-10 07:23:12
Running from C:\Users\K L S K\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

8GadgetPack (HKLM-x32\...\{32A7C3B0-E5C3-4913-B1F2-49FE860FAA5E}) (Version: 11.0.0 - Helmut Buhler)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10)  MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AIMP3 (HKLM-x32\...\AIMP3) (Version: v3.55.1345, 26.03.2014 - AIMP DevTeam)
Any Video Converter 5.7.7 (HKLM-x32\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avanquest message (HKLM-x32\...\{20573C69-4A68-4BEF-A23D-365CB66924CD}) (Version: 1.03.0 - Avanquest Software)
Avanquest update (HKLM-x32\...\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}) (Version: 1.34 - Avanquest Software)
Avery Wizard 5.0 (HKLM-x32\...\{FC3B3A5D-7058-4627-9F1E-F95CC38B6054}) (Version: 5.0.5 - Avery)
Avira (HKLM-x32\...\{70a79d1f-686d-4d5c-962b-07aa1294eae0}) (Version: 1.1.12.20002 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.12.20002 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
CyberLink YouCam 5 (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.2219 - CyberLink Corp.)
dm-Fotowelt (HKLM-x32\...\dm-Fotowelt) (Version: 5.1.5 - CEWE Stiftung u Co. KGaA)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 15.3.20141106 - Landesfinanzdirektion Thüringen)
Free FLV Converter V 7.6.1 (HKLM-x32\...\Free FLV Converter_is1) (Version: 7.6.1.0 - Koyote Lab Inc.)
Free YouTube Download version 3.2.49.1111 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.49.1111 - DVDVideoSoft Ltd.)
Freemake Video Downloader (HKLM-x32\...\Freemake Video Downloader_is1) (Version: 3.7.1 - Ellora Assets Corporation)
FreePDF (Remove only) (HKLM-x32\...\FreePDF_XP) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)
Google Drive (HKLM-x32\...\{65EACBB4-B0B8-4A5B-AE46-22DBE15C70B5}) (Version: 1.19.8406.6504 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.07) (Version: 9.07 - Artifex Software Inc.)
HAENNI EC 200 - 2.5.1 (HKLM-x32\...\"EC 200"_is1) (Version:  - HAENNI Instruments Inc.)
HP Officejet Pro 8600 - Grundlegende Software für das Gerät (HKLM\...\{D2D05FDB-4EDA-462D-8DB6-E0B9AD4FA25F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
InPixio Photo (HKLM-x32\...\{5F0C0CD8-77B1-4C3E-9F01-5AF10D85DBB4}) (Version: 6.03.0 - Avanquest Software)
InPixio Photo Focus (HKLM-x32\...\{D7DF4A1C-F5CD-49F6-927E-12E6A8EF4174}) (Version: 3.01.0 - Avanquest Software)
InPixio Photo Maximizer (HKLM-x32\...\{33DB8C17-40C9-4629-B6D4-05A4C7E8AA86}) (Version: 2.0.25799 - Avanquest Software)
InstaCards (HKLM-x32\...\{58259C24-7B5E-4977-93B0-E9EEA1B884CE}) (Version: 1.5.0 - Avanquest Software)
Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.36354 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation)
Intel(R) Rapid Start Technology (HKLM-x32\...\{3D073343-CEEB-4ce7-85AC-A69A7631B5D6}) (Version: 3.0.0.1008 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.7.0.1013 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
KeePass Password Safe 2.28 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.28 - Dominik Reichl)
LasiBe 4.40 (HKU\S-1-5-21-3381209366-1052480604-4067403755-1008\...\LasiBe 4.40) (Version:  - )
Lexmark Pro200-S500 Series (HKLM\...\Lexmark Pro200-S500 Series) (Version:  - Lexmark International, Inc.)
LVP v4.0 (HKLM-x32\...\LVP v4.0) (Version: 4.0 - )
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mein CEWE FOTOBUCH (HKLM-x32\...\Mein CEWE FOTOBUCH) (Version: 5.1.5 - CEWE Stiftung u Co. KGaA)
Microsoft Expression Web 4 (HKLM-x32\...\Web_4.0.1460.0) (Version: 4.0.1460.0 - Microsoft Corporation)
Microsoft Image Composer 1.5 (HKLM-x32\...\Image Composer) (Version:  - )
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version:  - Pavel Cvrcek)
Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 31.4.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.4.0 (x86 de)) (Version: 31.4.0 - Mozilla)
MyDriveConnect 3.3.0.1756 (HKLM-x32\...\MyDriveConnect) (Version: 3.3.0.1756 - TomTom)
PEAK OEM-Treiber (HKLM-x32\...\PEAK OEM-Treiber) (Version: 3.8.02.10146 - PEAK-System Technik GmbH)
PHotkey (HKLM-x32\...\{E50C224A-BBF2-428D-9DCF-DBF9DF85C40E}) (Version: 1.00.0069 - Pegatron Corporation)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.206 - Ihr Firmenname)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6873 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.2.8400.30143 - Realtek Semiconductor Corp.)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: 1.90 - Ghostgum Software Pty Ltd)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.16.0 - Synaptics Incorporated)
TightVNC (HKLM\...\{D2372F87-7DA2-47F7-A102-AF2181B8EAA2}) (Version: 2.7.10.0 - GlavSoft LLC.)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.51a - Ghisler Software GmbH)
Ulead PhotoImpact 12 (HKLM-x32\...\{11AFE21E-B193-430D-B57A-DFF7815BB962}) (Version: 12.0 - Ulead System)
UnderCoverXP 1.23 (HKLM-x32\...\UnderCoverXP_is1) (Version:  - Wicked & Wild Inc.)
UseNeXT by Tangysoft (HKLM-x32\...\UseNeXT by Tangysoft_is1) (Version:  - Tangysoft Ltd.)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player 2.1.4 (HKLM\...\VLC media player) (Version: 2.1.4 - VideoLAN)
WEKA Ladungssicherung in der Praxis September 2013 (HKLM-x32\...\WEKA LADUNGSSICHERUNG IN DER PRAXIS SEPTEMBER 2013) (Version: September 2013 - WEKA)
Windows Driver Package - FTDI CDM Driver Package - Bus/D2XX Driver (01/18/2013 2.08.28) (HKLM\...\9E24492CE9279512BD465F61DB8523641BB7BBFC) (Version: 01/18/2013 2.08.28 - FTDI)
Windows Driver Package - FTDI CDM Driver Package - VCP Driver (01/18/2013 2.08.28) (HKLM\...\E61B77ECE57113AE1CA028BC7A8AD6C137BD13DD) (Version: 01/18/2013 2.08.28 - FTDI)
Windows Mobile-Gerätecenter (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR 5.11 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
WISO EÜR & Kasse 2014 (HKLM-x32\...\{50320153-AE64-4CBB-B5FC-73C5C22B545D}) (Version: 21.01.8499 - Buhl Data Service GmbH)
WISO EÜR & Kasse 2015 (HKLM-x32\...\{A6981B8B-FDEF-4BB4-917D-1CFFACEA241F}) (Version: 22.01.8841 - Buhl Data Service GmbH)
Wondershare PDFelement(Build 4.0.0) (HKLM-x32\...\{75BAE677-F65A-45A4-9931-363FE0CF5E58}_is1) (Version: 4.0.0.3 - Wondershare Software Co.,Ltd.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3381209366-1052480604-4067403755-1008_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\WoJa\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3381209366-1052480604-4067403755-1008_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\WoJa\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3381209366-1052480604-4067403755-1008_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\WoJa\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3381209366-1052480604-4067403755-1008_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\WoJa\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3381209366-1052480604-4067403755-1008_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\WoJa\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3381209366-1052480604-4067403755-1008_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\WoJa\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3381209366-1052480604-4067403755-1008_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\WoJa\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3381209366-1052480604-4067403755-1008_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\WoJa\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3381209366-1052480604-4067403755-1008_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\WoJa\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

25-01-2015 16:37:04 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
06-02-2015 19:15:55 Windows Update
09-02-2015 19:37:28 Revo Uninstaller's restore point - FixMyRegistry

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {25E4C798-8ED2-4AC2-BF5F-C3ABBC36E959} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-01-20] (Piriform Ltd)
Task: {43C3E3D9-92ED-4486-87AE-F6C41D86BDF7} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-04-16] (Intel Corporation)
Task: {49B4EFB6-69F8-4C66-BDD2-4BD5E3F9E17C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-24] (Google Inc.)
Task: {57420711-F41A-44C7-AC02-834F46003FCB} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {62EE0353-122D-4110-87DA-6A8DF44E26EE} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-01-19] (Microsoft Corporation)
Task: {68FF4D25-CF87-4973-8688-65B93A3AD86B} - System32\Tasks\Intel® Rapid Start Technology Manager => C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe [2013-04-24] (Intel)
Task: {93DA1BCF-B87D-466A-8D8E-3F78CC7EB3E2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-24] (Google Inc.)
Task: {AB7CEB29-C0D5-437D-948B-DD9DB8942ECC} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {FA7A8119-A10A-4E8B-AC6F-1C80BCB65D41} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-04-16] (Intel Corporation)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\WINDOWS\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Loaded Modules (whitelisted) ==============

2013-05-13 14:15 - 2009-12-18 14:40 - 00104968 _____ () C:\Program Files (x86)\PHotkey\ASLDRSrv.exe
2013-05-13 14:15 - 2011-10-13 13:38 - 00156672 _____ () C:\Program Files (x86)\PHotkey\GFNEXSrv.exe
2014-03-21 20:28 - 2012-06-21 07:25 - 00113152 _____ () C:\WINDOWS\System32\redmon64.dll
2014-03-21 11:05 - 2009-11-04 08:17 - 00189440 _____ () C:\WINDOWS\system32\spool\PRTPROCS\x64\lxebdrpp.dll
2013-05-13 14:15 - 2012-08-15 12:49 - 02603520 _____ () C:\Program Files (x86)\PHotkey\PHotkey.exe
2013-05-13 14:15 - 2010-01-12 16:36 - 00117256 _____ () C:\Program Files (x86)\PHotkey\MsgTranAgt.exe
2013-05-13 14:15 - 2010-01-12 16:36 - 00121864 _____ () C:\Program Files (x86)\PHotkey\MsgTranAgt64.exe
2013-05-13 14:15 - 2010-12-17 13:04 - 00449032 _____ () C:\Program Files (x86)\PHotkey\ATouch64.exe
2013-05-13 14:15 - 2012-01-12 16:58 - 00552960 _____ () C:\Program Files (x86)\PHotkey\PVDesktop.exe
2013-05-13 14:15 - 2012-01-12 16:58 - 00477696 _____ () C:\Program Files (x86)\PHotkey\PVDAgent.exe
2012-04-16 13:45 - 2012-04-16 13:45 - 00119808 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\updateui.exe
2013-05-13 14:15 - 2012-03-27 19:48 - 03471872 _____ () C:\Program Files (x86)\PHotkey\POSD.exe
2013-05-13 14:15 - 2012-08-08 17:10 - 07536128 _____ () C:\Program Files (x86)\PHotkey\GPMTray.exe
2014-01-25 02:22 - 2014-01-25 02:22 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-08-10 17:28 - 2012-08-10 17:28 - 00384128 _____ () C:\Program Files (x86)\Bluetooth Suite\ContactsApi.dll
2012-08-10 17:23 - 2012-08-10 17:23 - 00020992 _____ () C:\Program Files (x86)\Bluetooth Suite\L10n\de-DE\BtTray.de-DE.dll
2014-03-21 11:04 - 2013-01-23 13:29 - 00772712 _____ () C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe
2014-03-21 11:04 - 2013-01-23 13:29 - 00150264 _____ () C:\Program Files (x86)\Lexmark Pro200-S500 Series\ezprint.exe
2015-01-21 03:06 - 2015-01-21 03:06 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2014-05-05 09:37 - 2014-05-05 09:37 - 00138320 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll
2014-05-05 09:37 - 2014-05-05 09:37 - 00065616 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.AvConnectorNative.dll
2014-10-18 09:57 - 2014-10-18 09:57 - 00016384 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PSIClient\2133a50009fa3b357bfbd29a218be0f6\PSIClient.ni.dll
2013-05-13 13:44 - 2012-07-18 19:55 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2013-05-13 14:15 - 2009-12-18 14:36 - 00973432 _____ () C:\Program Files (x86)\PHotkey\acAuth.dll
2013-05-13 14:15 - 2009-12-18 14:41 - 00129544 _____ () C:\Program Files (x86)\PHotkey\GFNEX.dll
2011-08-15 19:12 - 2011-08-15 19:12 - 02603520 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtCore4.dll
2011-08-17 15:48 - 2011-08-17 15:48 - 00322048 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\log4cplus.dll
2011-08-15 19:15 - 2011-08-15 19:15 - 00382464 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtXml4.dll
2011-08-17 15:48 - 2011-08-17 15:48 - 00195584 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\libgsoap.dll
2012-04-16 10:37 - 2012-04-16 10:37 - 00071680 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ServiceManagerStarter.dll
2011-08-15 18:23 - 2011-08-15 18:23 - 00062464 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\zlib1.dll
2011-08-15 19:12 - 2011-08-15 19:12 - 01006592 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtNetwork4.dll
2012-04-16 10:42 - 2012-04-16 10:42 - 00015872 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\featureController.dll
2011-08-17 15:41 - 2011-08-17 15:41 - 00400384 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\sqlite3.dll
2012-04-16 10:41 - 2012-04-16 10:41 - 00484864 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\DeviceProfile.dll
2012-04-16 10:56 - 2012-04-16 10:56 - 00500032 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\plugin\PServerPlugin.dll
2012-04-16 10:38 - 2012-04-16 10:38 - 00013824 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\eventsSender.dll
2011-07-19 15:05 - 2011-07-19 15:05 - 14978048 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtWebKit4.dll
2011-08-15 19:17 - 2011-08-15 19:17 - 09224704 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtGui4.dll
2011-07-19 15:04 - 2011-07-19 15:04 - 00317952 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\phonon4.dll
2015-02-06 09:17 - 2015-02-04 10:02 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libglesv2.dll
2015-02-06 09:17 - 2015-02-04 10:02 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libegl.dll
2014-03-21 11:04 - 2010-04-01 12:23 - 00389120 _____ () C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebscw.dll
2014-03-21 11:04 - 2009-05-27 07:16 - 00192512 _____ () C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebdatr.dll
2014-03-21 11:04 - 2010-04-01 12:24 - 01159168 _____ () C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebDRS.dll
2014-03-21 11:04 - 2009-03-10 00:43 - 00155648 _____ () C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebcaps.dll
2014-03-21 11:05 - 2009-02-20 03:48 - 00381440 _____ () C:\WINDOWS\SYSTEM32\lxebsm.dll
2014-03-21 11:05 - 2009-04-28 02:56 - 00024064 _____ () C:\WINDOWS\system32\lxebsmr.dll
2014-03-21 11:04 - 2010-04-05 05:56 - 00716954 _____ () C:\Program Files (x86)\Lexmark Pro200-S500 Series\Epwizard.DLL
2014-03-21 11:04 - 2010-04-05 05:55 - 00159890 _____ () C:\Program Files (x86)\Lexmark Pro200-S500 Series\customui.dll
2014-03-21 11:04 - 2010-04-05 05:54 - 00123033 _____ () C:\Program Files (x86)\Lexmark Pro200-S500 Series\Eputil.DLL
2014-03-21 11:04 - 2010-04-05 05:55 - 00061604 _____ () C:\Program Files (x86)\Lexmark Pro200-S500 Series\Epfunct.DLL
2014-03-21 11:04 - 2010-04-05 05:54 - 00143502 _____ () C:\Program Files (x86)\Lexmark Pro200-S500 Series\Imagutil.DLL
2014-03-21 11:04 - 2010-04-05 05:56 - 02203803 _____ () C:\Program Files (x86)\Lexmark Pro200-S500 Series\EPWizRes.dll
2014-03-21 11:04 - 2010-04-05 05:56 - 00045221 _____ () C:\Program Files (x86)\Lexmark Pro200-S500 Series\epstring.dll
2014-03-21 11:04 - 2010-04-05 05:56 - 00094359 _____ () C:\Program Files (x86)\Lexmark Pro200-S500 Series\EPOEMDll.dll
2014-03-21 11:04 - 2009-04-07 14:25 - 00409600 _____ () C:\Program Files (x86)\Lexmark Pro200-S500 Series\iptk.dll
2014-03-21 11:04 - 2009-03-02 09:25 - 00151552 _____ () C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebptp.dll
2014-08-22 09:38 - 2014-08-22 09:38 - 00026488 _____ () C:\Program Files (x86)\MyDrive Connect\DeviceDetection.dll
2014-08-22 09:38 - 2014-08-22 09:38 - 00087416 _____ () C:\Program Files (x86)\MyDrive Connect\TomTomSupporterBase.dll
2014-08-22 09:38 - 2014-08-22 09:38 - 00398712 _____ () C:\Program Files (x86)\MyDrive Connect\TomTomSupporterProxy.dll
2013-12-13 09:23 - 2012-06-08 04:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 11:34 - 2012-06-08 11:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2014-03-21 18:36 - 2005-01-04 17:05 - 00028672 ____N () C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\DetMethod.dll
2014-05-08 15:59 - 2014-05-05 09:37 - 00049744 _____ () C:\Users\KLSK~1\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2014-05-13 19:11 - 2014-06-04 10:21 - 00571904 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2014-05-13 19:11 - 2014-05-19 17:19 - 00137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2015-02-06 09:17 - 2015-02-04 10:02 - 09170760 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\pdf.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\WoJa\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Wolfgang\SkyDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Registry Areas =====================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3381209366-1052480604-4067403755-1008\Control Panel\Desktop\\Wallpaper ->

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3381209366-1052480604-4067403755-1008\...\StartupApproved\Run: => "Avanquest message"

==================== Accounts: =============================

Administrator (S-1-5-21-3381209366-1052480604-4067403755-500 - Administrator - Disabled)
Gast (S-1-5-21-3381209366-1052480604-4067403755-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3381209366-1052480604-4067403755-1007 - Limited - Enabled)
K L S K (S-1-5-21-3381209366-1052480604-4067403755-1008 - Administrator - Enabled) => C:\Users\K L S K
WoJa (S-1-5-21-3381209366-1052480604-4067403755-1005 - Limited - Enabled) => C:\Users\WoJa
Wolfgang (S-1-5-21-3381209366-1052480604-4067403755-1001 - Administrator - Enabled) => C:\Users\Wolfgang

==================== Faulty Device Manager Devices =============

Name: Bluetooth Audio Device
Description: Bluetooth Audio Device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Qualcomm Atheros Communications
Service: BTATH_A2DP
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Virtual Bluetooth Support (Include Audio)
Description: Virtual Bluetooth Support (Include Audio)
Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Manufacturer: Qualcomm Atheros Communications
Service: AthBTPort
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Bluetooth LWFLT Device
Description: Bluetooth LWFLT Device
Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Manufacturer: Qualcomm Atheros Communications
Service: BTATH_LWFLT
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


==================== Event log errors: =========================

Application errors:
==================
Error: (02/10/2015 07:16:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: BtvStack.exe, Version: 8.0.0.206, Zeitstempel: 0x5024e144
Name des fehlerhaften Moduls: audio.dll, Version: 8.0.0.206, Zeitstempel: 0x5024e1aa
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000001ae08
ID des fehlerhaften Prozesses: 0xe98
Startzeit der fehlerhaften Anwendung: 0xBtvStack.exe0
Pfad der fehlerhaften Anwendung: BtvStack.exe1
Pfad des fehlerhaften Moduls: BtvStack.exe2
Berichtskennung: BtvStack.exe3
Vollständiger Name des fehlerhaften Pakets: BtvStack.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: BtvStack.exe5

Error: (02/09/2015 11:47:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: BtvStack.exe, Version: 8.0.0.206, Zeitstempel: 0x5024e144
Name des fehlerhaften Moduls: audio.dll, Version: 8.0.0.206, Zeitstempel: 0x5024e1aa
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000001ae08
ID des fehlerhaften Prozesses: 0x1520
Startzeit der fehlerhaften Anwendung: 0xBtvStack.exe0
Pfad der fehlerhaften Anwendung: BtvStack.exe1
Pfad des fehlerhaften Moduls: BtvStack.exe2
Berichtskennung: BtvStack.exe3
Vollständiger Name des fehlerhaften Pakets: BtvStack.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: BtvStack.exe5

Error: (02/09/2015 11:44:53 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: WoJa-Win-8_PC)
Description: Das lokale Benutzerprofil wurde nicht gefunden. Sie werden mit einem temporären Benutzerprofil angemeldet. Änderungen, die Sie am Benutzerprofil vornehmen, gehen bei der Abmeldung verloren.

Error: (02/09/2015 11:44:53 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1515) (User: WoJa-Win-8_PC)
Description: Dieses Benutzerprofil wurde gesichert. Bei der nächsten Anmeldung dieses Benutzers wird automatisch versucht, dieses gesicherte Profil zu verwenden.

Error: (02/09/2015 11:44:53 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1502) (User: WoJa-Win-8_PC)
Description: Das lokal gespeicherte Profil kann nicht geladen werden. Mögliche Fehlerursachen sind nicht ausreichende Sicherheitsrechte oder ein beschädigtes lokales Profil.

 Details - Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.

Error: (02/09/2015 11:44:53 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT-AUTORITÄT)
Description: Die Registrierung konnte nicht geladen werden. Dieses Problem wird oft durch zuwenig Arbeitsspeicher oder nicht ausreichende Sicherheitsberechtigungen verursacht.

 Details - Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
 for C:\Users\WoJa\ntuser.dat

Error: (02/09/2015 11:24:31 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (02/09/2015 11:21:35 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (02/09/2015 09:16:19 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (02/09/2015 09:16:17 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.


System errors:
=============
Error: (02/09/2015 11:46:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "McAfee OOBE Service2" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (02/09/2015 11:46:46 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst McAfee OOBE Service2 erreicht.

Error: (02/09/2015 11:46:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "lxebCATSCustConnectService" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (02/09/2015 11:46:46 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst lxebCATSCustConnectService erreicht.

Error: (02/09/2015 08:50:37 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "ASLDR Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (02/09/2015 08:07:20 PM) (Source: DCOM) (EventID: 10010) (User: WoJa-Win-8_PC)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (02/09/2015 08:06:50 PM) (Source: DCOM) (EventID: 10010) (User: WoJa-Win-8_PC)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}


Microsoft Office Sessions:
=========================
Error: (02/10/2015 07:16:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: BtvStack.exe8.0.0.2065024e144audio.dll8.0.0.2065024e1aac0000005000000000001ae08e9801d044f90d2157a5C:\Program Files (x86)\Bluetooth Suite\BtvStack.exeC:\Program Files (x86)\Bluetooth Suite\Modules\Audio\audio.dll67070bd1-b0ec-11e4-bf11-7054d234b877

Error: (02/09/2015 11:47:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: BtvStack.exe8.0.0.2065024e144audio.dll8.0.0.2065024e1aac0000005000000000001ae08152001d044ba5d173ef4C:\Program Files (x86)\Bluetooth Suite\BtvStack.exeC:\Program Files (x86)\Bluetooth Suite\Modules\Audio\audio.dllb123aadf-b0ad-11e4-bf11-7054d234b877

Error: (02/09/2015 11:44:53 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: WoJa-Win-8_PC)
Description:

Error: (02/09/2015 11:44:53 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1515) (User: WoJa-Win-8_PC)
Description:

Error: (02/09/2015 11:44:53 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1502) (User: WoJa-Win-8_PC)
Description: Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.

Error: (02/09/2015 11:44:53 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT-AUTORITÄT)
Description: Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
C:\Users\WoJa\ntuser.dat

Error: (02/09/2015 11:24:31 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\K L S K\Downloads\esetsmartinstaller_deu.exe

Error: (02/09/2015 11:21:35 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (02/09/2015 09:16:19 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\K L S K\Downloads\esetsmartinstaller_deu.exe

Error: (02/09/2015 09:16:17 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\K L S K\Downloads\esetsmartinstaller_deu.exe


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-3517U CPU @ 1.90GHz
Percentage of memory in use: 23%
Total physical RAM: 8075 MB
Available physical RAM: 6196.96 MB
Total Pagefile: 9355 MB
Available Pagefile: 7346.95 MB
Total Virtual: 131072 MB
Available Virtual: 131071.83 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:229.8 GB) (Free:106.32 GB) NTFS
Drive f: (WoJa_2_TB) (Fixed) (Total:1863.01 GB) (Free:1150.29 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: 5AA31459)

Partition: GPT Partition Type.

========================================================
Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 1863 GB) (Disk ID: 851AE09E)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Bin gespannt, wie es weitergeht,

Corsipo

Aneri 10.02.2015 22:03
Hi...

bitte lass in deinem normalen Konto nochmals folgendes Tool laufen. Bitte mit Admin-REchten.
Dazu rechtsklick auf das Icon und als Admin ausführen...

Ich sehe noch Einträge (Firefox) die Adwcleaner eigendlich entfernen müsste.

Im zweiten Schritt:

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:53928;https=127.0.0.1:53928
FF Extension: Snap.Do  - C:\Users\K L S K\AppData\Roaming\Mozilla\Firefox\Profiles\xciieqrs.default\Extensions\{d58e9cf5-f32e-9415-c1f8-6970b588f790} [2014-06-15]
FF Extension: Cliqz Beta - C:\Users\K L S K\AppData\Roaming\Mozilla\Firefox\Profiles\xciieqrs.default\Extensions\cliqz@cliqz.com.xpi [2014-11-15]
FF Extension: Positive Finds - C:\Users\K L S K\AppData\Roaming\Mozilla\Firefox\Profiles\xciieqrs.default\Extensions\{7084813e-70d5-4251-9d2b-03bda4f44792}.xpi [2015-02-09]
C:\Users\K L S K\AppData\Roaming\Mozilla\Firefox\Profiles\xciieqrs.default\Extensions\{d58e9cf5-f32e-9415-c1f8-6970b588f790}
C:\Users\K L S K\AppData\Roaming\Mozilla\Firefox\Profiles\xciieqrs.default\Extensions\cliqz@cliqz.com.xpi
C:\Users\K L S K\AppData\Roaming\Mozilla\Firefox\Profiles\xciieqrs.default\Extensions\{7084813e-70d5-4251-9d2b-03bda4f44792}.xpi
FF HKU\S-1-5-21-3381209366-1052480604-4067403755-1008\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\K L S K\AppData\Roaming\Mozilla\Firefox\Profiles\xciieqrs.default\extensions\cliqz@cliqz.com
C:\Users\K L S K\AppData\Roaming\Mozilla\Firefox\Profiles\xciieqrs.default\extensions\cliqz@cliqz.com
emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



Schritt 3:

erstelle ein neues FRST Logfile und poste es hier

Corsipo 11.02.2015 08:20
Hallo Aneri,

ich habe deine Anweisung nicht verstanden.
Am Anfang fehlt irgendwie das Programm, auf das ich rechtsklicken soll.
Und ist es richtig, dass ich jetzt nicht im Adminkonto sondern in meinem eingeschränkten Arbeitskonto arbeiten soll?

Danke für deine Hilfe,

Corsipo

Aneri 11.02.2015 18:36
es geht um ADwcleaner :)

Corsipo 11.02.2015 21:19
Hi,

ich hoffe, ich habe alles richtig gemacht.

Hier die gewünschten Dateien:

Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-02-2015 02
Ran by K L S K at 2015-02-11 21:07:04 Run:1
Running from C:\Users\WoJa\Desktop
Loaded Profiles: WoJa & K L S K (Available profiles: Wolfgang & WoJa & K L S K)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:53928;https=127.0.0.1:53928
FF Extension: Snap.Do  - C:\Users\K L S K\AppData\Roaming\Mozilla\Firefox\Profiles\xciieqrs.default\Extensions\{d58e9cf5-f32e-9415-c1f8-6970b588f790} [2014-06-15]
FF Extension: Cliqz Beta - C:\Users\K L S K\AppData\Roaming\Mozilla\Firefox\Profiles\xciieqrs.default\Extensions\cliqz@cliqz.com.xpi [2014-11-15]
FF Extension: Positive Finds - C:\Users\K L S K\AppData\Roaming\Mozilla\Firefox\Profiles\xciieqrs.default\Extensions\{7084813e-70d5-4251-9d2b-03bda4f44792}.xpi [2015-02-09]
C:\Users\K L S K\AppData\Roaming\Mozilla\Firefox\Profiles\xciieqrs.default\Extensions\{d58e9cf5-f32e-9415-c1f8-6970b588f790}
C:\Users\K L S K\AppData\Roaming\Mozilla\Firefox\Profiles\xciieqrs.default\Extensions\cliqz@cliqz.com.xpi
C:\Users\K L S K\AppData\Roaming\Mozilla\Firefox\Profiles\xciieqrs.default\Extensions\{7084813e-70d5-4251-9d2b-03bda4f44792}.xpi
FF HKU\S-1-5-21-3381209366-1052480604-4067403755-1008\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\K L S K\AppData\Roaming\Mozilla\Firefox\Profiles\xciieqrs.default\extensions\cliqz@cliqz.com
C:\Users\K L S K\AppData\Roaming\Mozilla\Firefox\Profiles\xciieqrs.default\extensions\cliqz@cliqz.com
emptytemp:
       
*****************

HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
C:\Users\K L S K\AppData\Roaming\Mozilla\Firefox\Profiles\xciieqrs.default\Extensions\{d58e9cf5-f32e-9415-c1f8-6970b588f790} => Moved successfully.
C:\Users\K L S K\AppData\Roaming\Mozilla\Firefox\Profiles\xciieqrs.default\Extensions\cliqz@cliqz.com.xpi => Moved successfully.
C:\Users\K L S K\AppData\Roaming\Mozilla\Firefox\Profiles\xciieqrs.default\Extensions\{7084813e-70d5-4251-9d2b-03bda4f44792}.xpi => Moved successfully.
"C:\Users\K L S K\AppData\Roaming\Mozilla\Firefox\Profiles\xciieqrs.default\Extensions\{d58e9cf5-f32e-9415-c1f8-6970b588f790}" => File/Directory not found.
"C:\Users\K L S K\AppData\Roaming\Mozilla\Firefox\Profiles\xciieqrs.default\Extensions\cliqz@cliqz.com.xpi" => File/Directory not found.
"C:\Users\K L S K\AppData\Roaming\Mozilla\Firefox\Profiles\xciieqrs.default\Extensions\{7084813e-70d5-4251-9d2b-03bda4f44792}.xpi" => File/Directory not found.
HKU\S-1-5-21-3381209366-1052480604-4067403755-1008\Software\Mozilla\Firefox\Extensions\\cliqz@cliqz.com => value deleted successfully.
"C:\Users\K L S K\AppData\Roaming\Mozilla\Firefox\Profiles\xciieqrs.default\extensions\cliqz@cliqz.com" => File/Directory not found.
EmptyTemp: => Removed 87.3 MB temporary data.


The system needed a reboot.

==== End of Fixlog 21:07:16 ====


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-02-2015 02
Ran by WoJa (ATTENTION: The logged in user is not administrator) on WOJA-WIN-8_PC on 11-02-2015 21:10:59
Running from C:\Users\WoJa\Desktop
Loaded Profiles: WoJa (Available profiles: Wolfgang & WoJa & K L S K)
Platform: Windows 8.1 Pro (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

Failed to access process -> smss.exe
Failed to access process -> csrss.exe
Failed to access process -> wininit.exe
Failed to access process -> csrss.exe
Failed to access process -> services.exe
Failed to access process -> lsass.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> winlogon.exe
Failed to access process -> dwm.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> AsLdrSrv.exe
Failed to access process -> GFNEXSrv.exe
Failed to access process -> spoolsv.exe
Failed to access process -> sched.exe
Failed to access process -> svchost.exe
Failed to access process -> armsvc.exe
Failed to access process -> avguard.exe
Failed to access process -> AdminService.exe
Failed to access process -> CaptureLibService.exe
Failed to access process -> dasHost.exe
Failed to access process -> HeciServer.exe
Failed to access process -> irstrtsv.exe
Failed to access process -> Jhi_service.exe
Failed to access process -> svchost.exe
Failed to access process -> tvnserver.exe
Failed to access process -> Ath_CoexAgent.exe
Failed to access process -> Avira.OE.ServiceHost.exe
Failed to access process -> WmiPrvSE.exe
Failed to access process -> unsecapp.exe
Failed to access process -> WmiPrvSE.exe
Failed to access process -> avshadow.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> dllhost.exe
Failed to access process -> taskeng.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exe
(Microsoft Corporation) C:\Windows\System32\backgroundTaskHost.exe
Failed to access process -> SearchIndexer.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
Failed to access process -> PHotkey.exe
Failed to access process -> MsgTranAgt.exe
Failed to access process -> MsgTranAgt64.exe
Failed to access process -> Atouch64.exe
() C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\updateui.exe
Failed to access process -> PVDesktop.exe
() C:\Program Files (x86)\PHotkey\PVDAgent.exe
Failed to access process -> MyWiMax.exe
Failed to access process -> POsd.exe
Failed to access process -> GPMTray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
Failed to access process -> ICCProxy.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
() C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe
() C:\Program Files (x86)\Lexmark Pro200-S500 Series\ezprint.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
Failed to access process -> svchost.exe
(GlavSoft LLC.) C:\Program Files\TightVNC\tvnserver.exe
(TODO: <Company name>) C:\Program Files (x86)\PHotkey\HCSynApi.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
( ) C:\Windows\SysWOW64\lxebcoms.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Dropbox, Inc.) C:\Users\WoJa\AppData\Roaming\Dropbox\bin\Dropbox.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\Monitor.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
Failed to access process -> WUDFHost.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Microsoft Corporation) C:\Windows\System32\LocationNotifications.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
Failed to access process -> svchost.exe
Failed to access process -> TrustedInstaller.exe
Failed to access process -> TiWorker.exe
Failed to access process -> svchost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
Failed to access process -> IAStorDataMgrSvc.exe
Failed to access process -> RIconMan.exe
Failed to access process -> IntelMeFWService.exe
Failed to access process -> LMS.exe
Failed to access process -> UNS.exe
Failed to access process -> wmpnetwk.exe
(Farbar) C:\Users\WoJa\Desktop\FRST64 (1).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13513288 2013-03-29] (Realtek Semiconductor)
HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [764032 2012-08-10] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-08-10] (Atheros Communications)
HKLM\...\Run: [lxebmon.exe] => C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe [772712 2013-01-23] ()
HKLM\...\Run: [EzPrint] => C:\Program Files (x86)\Lexmark Pro200-S500 Series\ezprint.exe [150264 2013-01-23] ()
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2930488 2012-09-21] (Synaptics Incorporated)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [tvncontrol] => C:\Program Files\TightVNC\tvnserver.exe [2179056 2013-07-19] (GlavSoft LLC.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-11-19] (Intel Corporation)
HKLM-x32\...\Run: [ATLauncher] => C:\Program Files\McAfee\MSC\OOBE\ATLauncher.exe [488120 2012-08-08] (McAfee, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491632 2012-09-26] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [258576 2012-10-22] (CyberLink Corp.)
HKLM-x32\...\Run: [Ulead AutoDetector v2] => C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\monitor.exe [90112 2006-11-29] (Ulead Systems, Inc.)
HKLM-x32\...\Run: [FreePDF Assistant] => C:\Program Files (x86)\FreePDF_XP\fpassist.exe [373760 2014-03-18] (shbox.de)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-16] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SHIWebOnDiskManager] => C:\Program Files (x86)\SHIWebOnDiskManager\SHIWebOnDiskManager.exe [245760 2013-09-03] (SHI Elektronische Medien GmbH)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [182352 2014-05-05] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2024800 2014-06-04] (Wondershare)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => "E:\KeePass Password Safe 2\KeePass.exe" --preload
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3381209366-1052480604-4067403755-1005\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23308256 2015-01-15] (Google)
HKU\S-1-5-21-3381209366-1052480604-4067403755-1005\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-3381209366-1052480604-4067403755-1005\...\Run: [GoogleChromeAutoLaunch_A8E54B6D2916471B1ADD0C74BB18AB2B] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-02-04] (Google Inc.)
HKU\S-1-5-21-3381209366-1052480604-4067403755-1005\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)
Startup: C:\Users\WoJa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\WoJa\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\WoJa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sidebar969.lnk
ShortcutTarget: Sidebar969.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
Startup: C:\Users\WoJa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet Pro 8600 (Netzwerk).lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Officejet Pro 8600 (Netzwerk).lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:53928;https=127.0.0.1:53928
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3381209366-1052480604-4067403755-1005\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://localoem.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3381209366-1052480604-4067403755-1005 -> {5A0DEF8F-41B3-443D-A2C0-BD3EF82F751D} URL =
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\WoJa\AppData\Roaming\Mozilla\Firefox\Profiles\rzup2k9o.default
FF NewTab: www.google.de
FF SearchEngineOrder.1: SuchMaschine
FF Homepage: https://www.google.de/?gws_rd=ssl
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\WoJa\AppData\Roaming\Mozilla\Firefox\Profiles\rzup2k9o.default\searchplugins\search_engine.xml
FF Extension: German Dictionary - C:\Users\WoJa\AppData\Roaming\Mozilla\Firefox\Profiles\rzup2k9o.default\Extensions\de-DE@dictionaries.addons.mozilla.org [2014-06-08]
FF Extension: Move Media Player - C:\Users\WoJa\AppData\Roaming\Mozilla\Firefox\Profiles\rzup2k9o.default\Extensions\moveplayer@movenetworks.com [2014-03-21]
FF Extension: No Name - C:\Users\WoJa\AppData\Roaming\Mozilla\Firefox\Profiles\rzup2k9o.default\Extensions\nostmp [2014-03-21]
FF Extension: Cooliris - C:\Users\WoJa\AppData\Roaming\Mozilla\Firefox\Profiles\rzup2k9o.default\Extensions\piclens@cooliris.com [2014-03-21]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\WoJa\AppData\Roaming\Mozilla\Firefox\Profiles\rzup2k9o.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2014-03-21]
FF Extension: Flagfox - C:\Users\WoJa\AppData\Roaming\Mozilla\Firefox\Profiles\rzup2k9o.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2014-03-21]
FF Extension: Positive Finds - C:\Users\WoJa\AppData\Roaming\Mozilla\Firefox\Profiles\rzup2k9o.default\Extensions\{7084813e-70d5-4251-9d2b-03bda4f44792}.xpi [2015-02-09]
FF Extension: Adblock Plus - C:\Users\WoJa\AppData\Roaming\Mozilla\Firefox\Profiles\rzup2k9o.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-21]
FF Extension: Tab Mix Plus - C:\Users\WoJa\AppData\Roaming\Mozilla\Firefox\Profiles\rzup2k9o.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2014-10-16]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.de/
CHR StartupUrls: Default -> "hxxp://www.google.de/"
CHR DefaultSearchKeyword: Default -> google.com_
CHR DefaultSearchURL: Default -> hxxp://www.google.com/search?q={searchTerms}&ie=utf-8&oe=utf-8&aq=t
CHR DefaultSuggestURL: Default -> hxxp://suggestqueries.google.com/complete/search?q={searchTerms}
CHR Profile: C:\Users\WoJa\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\WoJa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-24]
CHR Extension: (Google Drive) - C:\Users\WoJa\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-24]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\WoJa\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-07]
CHR Extension: (YouTube) - C:\Users\WoJa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-24]
CHR Extension: (GCVote) - C:\Users\WoJa\AppData\Local\Google\Chrome\User Data\Default\Extensions\boingbkmoapffongfpcancmephhnmehp [2014-06-24]
CHR Extension: (Google-Suche) - C:\Users\WoJa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-24]
CHR Extension: (Avira Browserschutz) - C:\Users\WoJa\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-06-24]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\WoJa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-08]
CHR Extension: (Google Wallet) - C:\Users\WoJa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-24]
CHR Extension: (Google Mail) - C:\Users\WoJa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-24]
CHR HKU\S-1-5-21-3381209366-1052480604-4067403755-1005\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 ASLDRService; C:\Program Files (x86)\PHotkey\ASLDRSrv.exe [104968 2009-12-18] ()
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [211584 2012-08-10] (Qualcomm Atheros Commnucations)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [124496 2014-05-05] (Avira Operations GmbH & Co. KG)
R2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2014-11-18] (Ellora Assets Corp.) [File not signed]
R2 GFNEXSrv; C:\Program Files (x86)\PHotkey\GFNEXSrv.exe [156672 2011-10-13] () [File not signed]
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2464400 2013-05-08] (Realsil Microelectronics Inc.)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-09-18] (Intel Corporation)
R2 irstrtsv; C:\windows\SysWOW64\irstrtsv.exe [668984 2013-04-24] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-09-18] (Intel Corporation)
R2 lmhosts; C:\Windows\system32\svchost.exe [37768 2013-08-22] (Microsoft Corporation)
R2 lmhosts; C:\Windows\SysWOW64\svchost.exe [31552 2013-08-22] (Microsoft Corporation)
S2 lxebCATSCustConnectService; C:\windows\system32\spool\DRIVERS\x64\3\\lxebserv.exe [45736 2010-04-14] (Lexmark International, Inc.)
S3 McAWFwk; C:\Program Files\McAfee\MSC\McAWFwk.exe [332080 2012-01-26] (McAfee, Inc.)
S2 McOobeSv2; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [219832 2012-06-17] (McAfee, Inc.)
R2 NlaSvc; C:\Windows\System32\svchost.exe [37768 2013-08-22] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\SysWOW64\svchost.exe [31552 2013-08-22] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [37768 2013-08-22] (Microsoft Corporation)
R2 nsi; C:\Windows\SysWOW64\svchost.exe [31552 2013-08-22] (Microsoft Corporation)
R2 tvnserver; C:\Program Files\TightVNC\tvnserver.exe [2179056 2013-07-19] (GlavSoft LLC.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-08-10] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131608 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-08-10] (Qualcomm Atheros)
R3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [131584 2013-08-22] (Microsoft Corporation)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2013-04-24] (Intel Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)
S3 Pcan_usb; C:\Windows\System32\drivers\PCAN_USB.SYS [100864 2012-01-24] (PEAK-System Technik GmbH, Darmstadt, Germany)
R2 PEGAGFN; C:\Program Files (x86)\PHotkey\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-09-21] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [44344 2012-09-21] (Synaptics Incorporated)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-11 21:10 - 2015-02-11 21:11 - 00026188 _____ () C:\Users\WoJa\Desktop\FRST.txt
2015-02-11 20:48 - 2015-02-11 20:48 - 02112512 _____ () C:\Users\WoJa\Desktop\AdwCleaner_4.110.exe
2015-02-11 20:46 - 2015-02-11 20:46 - 02134016 _____ (Farbar) C:\Users\WoJa\Desktop\FRST64 (1).exe
2015-02-10 10:51 - 2015-02-10 10:52 - 33703656 _____ (Any-Video-Converter.com ) C:\Users\WoJa\Downloads\avc-577free(1).exe
2015-02-09 20:56 - 2015-02-09 23:28 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-02-09 20:56 - 2015-02-09 20:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-09 20:56 - 2015-02-09 20:56 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-09 20:56 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-02-09 20:56 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-02-09 20:56 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-02-09 19:46 - 2015-02-09 23:46 - 00002236 _____ () C:\WINDOWS\PFRO.log
2015-02-09 19:44 - 2015-02-11 21:00 - 00000000 ____D () C:\AdwCleaner
2015-02-09 19:35 - 2015-02-09 19:35 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-02-09 18:38 - 2015-02-11 21:11 - 00000000 ____D () C:\FRST
2015-02-09 18:38 - 2015-02-09 18:39 - 00045314 _____ () C:\Users\WoJa\Downloads\FRST.txt
2015-02-09 18:38 - 2015-02-09 18:38 - 00024874 _____ () C:\Users\WoJa\Downloads\Addition.txt
2015-02-09 18:36 - 2015-02-09 18:37 - 02132992 _____ (Farbar) C:\Users\WoJa\Downloads\FRST64.exe
2015-02-09 12:24 - 2015-02-09 12:53 - 00000000 ____D () C:\Users\WoJa\Desktop\Video
2015-02-09 12:22 - 2015-02-09 12:22 - 00000000 ____D () C:\Users\WoJa\Documents\Any Video Converter
2015-02-09 12:22 - 2015-02-09 12:22 - 00000000 ____D () C:\Users\WoJa\AppData\Roaming\Anvsoft
2015-02-09 12:20 - 2015-02-09 12:21 - 33703656 _____ (Any-Video-Converter.com ) C:\Users\WoJa\Downloads\avc-577free.exe
2015-02-09 12:14 - 2015-02-09 12:15 - 00000000 ____D () C:\Users\WoJa\Desktop\Polizeihubschrauber_mit_Norbert_2014
2015-02-08 12:12 - 2015-02-08 12:12 - 00055311 _____ () C:\Users\WoJa\Desktop\default.html
2015-02-08 08:48 - 2015-02-08 08:48 - 00000000 ____D () C:\Users\WoJa\AppData\Local\IsolatedStorage
2015-02-08 08:31 - 2015-02-08 09:52 - 00000000 ____D () C:\Users\WoJa\Desktop\Bearbeitung
2015-02-07 15:29 - 2015-02-11 21:08 - 00006477 _____ () C:\WINDOWS\setupact.log
2015-02-07 15:29 - 2015-02-07 15:29 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-02-07 13:09 - 2015-02-07 13:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UseNeXT
2015-02-07 13:09 - 2015-02-07 13:09 - 00000000 ____D () C:\Program Files (x86)\UseNeXT
2015-02-07 13:04 - 2015-02-07 13:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-02-07 13:04 - 2015-02-07 13:04 - 00000000 ____D () C:\Program Files\CCleaner
2015-02-07 12:55 - 2015-02-07 12:55 - 05270008 _____ (Tangysoft Ltd. ) C:\Users\WoJa\Downloads\UseNeXTSetup_5.64(1).exe
2015-02-07 12:35 - 2015-02-07 12:35 - 00000000 __SHD () C:\Users\WoJa\AppData\Local\EmieBrowserModeList
2015-02-06 19:52 - 2015-02-06 19:52 - 00000000 ____D () C:\Program Files (x86)\Avanquest update
2015-02-03 17:48 - 2015-02-04 12:09 - 00000581 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePass 2.lnk
2015-02-03 17:44 - 2015-02-03 17:44 - 02536151 _____ (Dominik Reichl ) C:\Users\WoJa\Downloads\KeePass-2.28-Setup.exe
2015-01-28 16:37 - 2015-01-28 16:37 - 05270008 _____ (Tangysoft Ltd. ) C:\Users\WoJa\Downloads\UseNeXTSetup_5.64.exe
2015-01-28 09:04 - 2015-01-28 09:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-28 08:51 - 2015-01-28 08:51 - 03980064 _____ (TeamViewer) C:\Users\WoJa\Downloads\teamviewer.exe
2015-01-27 10:52 - 2015-01-27 11:03 - 00104145 _____ () C:\Users\WoJa\Desktop\Wiegeprotokoll_3_3_7.xlsx
2015-01-26 20:49 - 2015-01-26 20:49 - 00000000 ___SD () C:\Users\WoJa\Documents\Meine Datenquellen
2015-01-25 17:38 - 2015-02-08 08:48 - 00000000 ____D () C:\Users\WoJa\AppData\Local\Photo Explosion
2015-01-25 17:38 - 2015-01-25 17:38 - 00000125 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2015-01-25 16:56 - 2015-01-25 16:56 - 01525048 _____ (Avanquest Software) C:\Users\WoJa\Downloads\InPixioPhotoFocus3.0_DM.exe
2015-01-25 16:36 - 2015-01-25 16:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avanquest
2015-01-25 16:32 - 2015-01-25 16:35 - 86216328 _____ (Avanquest Software) C:\Users\WoJa\Downloads\Ausschneiden_2.0.3.exe
2015-01-25 16:28 - 2015-02-06 19:54 - 00000000 ____D () C:\Users\K L S K\AppData\Local\Avanquest
2015-01-25 16:26 - 2015-01-25 16:28 - 00000000 ____D () C:\Users\K L S K\AppData\Local\NGPR
2015-01-25 16:26 - 2015-01-25 16:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InPixio Photo Maximizer
2015-01-25 16:26 - 2015-01-25 16:26 - 00000000 ____D () C:\Program Files (x86)\InPixio Photo Maximizer
2015-01-25 16:15 - 2015-02-07 11:56 - 00000000 ____D () C:\Users\WoJa\AppData\Local\NGPR
2015-01-25 16:15 - 2015-01-25 17:39 - 00000000 ____D () C:\Users\WoJa\AppData\Local\Avanquest
2015-01-25 16:14 - 2015-02-06 19:52 - 00000000 ____D () C:\ProgramData\Avanquest
2015-01-25 16:14 - 2015-01-25 16:58 - 00000000 ____D () C:\Users\Public\Documents\Avanquest Software
2015-01-25 16:14 - 2015-01-25 16:58 - 00000000 ____D () C:\ProgramData\Configuration
2015-01-25 16:14 - 2015-01-25 16:14 - 00000000 ____D () C:\ProgramData\Avanquest Software
2015-01-25 16:10 - 2015-01-25 17:12 - 00000000 ___RD () C:\Users\WoJa\Desktop\Fotobearbeitung
2015-01-25 16:08 - 2015-01-25 16:10 - 42955192 _____ (Avanquest Software) C:\Users\WoJa\Downloads\InPixio_Photo_Maximizer_MLT.exe
2015-01-25 15:35 - 2015-01-25 16:58 - 00000000 ____D () C:\Program Files (x86)\Avanquest
2015-01-25 15:35 - 2015-01-25 15:35 - 01841528 _____ (Avanquest Software) C:\Users\WoJa\Downloads\Foto-Software_Ausschneiden_DE_FT.exe
2015-01-25 14:54 - 2015-01-25 14:54 - 00000000 ____D () C:\ProgramData\PDFEditor
2015-01-25 14:54 - 2015-01-25 14:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2015-01-25 14:54 - 2014-12-16 21:10 - 00096328 _____ (Wondershare Software) C:\WINDOWS\system32\WSMonEditor.dll
2015-01-23 14:34 - 2015-01-23 14:34 - 00020992 _____ () C:\Users\WoJa\Desktop\7,49.ufo
2015-01-17 09:24 - 2015-01-17 09:27 - 00000000 ____D () C:\Users\WoJa\Desktop\Weiterb._GWS_01_2015
2015-01-16 08:25 - 2015-01-16 10:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-01-16 06:45 - 2015-02-11 21:09 - 00000000 ___RD () C:\Users\WoJa\Dropbox
2015-01-16 06:45 - 2015-01-16 06:45 - 00000000 ____D () C:\Users\WoJa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-01-16 06:44 - 2015-02-11 21:09 - 00000000 ____D () C:\Users\WoJa\AppData\Roaming\Dropbox
2015-01-16 06:44 - 2015-01-16 06:45 - 00000000 ____D () C:\Users\K L S K\AppData\Roaming\Dropbox
2015-01-16 06:43 - 2015-01-16 06:43 - 00324136 _____ (Dropbox, Inc.) C:\Users\WoJa\Downloads\DropboxInstaller.exe
2015-01-15 19:35 - 2015-01-15 19:35 - 00201803 _____ () C:\Users\WoJa\Downloads\Dropbox.zip
2015-01-15 19:31 - 2015-01-16 06:45 - 00000000 ____D () C:\Users\WoJa\Desktop\Gollmer
2015-01-14 11:06 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-01-14 11:06 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-01-14 11:06 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-01-14 11:06 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-01-14 11:06 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-01-14 11:06 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-01-14 11:06 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-01-14 11:06 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-01-14 11:06 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-01-14 11:06 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-01-14 11:06 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-01-14 11:06 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-01-14 11:06 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-01-14 11:06 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-01-14 11:06 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-01-14 11:06 - 2014-10-29 05:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2015-01-14 11:06 - 2014-10-29 05:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2015-01-14 11:06 - 2014-10-29 04:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-01-14 11:06 - 2014-10-29 04:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-01-14 11:06 - 2014-10-29 04:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2015-01-14 11:06 - 2014-10-29 04:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2015-01-14 11:06 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2015-01-14 11:06 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2015-01-14 11:06 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-01-14 11:06 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-01-14 11:06 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2015-01-14 11:06 - 2014-10-29 03:44 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-01-14 11:06 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2015-01-14 11:06 - 2014-10-29 02:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2015-01-14 11:06 - 2014-10-29 02:02 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-01-14 11:06 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll
2015-01-13 17:15 - 2015-01-30 19:47 - 00000000 ____D () C:\Users\WoJa\Desktop\Schulter-OP

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-11 21:09 - 2014-03-31 16:06 - 00000000 ____D () C:\Users\WoJa\AppData\Local\FreePDF_XP
2015-02-11 21:09 - 2014-03-21 14:23 - 00000000 ____D () C:\Users\WoJa\Documents\Youcam
2015-02-11 21:09 - 2014-03-21 13:39 - 01225925 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-11 21:08 - 2014-03-24 06:46 - 00000000 ___RD () C:\Users\WoJa\Google Drive
2015-02-11 21:08 - 2014-03-24 06:44 - 00001142 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-11 21:08 - 2014-03-21 14:22 - 00000000 __RDO () C:\Users\WoJa\SkyDrive
2015-02-11 21:08 - 2014-03-21 14:19 - 00699349 _____ () C:\ProgramData\lxeb.log
2015-02-11 21:08 - 2014-03-21 11:05 - 00099402 _____ () C:\ProgramData\lxebscan.log
2015-02-11 21:08 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-11 21:08 - 2013-05-13 13:44 - 00000868 _____ () C:\WINDOWS\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2015-02-11 21:07 - 2013-11-14 08:26 - 01780340 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-02-11 21:07 - 2013-11-14 08:11 - 00766620 _____ () C:\WINDOWS\system32\perfh007.dat
2015-02-11 21:07 - 2013-11-14 08:11 - 00159902 _____ () C:\WINDOWS\system32\perfc007.dat
2015-02-11 21:01 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-02-11 20:45 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-02-11 20:41 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-02-10 21:21 - 2014-07-17 13:57 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-02-10 21:21 - 2014-03-24 06:44 - 00001146 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-10 19:16 - 2014-03-22 16:21 - 02079232 ___SH () C:\Users\WoJa\Desktop\Thumbs.db
2015-02-10 12:46 - 2014-04-29 12:40 - 00000000 ____D () C:\Users\WoJa\Documents\Outlook-Dateien
2015-02-10 12:22 - 2013-05-13 13:44 - 00000870 _____ () C:\WINDOWS\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2015-02-09 12:21 - 2014-06-15 20:07 - 00000000 ____D () C:\Users\K L S K\AppData\Roaming\AnvSoft
2015-02-09 11:07 - 2014-04-20 16:56 - 00000000 ____D () C:\Users\WoJa\AppData\Roaming\UseNeXT
2015-02-09 10:45 - 2014-05-15 15:47 - 00000000 ____D () C:\Users\WoJa\AppData\Roaming\vlc
2015-02-07 13:50 - 2014-03-29 13:47 - 00000000 ____D () C:\Users\WoJa\AppData\Roaming\AIMP3
2015-02-07 13:04 - 2014-03-21 20:46 - 00000000 ____D () C:\WINDOWS\Minidump
2015-02-07 13:04 - 2014-03-21 13:33 - 00000000 ___DC () C:\WINDOWS\Panther
2015-02-07 12:31 - 2014-11-06 20:27 - 00000000 ____D () C:\Users\WoJa\Desktop\Spenner
2015-02-07 11:52 - 2014-03-21 14:22 - 00000000 ____D () C:\Users\WoJa\AppData\Local\VirtualStore
2015-02-07 10:56 - 2014-11-27 06:16 - 00272296 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2015-02-07 10:56 - 2014-11-27 06:15 - 00176552 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2015-02-07 10:56 - 2014-11-27 06:15 - 00176552 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2015-02-07 10:56 - 2014-11-27 06:15 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-02-07 10:56 - 2014-11-27 06:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-02-07 10:56 - 2014-11-27 06:15 - 00000000 ____D () C:\Program Files (x86)\Java
2015-02-07 10:56 - 2014-09-27 07:20 - 00000000 ____D () C:\ProgramData\Oracle
2015-02-07 10:55 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\LiveKernelReports
2015-02-06 19:52 - 2013-05-13 13:56 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-02-04 12:11 - 2014-03-27 21:50 - 00000000 ____D () C:\Users\WoJa\AppData\Roaming\KeePass
2015-02-03 20:31 - 2013-08-22 16:38 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-02-03 20:31 - 2013-08-22 16:38 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-31 11:39 - 2014-03-21 11:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-30 18:32 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-01-29 17:58 - 2014-05-16 20:33 - 00000000 ___RD () C:\Users\WoJa\Desktop\Schulungen
2015-01-28 14:17 - 2014-03-24 06:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-01-28 08:51 - 2014-09-22 19:10 - 00000000 ____D () C:\Users\WoJa\AppData\Roaming\TeamViewer
2015-01-27 15:36 - 2013-08-22 15:44 - 00511368 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-01-25 16:58 - 2014-03-27 20:28 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-23 11:24 - 2014-12-16 19:44 - 00000000 ____D () C:\Users\WoJa\Desktop\Steuern
2015-01-19 13:08 - 2013-12-13 10:38 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-01-19 13:05 - 2013-04-11 08:30 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-01-16 11:38 - 2014-03-21 11:06 - 00000000 ____D () C:\ProgramData\Lx_cats
2015-01-16 06:45 - 2014-03-21 13:37 - 00000000 ____D () C:\Users\WoJa

==================== Files in the root of some directories =======

2014-05-16 20:44 - 2014-12-10 07:53 - 0005120 _____ () C:\Users\WoJa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-06-13 19:51 - 2014-06-13 19:51 - 0000057 _____ () C:\ProgramData\Ament.ini
2014-03-21 11:09 - 2014-03-21 11:09 - 0000252 _____ () C:\ProgramData\FastPics.log
2014-03-21 14:19 - 2015-02-11 21:08 - 0699349 _____ () C:\ProgramData\lxeb.log
2014-04-19 19:01 - 2014-07-02 10:19 - 0000309 _____ () C:\ProgramData\lxebDiagnostics.log
2014-03-21 11:08 - 2014-06-12 11:20 - 0097172 _____ () C:\ProgramData\lxebJSW.log
2014-03-21 11:05 - 2015-02-11 21:08 - 0099402 _____ () C:\ProgramData\lxebscan.log
2015-01-25 17:38 - 2015-01-25 17:38 - 0000125 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2014-03-21 11:04 - 2014-03-21 11:04 - 0000000 _____ () C:\ProgramData\UpdaterLog.txt
2013-12-13 09:24 - 2013-12-13 09:25 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2013-12-13 09:22 - 2013-12-13 09:23 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2013-12-13 09:23 - 2013-12-13 09:24 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log

Some content of TEMP:
====================
C:\Users\WoJa\AppData\Local\Temp\avgnt.exe
C:\Users\WoJa\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpb3c2uj.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================
--- --- ---


Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-02-2015 02
Ran by WoJa at 2015-02-11 21:11:27
Running from C:\Users\WoJa\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

8GadgetPack (HKLM-x32\...\{32A7C3B0-E5C3-4913-B1F2-49FE860FAA5E}) (Version: 11.0.0 - Helmut Buhler)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10)  MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AIMP3 (HKLM-x32\...\AIMP3) (Version: v3.55.1345, 26.03.2014 - AIMP DevTeam)
Any Video Converter 5.7.7 (HKLM-x32\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avanquest message (HKLM-x32\...\{20573C69-4A68-4BEF-A23D-365CB66924CD}) (Version: 1.03.0 - Avanquest Software)
Avanquest update (HKLM-x32\...\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}) (Version: 1.34 - Avanquest Software)
Avery Wizard 5.0 (HKLM-x32\...\{FC3B3A5D-7058-4627-9F1E-F95CC38B6054}) (Version: 5.0.5 - Avery)
Avira (HKLM-x32\...\{70a79d1f-686d-4d5c-962b-07aa1294eae0}) (Version: 1.1.12.20002 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.12.20002 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
CyberLink YouCam 5 (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.2219 - CyberLink Corp.)
Disketch CD-Beschriftungssoftware (HKU\S-1-5-21-3381209366-1052480604-4067403755-1005\...\Disketch) (Version: 3.09 - NCH Software)
dm-Fotowelt (HKLM-x32\...\dm-Fotowelt) (Version: 5.1.5 - CEWE Stiftung u Co. KGaA)
Dropbox (HKU\S-1-5-21-3381209366-1052480604-4067403755-1005\...\Dropbox) (Version: 3.0.5 - Dropbox, Inc.)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 15.3.20141106 - Landesfinanzdirektion Thüringen)
Free FLV Converter V 7.6.1 (HKLM-x32\...\Free FLV Converter_is1) (Version: 7.6.1.0 - Koyote Lab Inc.)
Free YouTube Download version 3.2.49.1111 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.49.1111 - DVDVideoSoft Ltd.)
Freemake Video Downloader (HKLM-x32\...\Freemake Video Downloader_is1) (Version: 3.7.1 - Ellora Assets Corporation)
FreePDF (Remove only) (HKLM-x32\...\FreePDF_XP) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)
Google Drive (HKLM-x32\...\{65EACBB4-B0B8-4A5B-AE46-22DBE15C70B5}) (Version: 1.19.8406.6504 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.07) (Version: 9.07 - Artifex Software Inc.)
HAENNI EC 200 - 2.5.1 (HKLM-x32\...\"EC 200"_is1) (Version:  - HAENNI Instruments Inc.)
HP Officejet Pro 8600 - Grundlegende Software für das Gerät (HKLM\...\{D2D05FDB-4EDA-462D-8DB6-E0B9AD4FA25F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
InPixio Photo (HKLM-x32\...\{5F0C0CD8-77B1-4C3E-9F01-5AF10D85DBB4}) (Version: 6.03.0 - Avanquest Software)
InPixio Photo Focus (HKLM-x32\...\{D7DF4A1C-F5CD-49F6-927E-12E6A8EF4174}) (Version: 3.01.0 - Avanquest Software)
InPixio Photo Maximizer (HKLM-x32\...\{33DB8C17-40C9-4629-B6D4-05A4C7E8AA86}) (Version: 2.0.25799 - Avanquest Software)
InstaCards (HKLM-x32\...\{58259C24-7B5E-4977-93B0-E9EEA1B884CE}) (Version: 1.5.0 - Avanquest Software)
Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.36354 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation)
Intel(R) Rapid Start Technology (HKLM-x32\...\{3D073343-CEEB-4ce7-85AC-A69A7631B5D6}) (Version: 3.0.0.1008 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.7.0.1013 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
KeePass Password Safe 2.28 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.28 - Dominik Reichl)
Lexmark Pro200-S500 Series (HKLM\...\Lexmark Pro200-S500 Series) (Version:  - Lexmark International, Inc.)
LVP v4.0 (HKLM-x32\...\LVP v4.0) (Version: 4.0 - )
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mein CEWE FOTOBUCH (HKLM-x32\...\Mein CEWE FOTOBUCH) (Version: 5.1.5 - CEWE Stiftung u Co. KGaA)
Microsoft Expression Web 4 (HKLM-x32\...\Web_4.0.1460.0) (Version: 4.0.1460.0 - Microsoft Corporation)
Microsoft Image Composer 1.5 (HKLM-x32\...\Image Composer) (Version:  - )
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version:  - Pavel Cvrcek)
Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 31.4.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.4.0 (x86 de)) (Version: 31.4.0 - Mozilla)
MyDriveConnect 3.3.0.1756 (HKLM-x32\...\MyDriveConnect) (Version: 3.3.0.1756 - TomTom)
PEAK OEM-Treiber (HKLM-x32\...\PEAK OEM-Treiber) (Version: 3.8.02.10146 - PEAK-System Technik GmbH)
PHotkey (HKLM-x32\...\{E50C224A-BBF2-428D-9DCF-DBF9DF85C40E}) (Version: 1.00.0069 - Pegatron Corporation)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.206 - Ihr Firmenname)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6873 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.2.8400.30143 - Realtek Semiconductor Corp.)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: 1.90 - Ghostgum Software Pty Ltd)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.16.0 - Synaptics Incorporated)
TightVNC (HKLM\...\{D2372F87-7DA2-47F7-A102-AF2181B8EAA2}) (Version: 2.7.10.0 - GlavSoft LLC.)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.51a - Ghisler Software GmbH)
Ulead PhotoImpact 12 (HKLM-x32\...\{11AFE21E-B193-430D-B57A-DFF7815BB962}) (Version: 12.0 - Ulead System)
UnderCoverXP 1.23 (HKLM-x32\...\UnderCoverXP_is1) (Version:  - Wicked & Wild Inc.)
UseNeXT by Tangysoft (HKLM-x32\...\UseNeXT by Tangysoft_is1) (Version:  - Tangysoft Ltd.)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player 2.1.4 (HKLM\...\VLC media player) (Version: 2.1.4 - VideoLAN)
WEKA Ladungssicherung in der Praxis September 2013 (HKLM-x32\...\WEKA LADUNGSSICHERUNG IN DER PRAXIS SEPTEMBER 2013) (Version: September 2013 - WEKA)
Windows Driver Package - FTDI CDM Driver Package - Bus/D2XX Driver (01/18/2013 2.08.28) (HKLM\...\9E24492CE9279512BD465F61DB8523641BB7BBFC) (Version: 01/18/2013 2.08.28 - FTDI)
Windows Driver Package - FTDI CDM Driver Package - VCP Driver (01/18/2013 2.08.28) (HKLM\...\E61B77ECE57113AE1CA028BC7A8AD6C137BD13DD) (Version: 01/18/2013 2.08.28 - FTDI)
Windows Mobile-Gerätecenter (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR 5.11 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
WISO EÜR & Kasse 2014 (HKLM-x32\...\{50320153-AE64-4CBB-B5FC-73C5C22B545D}) (Version: 21.01.8499 - Buhl Data Service GmbH)
WISO EÜR & Kasse 2015 (HKLM-x32\...\{A6981B8B-FDEF-4BB4-917D-1CFFACEA241F}) (Version: 22.01.8841 - Buhl Data Service GmbH)
Wondershare PDFelement(Build 4.0.0) (HKLM-x32\...\{75BAE677-F65A-45A4-9931-363FE0CF5E58}_is1) (Version: 4.0.0.3 - Wondershare Software Co.,Ltd.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

ATTENTION: System Restore is disabled.
Check "winmgmt" service or repair WMI.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => ?
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => ?
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => ?
Task: C:\WINDOWS\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => ?
Task: C:\WINDOWS\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => ?
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => ?

==================== Loaded Modules (whitelisted) ==============

2014-10-18 09:54 - 2014-10-18 09:54 - 01782784 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.App640a3541#\3f4dc590466037f015f65bc07d1ea923\Windows.ApplicationModel.ni.dll
2012-04-16 13:45 - 2012-04-16 13:45 - 00119808 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\updateui.exe
2013-05-13 14:15 - 2012-01-12 16:58 - 00477696 _____ () C:\Program Files (x86)\PHotkey\PVDAgent.exe
2014-01-25 02:22 - 2014-01-25 02:22 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-08-10 17:28 - 2012-08-10 17:28 - 00384128 _____ () C:\Program Files (x86)\Bluetooth Suite\ContactsApi.dll
2012-08-10 17:23 - 2012-08-10 17:23 - 00020992 _____ () C:\Program Files (x86)\Bluetooth Suite\L10n\de-DE\BtTray.de-DE.dll
2014-03-21 11:04 - 2013-01-23 13:29 - 00772712 _____ () C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe
2014-03-21 11:04 - 2013-01-23 13:29 - 00150264 _____ () C:\Program Files (x86)\Lexmark Pro200-S500 Series\ezprint.exe

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\WoJa\SkyDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3381209366-1052480604-4067403755-1005\Control Panel\Desktop\\Wallpaper -> C:\Users\WoJa\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-3381209366-1052480604-4067403755-500 - Administrator - Disabled)
Gast (S-1-5-21-3381209366-1052480604-4067403755-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3381209366-1052480604-4067403755-1007 - Limited - Enabled)
K L S K (S-1-5-21-3381209366-1052480604-4067403755-1008 - Administrator - Enabled) => C:\Users\K L S K
WoJa (S-1-5-21-3381209366-1052480604-4067403755-1005 - Limited - Enabled) => C:\Users\WoJa
Wolfgang (S-1-5-21-3381209366-1052480604-4067403755-1001 - Administrator - Enabled) => C:\Users\Wolfgang

==================== Faulty Device Manager Devices =============

Name: Bluetooth Audio Device
Description: Bluetooth Audio Device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Qualcomm Atheros Communications
Service: BTATH_A2DP
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Virtual Bluetooth Support (Include Audio)
Description: Virtual Bluetooth Support (Include Audio)
Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Manufacturer: Qualcomm Atheros Communications
Service: AthBTPort
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Bluetooth LWFLT Device
Description: Bluetooth LWFLT Device
Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Manufacturer: Qualcomm Atheros Communications
Service: BTATH_LWFLT
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


==================== Event log errors: =========================

Application errors:
==================
Error: (02/11/2015 09:09:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: BtvStack.exe, Version: 8.0.0.206, Zeitstempel: 0x5024e144
Name des fehlerhaften Moduls: audio.dll, Version: 8.0.0.206, Zeitstempel: 0x5024e1aa
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000001ae08
ID des fehlerhaften Prozesses: 0x1150
Startzeit der fehlerhaften Anwendung: 0xBtvStack.exe0
Pfad der fehlerhaften Anwendung: BtvStack.exe1
Pfad des fehlerhaften Moduls: BtvStack.exe2
Berichtskennung: BtvStack.exe3
Vollständiger Name des fehlerhaften Pakets: BtvStack.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: BtvStack.exe5

Error: (02/11/2015 09:03:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: BtvStack.exe, Version: 8.0.0.206, Zeitstempel: 0x5024e144
Name des fehlerhaften Moduls: audio.dll, Version: 8.0.0.206, Zeitstempel: 0x5024e1aa
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000001ae08
ID des fehlerhaften Prozesses: 0x52c
Startzeit der fehlerhaften Anwendung: 0xBtvStack.exe0
Pfad der fehlerhaften Anwendung: BtvStack.exe1
Pfad des fehlerhaften Moduls: BtvStack.exe2
Berichtskennung: BtvStack.exe3
Vollständiger Name des fehlerhaften Pakets: BtvStack.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: BtvStack.exe5

Error: (02/11/2015 08:46:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: BtvStack.exe, Version: 8.0.0.206, Zeitstempel: 0x5024e144
Name des fehlerhaften Moduls: audio.dll, Version: 8.0.0.206, Zeitstempel: 0x5024e1aa
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000001ae08
ID des fehlerhaften Prozesses: 0x1184
Startzeit der fehlerhaften Anwendung: 0xBtvStack.exe0
Pfad der fehlerhaften Anwendung: BtvStack.exe1
Pfad des fehlerhaften Moduls: BtvStack.exe2
Berichtskennung: BtvStack.exe3
Vollständiger Name des fehlerhaften Pakets: BtvStack.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: BtvStack.exe5

Error: (02/11/2015 08:42:27 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT-AUTORITÄT)
Description: There was an error with the Windows Location Provider database

Error: (02/10/2015 10:41:30 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: BtvStack.exe, Version: 8.0.0.206, Zeitstempel: 0x5024e144
Name des fehlerhaften Moduls: audio.dll, Version: 8.0.0.206, Zeitstempel: 0x5024e1aa
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000001ae08
ID des fehlerhaften Prozesses: 0xc18
Startzeit der fehlerhaften Anwendung: 0xBtvStack.exe0
Pfad der fehlerhaften Anwendung: BtvStack.exe1
Pfad des fehlerhaften Moduls: BtvStack.exe2
Berichtskennung: BtvStack.exe3
Vollständiger Name des fehlerhaften Pakets: BtvStack.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: BtvStack.exe5

Error: (02/10/2015 09:42:29 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: BtvStack.exe, Version: 8.0.0.206, Zeitstempel: 0x5024e144
Name des fehlerhaften Moduls: audio.dll, Version: 8.0.0.206, Zeitstempel: 0x5024e1aa
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000001ae08
ID des fehlerhaften Prozesses: 0x13b4
Startzeit der fehlerhaften Anwendung: 0xBtvStack.exe0
Pfad der fehlerhaften Anwendung: BtvStack.exe1
Pfad des fehlerhaften Moduls: BtvStack.exe2
Berichtskennung: BtvStack.exe3
Vollständiger Name des fehlerhaften Pakets: BtvStack.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: BtvStack.exe5

Error: (02/10/2015 07:35:42 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (02/10/2015 07:16:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: BtvStack.exe, Version: 8.0.0.206, Zeitstempel: 0x5024e144
Name des fehlerhaften Moduls: audio.dll, Version: 8.0.0.206, Zeitstempel: 0x5024e1aa
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000001ae08
ID des fehlerhaften Prozesses: 0xe98
Startzeit der fehlerhaften Anwendung: 0xBtvStack.exe0
Pfad der fehlerhaften Anwendung: BtvStack.exe1
Pfad des fehlerhaften Moduls: BtvStack.exe2
Berichtskennung: BtvStack.exe3
Vollständiger Name des fehlerhaften Pakets: BtvStack.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: BtvStack.exe5

Error: (02/09/2015 11:47:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: BtvStack.exe, Version: 8.0.0.206, Zeitstempel: 0x5024e144
Name des fehlerhaften Moduls: audio.dll, Version: 8.0.0.206, Zeitstempel: 0x5024e1aa
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000001ae08
ID des fehlerhaften Prozesses: 0x1520
Startzeit der fehlerhaften Anwendung: 0xBtvStack.exe0
Pfad der fehlerhaften Anwendung: BtvStack.exe1
Pfad des fehlerhaften Moduls: BtvStack.exe2
Berichtskennung: BtvStack.exe3
Vollständiger Name des fehlerhaften Pakets: BtvStack.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: BtvStack.exe5

Error: (02/09/2015 11:44:53 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: WOJA-WIN-8_PC)
Description: Das lokale Benutzerprofil wurde nicht gefunden. Sie werden mit einem temporären Benutzerprofil angemeldet. Änderungen, die Sie am Benutzerprofil vornehmen, gehen bei der Abmeldung verloren.


System errors:
=============
Error: (02/11/2015 09:08:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "McAfee OOBE Service2" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (02/11/2015 09:08:09 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst McAfee OOBE Service2 erreicht.

Error: (02/11/2015 09:08:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "lxebCATSCustConnectService" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (02/11/2015 09:08:09 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst lxebCATSCustConnectService erreicht.

Error: (02/11/2015 09:01:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "McAfee OOBE Service2" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (02/11/2015 09:01:22 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst McAfee OOBE Service2 erreicht.

Error: (02/11/2015 09:01:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "lxebCATSCustConnectService" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (02/11/2015 09:01:22 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst lxebCATSCustConnectService erreicht.

Error: (02/11/2015 09:01:02 PM) (Source: DCOM) (EventID: 10010) (User: WOJA-WIN-8_PC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (02/11/2015 09:01:02 PM) (Source: DCOM) (EventID: 10010) (User: WOJA-WIN-8_PC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}


Microsoft Office Sessions:
=========================
Error: (02/11/2015 09:09:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: BtvStack.exe8.0.0.2065024e144audio.dll8.0.0.2065024e1aac0000005000000000001ae08115001d046368c9f2be7C:\Program Files (x86)\Bluetooth Suite\BtvStack.exeC:\Program Files (x86)\Bluetooth Suite\Modules\Audio\audio.dlle3c35fdb-b229-11e4-bf13-dc85de86b96e

Error: (02/11/2015 09:03:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: BtvStack.exe8.0.0.2065024e144audio.dll8.0.0.2065024e1aac0000005000000000001ae0852c01d04635b6bbaf41C:\Program Files (x86)\Bluetooth Suite\BtvStack.exeC:\Program Files (x86)\Bluetooth Suite\Modules\Audio\audio.dll07c6320f-b229-11e4-bf12-dc85de86b96e

Error: (02/11/2015 08:46:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: BtvStack.exe8.0.0.2065024e144audio.dll8.0.0.2065024e1aac0000005000000000001ae08118401d0463348a04c4cC:\Program Files (x86)\Bluetooth Suite\BtvStack.exeC:\Program Files (x86)\Bluetooth Suite\Modules\Audio\audio.dlla28e1f72-b226-11e4-bf11-7054d234b877

Error: (02/11/2015 08:42:27 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT-AUTORITÄT)
Description: -2147024883

Error: (02/10/2015 10:41:30 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: BtvStack.exe8.0.0.2065024e144audio.dll8.0.0.2065024e1aac0000005000000000001ae08c1801d04515a673c74cC:\Program Files (x86)\Bluetooth Suite\BtvStack.exeC:\Program Files (x86)\Bluetooth Suite\Modules\Audio\audio.dllfd16b895-b108-11e4-bf11-7054d234b877

Error: (02/10/2015 09:42:29 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: BtvStack.exe8.0.0.2065024e144audio.dll8.0.0.2065024e1aac0000005000000000001ae0813b401d0450d6aaebf9aC:\Program Files (x86)\Bluetooth Suite\BtvStack.exeC:\Program Files (x86)\Bluetooth Suite\Modules\Audio\audio.dllbe67a790-b100-11e4-bf11-7054d234b877

Error: (02/10/2015 07:35:42 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (02/10/2015 07:16:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: BtvStack.exe8.0.0.2065024e144audio.dll8.0.0.2065024e1aac0000005000000000001ae08e9801d044f90d2157a5C:\Program Files (x86)\Bluetooth Suite\BtvStack.exeC:\Program Files (x86)\Bluetooth Suite\Modules\Audio\audio.dll67070bd1-b0ec-11e4-bf11-7054d234b877

Error: (02/09/2015 11:47:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: BtvStack.exe8.0.0.2065024e144audio.dll8.0.0.2065024e1aac0000005000000000001ae08152001d044ba5d173ef4C:\Program Files (x86)\Bluetooth Suite\BtvStack.exeC:\Program Files (x86)\Bluetooth Suite\Modules\Audio\audio.dllb123aadf-b0ad-11e4-bf11-7054d234b877

Error: (02/09/2015 11:44:53 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: WOJA-WIN-8_PC)
Description:


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-3517U CPU @ 1.90GHz
Percentage of memory in use: 25%
Total physical RAM: 8075 MB
Available physical RAM: 6036.26 MB
Total Pagefile: 9355 MB
Available Pagefile: 7292.05 MB
Total Virtual: 131072 MB
Available Virtual: 131071.83 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:229.8 GB) (Free:103.24 GB) NTFS

==================== MBR & Partition Table ==================

==================== End Of Log ============================


Alle Zeitangaben in WEZ +1. Es ist jetzt 04:52 Uhr.
Seite 1 von 5 1 23 Letzte »
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131