So alles erledigt, jedoch habe ich nach dem Suchlauf von Malwarebytes kein Suchlaufprotokoll gefunden. Habe aber alle Funde in Quarantäne verschoben.
Hier die log files:
AdwCleaner: Code:
# AdwCleaner v4.111 - Bericht erstellt 27/02/2015 um 17:42:36
# Aktualisiert 18/02/2015 von Xplode
# Datenbank : 2015-02-18.3 [Server]
# Betriebssystem : Windows 8.1 (x64)
# Benutzername : S - *****-LAPTOP
# Gestarted von : C:\Users\S\Desktop\AdwCleaner_4.111.exe
# Option : Löschen
***** [ Dienste ] *****
Dienst Gelöscht : RBClientService
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\apn
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\Systweak
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Right Backup
Ordner Gelöscht : C:\Program Files (x86)\MyPC Backup
Ordner Gelöscht : C:\Program Files (x86)\Right Backup
Ordner Gelöscht : C:\Users\S\AppData\Local\Temp\OCS
Ordner Gelöscht : C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Roaming\Systweak
Ordner Gelöscht : C:\USerS\S\FlvPlayer
Ordner Gelöscht : C:\USerS\S\AppData\Local\Wajam
Ordner Gelöscht : C:\USerS\S\AppData\LocalLow\Delta
Ordner Gelöscht : C:\USerS\S\AppData\Roaming\Babylon
Ordner Gelöscht : C:\USerS\S\AppData\Roaming\DigitalSites
Ordner Gelöscht : C:\USerS\S\AppData\Roaming\DSite
Ordner Gelöscht : C:\USerS\S\AppData\Roaming\Mysearchdial
Ordner Gelöscht : C:\USerS\S\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\USerS\S\AppData\Roaming\pdfforge
Ordner Gelöscht : C:\USerS\S\AppData\Roaming\rightbackup
Ordner Gelöscht : C:\USerS\S\AppData\Roaming\Systweak
Ordner Gelöscht : C:\USerS\S\AppData\Roaming\Tlapia
Ordner Gelöscht : C:\USerS\S\AppData\Roaming\MicroSoft\WindowS\Start Menu\ProgramS\FLV Player
Ordner Gelöscht : C:\USerS\S\DocumentS\PC Speed Maximizer
Ordner Gelöscht : C:\USerS\S\AppData\Roaming\Mozilla\Firefox\ProfileS\azgoc4i8.default\Extensions\{8850f748-e69b-42ff-a449-7ad3cf153bcc}
Ordner Gelöscht : C:\USerS\S\AppData\Roaming\Mozilla\Firefox\ProfileS\azgoc4i8.default\Extensions\{f80bc79c-ab5e-418a-a0be-3d9e66b4e976}
Ordner Gelöscht : C:\USerS\S\AppData\Roaming\Mozilla\Firefox\ProfileS\azgoc4i8.default\Extensions\addon@infobirdpro.com
Ordner Gelöscht : C:\Users\S\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Ordner Gelöscht : C:\Users\S\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp
Datei Gelöscht : C:\END
Datei Gelöscht : C:\WINDOWS\System32\roboot64.exe
Datei Gelöscht : C:\USerS\S\AppData\Roaming\Mozilla\Firefox\ProfileS\azgoc4i8.default\bprotector_extensions.sqlite
Datei Gelöscht : C:\USerS\S\AppData\Roaming\Mozilla\Firefox\ProfileS\azgoc4i8.default\bprotector_prefs.js
Datei Gelöscht : C:\USerS\S\AppData\Roaming\Mozilla\Firefox\ProfileS\azgoc4i8.default\invalidprefs.js
Datei Gelöscht : C:\USerS\S\AppData\Roaming\Mozilla\Firefox\ProfileS\azgoc4i8.default\searchplugins\BrowserDefender.xml
Datei Gelöscht : C:\USerS\S\AppData\Roaming\Mozilla\Firefox\ProfileS\azgoc4i8.default\searchplugins\softonic.xml
Datei Gelöscht : C:\USerS\S\AppData\Roaming\Mozilla\Firefox\ProfileS\azgoc4i8.default\user.js
Datei Gelöscht : C:\Users\S\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
Datei Gelöscht : C:\Users\S\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.softonic.com_0.localstorage
Datei Gelöscht : C:\Users\S\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.softonic.com_0.localstorage-journal
Datei Gelöscht : C:\Users\S\AppData\Local\Google\Chrome\User Data\Default\bprotector web data
Datei Gelöscht : C:\Users\S\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_jpmbfleldcgkldadpdinhjjopdfpjfjp_0.localstorage-journal
Datei Gelöscht : C:\Users\S\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_jpmbfleldcgkldadpdinhjjopdfpjfjp_0.localstorage
Datei Gelöscht : C:\Users\S\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal
Datei Gelöscht : C:\Users\S\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage
***** [ Geplante Tasks ] *****
Task Gelöscht : BrowserDefendert
Task Gelöscht : DSite
Task Gelöscht : LaunchApp
Task Gelöscht : MySearchDial
Task Gelöscht : Right Backup_startup
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{ACAA314B-EEBA-48E4-AD47-84E31C44796C}]
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\wajam.com
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\S
Schlüssel Gelöscht : HKCU\Software\94dd8bb23fef13
Schlüssel Gelöscht : HKLM\SOFTWARE\94dd8bb23fef13
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{25A3A431-30BB-47C8-AD6A-E1063801134F}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{7D8DEABC-6E35-435C-80E4-FC6C0C623398}
Schlüssel Gelöscht : HKCU\Software\BABSOLUTION
Schlüssel Gelöscht : HKCU\Software\DataMngr
[#] Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\dsiteproducts
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\Myfree Codec
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Optimizer Pro
Schlüssel Gelöscht : HKCU\Software\SecuredDownload
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gelöscht : HKLM\SOFTWARE\DataMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Myfree Codec
Schlüssel Gelöscht : HKLM\SOFTWARE\systweak
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DSite
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\FLV Player
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\search.softonic.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonic.com
***** [ Internetbrowser ] *****
-\\ Internet Explorer v11.0.9600.17416
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
-\\ Mozilla Firefox v25.0 (de)
[C:\USerS\S\AppData\Roaming\Mozilla\Firefox\ProfileS\azgoc4i8.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.Softonic.admin", false);
[C:\USerS\S\AppData\Roaming\Mozilla\Firefox\ProfileS\azgoc4i8.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.Softonic.aflt", "OC");
[C:\USerS\S\AppData\Roaming\Mozilla\Firefox\ProfileS\azgoc4i8.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.Softonic.appId", "{7ABBFE1C-E485-44AA-8F36-353751B4124D}");
[C:\USerS\S\AppData\Roaming\Mozilla\Firefox\ProfileS\azgoc4i8.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.Softonic.autoRvrt", "false");
[C:\USerS\S\AppData\Roaming\Mozilla\Firefox\ProfileS\azgoc4i8.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.Softonic.dfltLng", "de");
[C:\USerS\S\AppData\Roaming\Mozilla\Firefox\ProfileS\azgoc4i8.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.Softonic.dfltSrch", true);
[C:\USerS\S\AppData\Roaming\Mozilla\Firefox\ProfileS\azgoc4i8.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.Softonic.dnsErr", true);
[C:\USerS\S\AppData\Roaming\Mozilla\Firefox\ProfileS\azgoc4i8.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.Softonic.excTlbr", false);
[C:\USerS\S\AppData\Roaming\Mozilla\Firefox\ProfileS\azgoc4i8.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.Softonic.ffxUnstlRst", false);
[C:\USerS\S\AppData\Roaming\Mozilla\Firefox\ProfileS\azgoc4i8.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.Softonic.hmpg", true);
[C:\USerS\S\AppData\Roaming\Mozilla\Firefox\ProfileS\azgoc4i8.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.Softonic.hmpgUrl", "hxxp://search.softonic.com/MOY00621/tb_v1?SearchSource=13&cc=&mi=b23b633b0000000000006c71d9512b2c");
[C:\USerS\S\AppData\Roaming\Mozilla\Firefox\ProfileS\azgoc4i8.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.Softonic.id", "b23b633b0000000000006c71d9512b2c");
[C:\USerS\S\AppData\Roaming\Mozilla\Firefox\ProfileS\azgoc4i8.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.Softonic.instlDay", "16041");
[C:\USerS\S\AppData\Roaming\Mozilla\Firefox\ProfileS\azgoc4i8.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.Softonic.instlRef", "MOY00621");
[C:\USerS\S\AppData\Roaming\Mozilla\Firefox\ProfileS\azgoc4i8.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.Softonic.newTab", true);
[C:\USerS\S\AppData\Roaming\Mozilla\Firefox\ProfileS\azgoc4i8.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.Softonic.newTabUrl", "hxxp://search.softonic.com/MOY00621/tb_v1/?SearchSource=15&cc=&mi=b23b633b0000000000006c71d9512b2c");
[C:\USerS\S\AppData\Roaming\Mozilla\Firefox\ProfileS\azgoc4i8.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.Softonic.prdct", "Softonic");
[C:\USerS\S\AppData\Roaming\Mozilla\Firefox\ProfileS\azgoc4i8.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.Softonic.prtnrId", "softonic");
[C:\USerS\S\AppData\Roaming\Mozilla\Firefox\ProfileS\azgoc4i8.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.Softonic.rvrt", "false");
[C:\USerS\S\AppData\Roaming\Mozilla\Firefox\ProfileS\azgoc4i8.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.Softonic.smplGrp", "none");
[C:\USerS\S\AppData\Roaming\Mozilla\Firefox\ProfileS\azgoc4i8.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.Softonic.srchPrvdr", "Search the web (Softonic)");
[C:\USerS\S\AppData\Roaming\Mozilla\Firefox\ProfileS\azgoc4i8.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.Softonic.tlbrId", "opencandy2013");
[C:\USerS\S\AppData\Roaming\Mozilla\Firefox\ProfileS\azgoc4i8.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.Softonic.tlbrSrchUrl", "hxxp://search.softonic.com/MOY00621/tb_v1?SearchSource=1&cc=&mi=b23b633b0000000000006c71d9512b2c&q=");
[C:\USerS\S\AppData\Roaming\Mozilla\Firefox\ProfileS\azgoc4i8.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.Softonic.vrsn", "1.8.21.14");
[C:\USerS\S\AppData\Roaming\Mozilla\Firefox\ProfileS\azgoc4i8.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.Softonic.vrsnTs", "1.8.21.1411:57:36");
[C:\USerS\S\AppData\Roaming\Mozilla\Firefox\ProfileS\azgoc4i8.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.Softonic.vrsni", "1.8.21.14");
-\\ Google Chrome v
[C:\Users\S\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://search.softonic.com/MOY00621/tb_v1?q={searchTerms}&SearchSource=49&cc=&mi=b23b633b0000000000006c71d9512b2c
[C:\Users\S\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=B23B6C71D9512B2C&affID=121529&tsp=4950
*************************
AdwCleaner[R0].txt - [14782 Bytes] - [27/02/2015 17:37:30]
AdwCleaner[S0].txt - [13841 Bytes] - [27/02/2015 17:42:36]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [13901 Bytes] ##########
JRT: Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 8.1 x64
Ran by S on 27.02.2015 at 17:55:51,36
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\systweak"
Successfully deleted: [Folder] "C:\Program Files (x86)\myfree codec"
Successfully deleted: [Folder] "C:\WINDOWS\syswow64\ai_recyclebin"
~~~ FireFox
Emptied folder: C:\Users\S\AppData\Roaming\mozilla\firefox\profiles\azgoc4i8.default\minidumps [1 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 27.02.2015 at 18:01:59,15
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Habe ein zweites Mal suchen lassen und nun wurde ein logfile erstellt.
Malwarebytes: Code:
Malwarebytes Anti-Malware
www.malwarebytes.org
Suchlauf Datum: 27.02.2015
Suchlauf-Zeit: 19:29:51
Logdatei: mdam.txt
Administrator: Ja
Version: 2.00.4.1028
Malware Datenbank: v2015.02.27.06
Rootkit Datenbank: v2015.02.25.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert
Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: S
Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 403122
Verstrichene Zeit: 21 Min, 33 Sek
Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert
Prozesse: 0
(Keine schädliche Elemente erkannt)
Module: 0
(Keine schädliche Elemente erkannt)
Registrierungsschlüssel: 1
PUP.Optional.Feven.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Feven 1.7, Löschen bei Neustart, [6c0633f0a3e7b97d44f8fde7fd0606fa],
Registrierungswerte: 1
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY|AppPath, C:\Program Files (x86)\Mysearchdial\1.8.29.0\, In Quarantäne, [8fe329fa78129f97f6c5cb520203817f]
Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)
Ordner: 1
PUP.Optional.CrossRider.A, C:\Users\S\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ajppokcpihekimknckddpgkbiphmaglg, In Quarantäne, [b9b942e1602ae1552fc4f77fb94a12ee],
Dateien: 13
PUP.Optional.OpenCandy, C:\Users\S\Downloads\PhotoScape_V3.6.5.exe, In Quarantäne, [d0a2dd4657339d99fba86f8a02037a86],
PUP.Optional.Softonic, C:\Users\S\Downloads\SoftonicDownloader_for_video-performer.exe, In Quarantäne, [234f071c4e3cf3432afe9f8fda278779],
PUP.Optional.Delta.A, C:\Users\S\Downloads\Thunderbird20Setup2017.0.2 (1).exe, In Quarantäne, [650d83a0038789adaa301f1118e99070],
PUP.Optional.Delta.A, C:\Users\S\Downloads\Thunderbird20Setup2017.0.2.exe, In Quarantäne, [343e180b9dedb581c21850e09e63f60a],
PUP.Optional.CrossRider.A, C:\Users\S\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ajppokcpihekimknckddpgkbiphmaglg_0.localstorage, In Quarantäne, [4f2361c2ccbe65d1f421f5d111f2b24e],
PUP.Optional.CrossRider.A, C:\Users\S\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ajppokcpihekimknckddpgkbiphmaglg_0.localstorage-journal, In Quarantäne, [f18179aaf59580b6ba5bd1f559aad52b],
PUP.Optional.CrossRider.A, C:\Users\S\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ajppokcpihekimknckddpgkbiphmaglg\000345.ldb, In Quarantäne, [b9b942e1602ae1552fc4f77fb94a12ee],
PUP.Optional.CrossRider.A, C:\Users\S\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ajppokcpihekimknckddpgkbiphmaglg\000348.log, In Quarantäne, [b9b942e1602ae1552fc4f77fb94a12ee],
PUP.Optional.CrossRider.A, C:\Users\S\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ajppokcpihekimknckddpgkbiphmaglg\CURRENT, In Quarantäne, [b9b942e1602ae1552fc4f77fb94a12ee],
PUP.Optional.CrossRider.A, C:\Users\S\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ajppokcpihekimknckddpgkbiphmaglg\LOCK, In Quarantäne, [b9b942e1602ae1552fc4f77fb94a12ee],
PUP.Optional.CrossRider.A, C:\Users\S\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ajppokcpihekimknckddpgkbiphmaglg\LOG, In Quarantäne, [b9b942e1602ae1552fc4f77fb94a12ee],
PUP.Optional.CrossRider.A, C:\Users\S\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ajppokcpihekimknckddpgkbiphmaglg\LOG.old, In Quarantäne, [b9b942e1602ae1552fc4f77fb94a12ee],
PUP.Optional.CrossRider.A, C:\Users\S\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ajppokcpihekimknckddpgkbiphmaglg\MANIFEST-000346, In Quarantäne, [b9b942e1602ae1552fc4f77fb94a12ee],
Physische Sektoren: 0
(Keine schädliche Elemente erkannt)
(end)
FRST:
FRST Logfile:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-02-2015 01
Ran by S (administrator) on *****-LAPTOP on 27-02-2015 19:11:04
Running from C:\Users\S\Desktop
Loaded Profiles: S (Available profiles: S & s*****)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyConfigTDPService.exe
(Diskeeper Corporation) C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ASUS VivoBook\ASUSWakeupService.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SynptSync64.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
() C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
(ASUSTek Computer INC.) C:\ProgramData\AsTouchPanel\AsPatchTouchPanel64.exe
() C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTeK Computer Inc.) C:\Program Files\ASUS\ASUS VivoBook\VivoBook.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Google Inc.) C:\Users\S\AppData\Local\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Google Inc.) C:\Users\S\AppData\Local\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\msosync.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5301880 2012-11-30] (VIA)
HKLM\...\Run: [VIAAUD] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\viaaud.exe [2538104 2012-11-30] (VIA)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2774256 2013-08-28] (Synaptics Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2014-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2012-11-27] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\AsusWSPanel.exe [3423104 2012-08-31] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [ATLauncher] => "C:\Program Files\McAfeeEx\McAfeeAntiTheft\ATLauncher.exe" /createshortcuts:1
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-17] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.)
HKLM-x32\...\Run: [ATUninstallIcon] => "C:\Program Files\McAfeeEx\McAfeeAntiTheft\ATLauncher.exe" /createuninstallentry:1
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [685048 2012-08-03] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2691480 2014-03-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [191016 2014-05-14] (Geek Software GmbH)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-02-07] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126712 2015-01-19] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [129664 2012-12-28] ( (Atheros Communications))
HKU\S-1-5-21-341994271-839112875-1329040048-1001\...\Run: [Google Update] => C:\Users\S\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-07-20] (Google Inc.)
HKU\S-1-5-21-341994271-839112875-1329040048-1001\...\Run: [Spotify] => C:\Users\S\AppData\Roaming\Spotify\Spotify.exe [6118400 2014-01-25] (Spotify Ltd)
HKU\S-1-5-21-341994271-839112875-1329040048-1001\...\Run: [Spotify Web Helper] => C:\Users\S\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-01-25] (Spotify Ltd)
HKU\S-1-5-21-341994271-839112875-1329040048-1001\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564992 2014-02-07] (Samsung)
HKU\S-1-5-21-341994271-839112875-1329040048-1001\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
Startup: C:\Users\S\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\S\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-341994271-839112875-1329040048-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\S\AppData\Roaming\Mozilla\Firefox\Profiles\azgoc4i8.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKU\S-1-5-21-341994271-839112875-1329040048-1001: @tools.google.com/Google Update;version=3 -> C:\Users\S\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-341994271-839112875-1329040048-1001: @tools.google.com/Google Update;version=9 -> C:\Users\S\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-08-15]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF HKU\S-1-5-21-341994271-839112875-1329040048-1001\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2013-12-02]
FF Extension: No Name - C:\Users\S\AppData\Roaming\Mozilla\Firefox\Profiles\azgoc4i8.default\extensions\addon@infobirdpro.com [Not Found]
FF Extension: No Name - C:\Users\S\AppData\Roaming\Mozilla\Firefox\Profiles\azgoc4i8.default\extensions\{f80bc79c-ab5e-418a-a0be-3d9e66b4e976} [Not Found]
FF Extension: No Name - C:\Users\S\AppData\Roaming\Mozilla\Firefox\Profiles\azgoc4i8.default\extensions\{8850f748-e69b-42ff-a449-7ad3cf153bcc} [Not Found]
Chrome:
=======
CHR HomePage: Default -> hxxp://search.softonic.com/MOY00621/tb_v1?SearchSource=48&cc=&mi=b23b633b0000000000006c71d9512b2c
CHR Profile: C:\Users\S\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\S\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-07-20]
CHR Extension: (Google Drive) - C:\Users\S\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-20]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\S\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-05]
CHR Extension: (YouTube) - C:\Users\S\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-20]
CHR Extension: (Google Search) - C:\Users\S\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-20]
CHR Extension: (Avira Browser Safety) - C:\Users\S\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-08-17]
CHR Extension: (AdBlock) - C:\Users\S\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-10-30]
CHR Extension: (Google Wallet) - C:\Users\S\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Bungalow) - C:\Users\S\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogkdmggpdfpodahejeckklcncacambmo [2014-09-07]
CHR Extension: (Gmail) - C:\Users\S\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-20]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-17] (Avira Operations GmbH & Co. KG)
R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [226944 2012-12-28] (Qualcomm Atheros Commnucations) [File not signed]
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [182520 2015-01-19] (Avira Operations GmbH & Co. KG)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2711736 2015-01-13] (Microsoft Corporation)
R2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [30080 2012-10-01] (Intel Corporation)
R2 DptfPolicyConfigTDPService; C:\Windows\system32\DptfPolicyConfigTDPService.exe [31616 2012-10-01] (Intel Corporation)
R2 ExpressCache; C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [79664 2012-03-30] (Diskeeper Corporation)
R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2013-11-18] (Nero AG)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [193576 2012-07-30] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27768 2012-11-30] (VIA Technologies, Inc.)
R2 WakeupService; C:\Program Files\ASUS\ASUS VivoBook\ASUSWakeupService.exe [45488 2012-12-20] (ASUSTek Computer Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-12-28] (Atheros) [File not signed]
S2 McSchedulerSvc; "C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 ATP; C:\Windows\System32\drivers\AsusTP.sys [62848 2012-11-20] (ASUS Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-19] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131608 2014-10-19] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-12-09] (Avira Operations GmbH & Co. KG)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2012-12-28] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 DptfDevDram; C:\Windows\system32\DRIVERS\DptfDevDram.sys [107328 2012-10-01] (Intel Corporation)
R3 DptfDevFan; C:\Windows\system32\DRIVERS\DptfDevFan.sys [42816 2012-10-01] (Intel Corporation)
R3 DptfDevGen; C:\Windows\system32\DRIVERS\DptfDevGen.sys [64832 2012-10-01] (Intel Corporation)
R3 DptfDevPch; C:\Windows\system32\DRIVERS\DptfDevPch.sys [96576 2012-10-01] (Intel Corporation)
R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [229184 2012-10-01] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [363328 2012-10-01] (Intel Corporation)
R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [23344 2012-03-30] (Diskeeper Corporation)
R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [95024 2012-03-30] (Diskeeper Corporation)
R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2012-07-30] (Intel Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-27] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-28] (Synaptics Incorporated)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S3 wmbclass; C:\Windows\system32\DRIVERS\wmbclass.sys [268288 2013-11-01] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-27 19:07 - 2015-02-27 19:08 - 00015115 _____ () C:\Users\S\Desktop\post.txt
2015-02-27 18:07 - 2015-02-27 18:51 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-02-27 18:06 - 2015-02-27 18:06 - 00001116 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-27 18:06 - 2015-02-27 18:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-27 18:06 - 2015-02-27 18:06 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-27 18:06 - 2015-02-27 18:06 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-27 18:06 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-02-27 18:06 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-02-27 18:06 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-02-27 18:05 - 2015-02-27 18:06 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\S\Downloads\mbam-setup-2.0.4.1028.exe
2015-02-27 18:01 - 2015-02-27 18:01 - 00000935 _____ () C:\Users\S\Desktop\JRT.txt
2015-02-27 17:54 - 2015-02-27 17:54 - 01388274 _____ (Thisisu) C:\Users\S\Desktop\JRT.exe
2015-02-27 17:35 - 2015-02-27 17:50 - 00000000 ____D () C:\AdwCleaner
2015-02-27 17:34 - 2015-02-27 17:34 - 02126848 _____ () C:\Users\S\Desktop\AdwCleaner_4.111.exe
2015-02-27 15:50 - 2015-02-27 15:50 - 00000000 ____D () C:\Users\S\Desktop\RevoUninstallerPortable
2015-02-27 15:49 - 2015-02-27 15:49 - 02785665 _____ (PortableApps.com) C:\Users\S\Desktop\RevoUninstallerPortable_1.95_Rev_2.paf.exe
2015-02-27 12:06 - 2015-02-27 12:19 - 00040468 _____ () C:\Users\S\Desktop\Addition.txt
2015-02-27 12:02 - 2015-02-27 19:11 - 00024887 _____ () C:\Users\S\Desktop\FRST.txt
2015-02-27 12:02 - 2015-02-27 19:11 - 00000000 ____D () C:\FRST
2015-02-27 11:59 - 2015-02-27 12:00 - 00000464 _____ () C:\Users\S\Desktop\defogger_disable.log
2015-02-27 11:59 - 2015-02-27 11:59 - 00000000 _____ () C:\Users\S\defogger_reenable
2015-02-27 11:44 - 2015-02-27 11:44 - 02087936 _____ (Farbar) C:\Users\S\Desktop\FRST64.exe
2015-02-27 11:38 - 2015-02-27 11:38 - 00050477 _____ () C:\Users\S\Desktop\Defogger.exe
2015-02-23 19:16 - 2015-02-23 19:16 - 00000000 ____D () C:\Users\s*****\Documents\Benutzerdefinierte Office-Vorlagen
2015-02-23 18:30 - 2015-02-23 18:30 - 00017608 _____ () C:\Users\s*****\Downloads\Syntax_ManO.sps
2015-02-23 18:15 - 2014-04-16 00:35 - 00028352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll
2015-02-23 18:15 - 2014-04-16 00:34 - 00029888 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
2015-02-23 18:12 - 2015-02-23 20:48 - 00008104 _____ () C:\Users\S\Desktop\Medienpsycho Ausarbeitung.odt
2015-02-19 10:04 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-02-19 10:04 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-02-19 09:46 - 2015-02-19 09:46 - 00284904 _____ () C:\WINDOWS\Minidump\021915-33250-01.dmp
2015-02-18 21:30 - 2015-02-18 21:30 - 00285336 _____ () C:\WINDOWS\Minidump\021815-26500-01.dmp
2015-02-18 11:52 - 2015-02-18 11:53 - 00060367 _____ () C:\Users\s*****\Downloads\Datensatz_nachRematching.sav
2015-02-18 11:47 - 2015-02-18 11:47 - 00000000 ____D () C:\ProgramData\SPSS
2015-02-18 11:47 - 2015-02-18 11:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IBM SPSS Statistics
2015-02-18 11:39 - 2015-02-18 11:39 - 00000000 ____D () C:\Users\s*****\Desktop\SPSS22_win64
2015-02-18 10:00 - 2015-02-18 11:36 - 750933118 _____ (ALTAP) C:\Users\s*****\Downloads\SPSS22_win64 (1).exe
2015-02-18 09:55 - 2015-02-18 11:50 - 00000000 ____D () C:\Users\s*****\AppData\Local\HTC MediaHub
2015-02-18 09:55 - 2015-02-18 09:55 - 00000000 ____D () C:\Users\s*****\Documents\HTC
2015-02-18 09:55 - 2015-02-18 09:55 - 00000000 ____D () C:\Users\s*****\AppData\Local\Apple Computer
2015-02-18 09:55 - 2015-02-18 09:55 - 00000000 ____D () C:\Users\s*****\.android
2015-02-18 09:39 - 2015-02-23 17:13 - 00003958 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{CE0DA6A6-CE27-4CB0-A029-F2BBB1032090}
2015-02-18 09:39 - 2015-02-18 09:39 - 00000000 __SHD () C:\Users\s*****\AppData\Local\EmieUserList
2015-02-18 09:39 - 2015-02-18 09:39 - 00000000 __SHD () C:\Users\s*****\AppData\Local\EmieSiteList
2015-02-18 09:39 - 2015-02-18 09:39 - 00000000 __SHD () C:\Users\s*****\AppData\Local\EmieBrowserModeList
2015-02-18 09:33 - 2015-02-18 09:33 - 00001452 _____ () C:\Users\s*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-02-18 09:33 - 2015-02-18 09:33 - 00000020 ___SH () C:\Users\s*****\ntuser.ini
2015-02-16 15:33 - 2015-02-16 15:33 - 25038894 _____ () C:\Users\S\Downloads\Clip 6 (1).mp4
2015-02-15 18:12 - 2015-02-15 18:12 - 15093266 _____ () C:\Users\S\Desktop\Clip 15.mp4
2015-02-14 17:09 - 2015-02-14 17:10 - 00284904 _____ () C:\WINDOWS\Minidump\021415-32578-01.dmp
2015-02-12 22:27 - 2015-02-04 00:38 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-02-12 22:27 - 2015-02-04 00:08 - 00761856 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-02-12 22:27 - 2015-02-04 00:08 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-02-12 22:27 - 2015-02-03 00:11 - 01098752 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-02-12 22:27 - 2015-02-03 00:11 - 00894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-02-12 22:27 - 2015-02-03 00:11 - 00609280 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-02-12 22:27 - 2015-01-19 19:42 - 01487976 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-02-12 22:27 - 2014-12-19 09:57 - 00788680 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2015-02-12 22:27 - 2014-12-19 09:25 - 00602776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2015-02-12 22:27 - 2014-12-09 00:12 - 00391526 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-02-12 13:57 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-02-12 13:57 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-02-12 13:57 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-02-12 13:57 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-02-12 13:57 - 2015-01-12 03:34 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-02-12 13:57 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-02-12 13:57 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-02-12 13:57 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-02-12 13:57 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-02-12 13:57 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-02-12 13:57 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-02-12 13:57 - 2015-01-12 02:58 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-02-12 13:57 - 2015-01-12 02:55 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-02-12 13:57 - 2015-01-12 02:51 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-02-12 13:57 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-02-12 13:57 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-02-12 13:57 - 2015-01-12 02:48 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-02-12 13:57 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-02-12 13:57 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2015-02-12 13:57 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-02-12 13:57 - 2015-01-12 02:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-02-12 13:57 - 2015-01-12 02:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-02-12 13:57 - 2015-01-12 02:27 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-02-12 13:57 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-02-12 13:57 - 2015-01-12 02:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-02-12 13:57 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-02-12 13:57 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-02-12 13:57 - 2015-01-12 02:23 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-02-12 13:57 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-02-12 13:57 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-02-12 13:57 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-02-12 13:57 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-02-12 13:57 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-02-12 13:57 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-02-12 13:55 - 2015-01-15 23:43 - 00563504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-02-12 13:55 - 2015-01-15 23:43 - 00177984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-02-12 13:55 - 2015-01-14 05:22 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-02-12 13:55 - 2015-01-14 04:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-02-12 13:55 - 2015-01-10 10:10 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-02-12 13:55 - 2015-01-10 10:10 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-02-12 13:55 - 2015-01-10 09:28 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-02-12 13:55 - 2014-12-09 04:45 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll
2015-02-12 13:55 - 2014-12-09 02:56 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2015-02-12 13:55 - 2014-10-29 03:51 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll
2015-02-12 13:55 - 2014-10-29 03:50 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2015-02-12 13:55 - 2014-10-29 03:06 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2015-02-12 13:55 - 2014-10-29 03:06 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll
2015-02-12 13:55 - 2014-10-29 03:02 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-02-12 13:55 - 2014-10-29 03:02 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-02-12 13:55 - 2014-10-29 02:57 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
2015-02-12 13:55 - 2014-10-29 02:31 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-02-12 13:55 - 2014-10-29 02:15 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2015-02-12 13:55 - 2014-10-29 02:15 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll
2015-02-12 13:55 - 2014-10-29 02:14 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe
2015-02-12 13:55 - 2014-10-29 02:13 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe
2015-02-12 13:55 - 2014-10-29 02:13 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe
2015-02-12 13:51 - 2015-01-13 23:11 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-02-12 13:51 - 2015-01-13 23:04 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-02-12 13:49 - 2015-01-10 08:00 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-02-12 13:49 - 2015-01-10 07:38 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-02-12 13:46 - 2015-01-10 09:22 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-02-11 20:56 - 2015-02-11 20:57 - 00284904 _____ () C:\WINDOWS\Minidump\021115-31281-01.dmp
2015-02-09 17:46 - 2015-02-09 17:46 - 00284848 _____ () C:\WINDOWS\Minidump\020915-31359-01.dmp
2015-02-09 10:27 - 2015-02-09 10:27 - 00000000 ____D () C:\Users\S\Desktop\Niklas Bewerbungen
2015-02-09 10:21 - 2015-02-09 10:25 - 00000000 ____D () C:\Users\S\Documents\Psycho_Semester5
2015-02-09 10:18 - 2015-02-25 22:40 - 00000000 ____D () C:\Users\S\Documents\PR_Semester5
2015-02-09 10:16 - 2015-02-09 10:25 - 00000000 ____D () C:\Users\S\Documents\Rechnungen Sitibi
2015-02-06 22:50 - 2015-02-09 10:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-02-02 20:43 - 2015-02-02 20:44 - 00284904 _____ () C:\WINDOWS\Minidump\020215-31000-01.dmp
2015-02-01 21:44 - 2015-02-01 21:44 - 00008081 _____ () C:\Users\S\Desktop\AIESEC.odt
2015-02-01 17:17 - 2015-02-01 17:17 - 00284904 _____ () C:\WINDOWS\Minidump\020115-22312-01.dmp
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-27 19:12 - 2014-12-22 22:03 - 00005134 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for *****-LAPTOP-S *****-Laptop
2015-02-27 19:03 - 2014-03-25 23:32 - 01101667 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-27 19:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-02-27 18:52 - 2014-02-12 12:35 - 00003474 _____ () C:\WINDOWS\System32\Tasks\ASUS Live Update1
2015-02-27 18:52 - 2014-01-10 13:22 - 00003464 _____ () C:\WINDOWS\System32\Tasks\ASUS Live Update2
2015-02-27 18:51 - 2014-04-16 20:48 - 00000000 ____D () C:\Users\S\AppData\Local\HTC MediaHub
2015-02-27 18:51 - 2014-03-25 23:37 - 00000000 __RDO () C:\Users\S\SkyDrive
2015-02-27 18:51 - 2013-07-18 20:06 - 00000062 _____ () C:\Users\S\AppData\Roaming\sp_data.sys
2015-02-27 18:50 - 2013-11-13 23:18 - 00011782 _____ () C:\WINDOWS\PFRO.log
2015-02-27 18:50 - 2013-08-22 15:46 - 00348565 _____ () C:\WINDOWS\setupact.log
2015-02-27 18:50 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-27 18:50 - 2013-08-22 14:25 - 00786432 ___SH () C:\WINDOWS\system32\config\BBI
2015-02-27 18:46 - 2013-10-17 13:29 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-02-27 18:37 - 2013-07-20 12:06 - 00001130 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-341994271-839112875-1329040048-1001UA.job
2015-02-27 18:13 - 2013-07-18 20:15 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-341994271-839112875-1329040048-1001
2015-02-27 17:47 - 2014-04-27 14:05 - 00003930 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{22B5884A-5D41-46C6-9293-0BECDB0591B2}
2015-02-27 17:42 - 2014-03-25 22:35 - 00000000 ____D () C:\Users\S
2015-02-27 16:06 - 2013-07-30 20:57 - 00000000 ____D () C:\Program Files (x86)\Java
2015-02-27 15:57 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-02-27 15:48 - 2013-08-15 18:44 - 00000000 ____D () C:\Users\S\AppData\Local\Adobe
2015-02-27 13:37 - 2013-10-09 11:45 - 00001078 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-341994271-839112875-1329040048-1001Core1cec4dca7115bb0.job
2015-02-26 22:12 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-02-26 21:09 - 2013-11-14 08:27 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-02-26 21:09 - 2013-11-14 08:11 - 00773008 _____ () C:\WINDOWS\system32\perfh007.dat
2015-02-26 21:09 - 2013-11-14 08:11 - 00162310 _____ () C:\WINDOWS\system32\perfc007.dat
2015-02-26 21:05 - 2013-07-18 20:05 - 00000000 ____D () C:\Users\S\AppData\Local\Packages
2015-02-26 15:03 - 2013-07-18 20:08 - 00000000 ____D () C:\Users\S\Documents\Bluetooth Folder
2015-02-25 19:01 - 2014-03-17 11:52 - 00000062 _____ () C:\Users\s*****\AppData\Roaming\sp_data.sys
2015-02-23 20:27 - 2014-12-22 20:48 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-02-23 19:14 - 2014-03-17 11:52 - 00000000 ____D () C:\Users\s*****\AppData\Local\Packages
2015-02-23 18:25 - 2014-03-17 14:03 - 00003594 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-341994271-839112875-1329040048-1002
2015-02-23 17:22 - 2014-03-25 22:35 - 00000000 ____D () C:\Users\s*****
2015-02-20 16:40 - 2014-04-29 20:50 - 00003096 _____ () C:\WINDOWS\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-341994271-839112875-1329040048-1001
2015-02-19 12:39 - 2013-08-14 18:22 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-02-19 12:31 - 2014-12-17 20:43 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2015-02-19 12:31 - 2014-07-16 07:41 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2015-02-19 12:31 - 2013-07-27 10:15 - 116773704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-02-19 09:46 - 2014-04-21 15:16 - 498536369 _____ () C:\WINDOWS\MEMORY.DMP
2015-02-19 09:46 - 2014-04-21 15:16 - 00000000 ____D () C:\WINDOWS\Minidump
2015-02-18 22:55 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-02-18 12:14 - 2014-03-18 12:07 - 00000000 ____D () C:\Users\s*****\AppData\Local\Thunderbird
2015-02-18 11:45 - 2013-10-30 19:15 - 00000219 _____ () C:\WINDOWS\SysWOW64\lsprst7.tgz
2015-02-18 11:45 - 2013-10-30 19:15 - 00000205 _____ () C:\WINDOWS\SysWOW64\lsprst7.dll
2015-02-18 11:45 - 2013-10-30 19:15 - 00000017 ____H () C:\WINDOWS\SysWOW64\servdat.slm
2015-02-18 09:55 - 2014-03-17 12:02 - 00000000 ____D () C:\Users\s*****\AppData\Roaming\Apple Computer
2015-02-18 09:55 - 2013-08-22 15:44 - 05168608 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-02-18 09:39 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-02-18 09:34 - 2014-03-25 23:36 - 00000000 ____D () C:\WINDOWS\System32\Tasks\WPD
2015-02-12 13:58 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-02-09 17:54 - 2014-05-16 13:21 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-09 17:54 - 2013-07-20 12:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-02-09 17:54 - 2013-07-20 12:43 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-02-09 17:45 - 2013-07-21 13:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-09 11:15 - 2015-01-20 17:00 - 00000000 ____D () C:\Users\S\Desktop\Auslansbafög
2015-02-09 10:28 - 2014-07-27 10:27 - 00000000 ____D () C:\Users\S\Documents\SelfMV
2015-02-09 10:28 - 2014-06-02 15:28 - 00000000 ____D () C:\Users\S\Desktop\***** Bewerbung Vorlagen
2015-02-09 10:26 - 2013-10-24 13:30 - 00000000 ____D () C:\Users\S\Documents\ABC Presselunch August 2013
2015-02-09 10:25 - 2014-06-02 15:28 - 00000000 ____D () C:\Users\S\Documents\Neuer Ordner
2015-02-09 10:20 - 2014-05-02 12:32 - 00000000 ____D () C:\Users\S\Documents\BE II und III
2015-02-09 10:18 - 2014-03-28 08:23 - 00000000 ____D () C:\Users\S\Documents\WJ
2015-02-09 10:13 - 2013-07-21 13:34 - 00000000 ____D () C:\Users\S\AppData\Local\Thunderbird
2015-02-08 13:32 - 2013-12-12 13:11 - 00003688 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-341994271-839112875-1329040048-1001Core1cec4dca7115bb0
2015-02-08 13:32 - 2013-07-20 12:06 - 00004068 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-341994271-839112875-1329040048-1001UA
2015-02-06 09:43 - 2013-10-17 13:29 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-02-03 20:31 - 2014-12-17 20:46 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-02-03 20:31 - 2014-12-17 20:46 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
==================== Files in the root of some directories =======
2013-07-18 20:06 - 2015-02-27 18:51 - 0000062 _____ () C:\Users\S\AppData\Roaming\sp_data.sys
2013-07-29 19:31 - 2014-10-22 11:28 - 0000123 _____ () C:\Users\S\AppData\Roaming\WB.CFG
2013-12-31 14:40 - 2014-01-02 14:38 - 0000005 _____ () C:\Users\S\AppData\Roaming\WBPU-Q5-TTL.DAT
2013-07-20 13:31 - 2014-01-30 12:31 - 0000005 _____ () C:\Users\S\AppData\Roaming\WBPU-TTL.DAT
2014-06-28 14:21 - 2014-06-28 14:21 - 0003584 _____ () C:\Users\S\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-08-19 18:31 - 2013-08-19 18:31 - 0000017 _____ () C:\Users\S\AppData\Local\resmon.resmoncfg
2012-11-27 05:08 - 2012-09-07 12:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd
2012-11-27 05:08 - 2009-07-22 11:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
2012-11-27 05:08 - 2012-09-07 12:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS
Files to move or delete:
====================
C:\ProgramData\SetStretch.exe
C:\ProgramData\SetStretch.VBS
Some content of TEMP:
====================
C:\Users\S\AppData\Local\Temp\avgnt.exe
C:\Users\S\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpd7vtcr.dll
C:\Users\S\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpibnq2e.dll
C:\Users\S\AppData\Local\Temp\Quarantine.exe
C:\Users\S\AppData\Local\Temp\sqlite3.dll
C:\Users\s*****\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-02-27 18:13
==================== End Of Log ============================
--- --- ---
--- --- ---
Addition.txt: Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-02-2015 01
Ran by S at 2015-02-27 19:13:42
Running from C:\Users\S\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
ASUS VivoBook (HKLM\...\{04FDBE69-F9FD-42A2-9008-E5CE7F60C6BE}) (Version: 1.0.26 - ASUS)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.5.0.367 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe InDesign CC (HKLM-x32\...\{BC448016-6F11-1014-B0EA-97CEE6E26CB6}) (Version: 9.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
Adobe® Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 3.4.2 - Adobe Systems, Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 3.9.145.62246 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 3.9.145.62246 - Alcor Micro Corp.) Hidden
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS Instant Connect (HKLM-x32\...\{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}) (Version: 1.2.8 - ASUS)
ASUS InstantOn (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 3.0.5 - ASUS)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.1.5 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.2.5 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 2.1.7 - ASUS)
ASUS S Series Product Demo (HKLM-x32\...\{387AA3E2-B9FE-4DA1-A097-A0D2213E8794}) (Version: 1.0.0 - ASUS)
ASUS Screen Saver (HKLM\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.0 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 2.01.0002 - ASUS)
ASUS Tutor (HKLM-x32\...\{58172D66-2F69-4215-9AEC-ED8196023736}) (Version: 1.0.8 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.4 - ASUS)
ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.10.123 - ASUS Cloud Corporation)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.7 - Atheros Communications Inc.)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0026 - ASUS)
Avira (HKLM-x32\...\{bd538030-07d4-4999-a525-7fafa2483f56}) (Version: 1.1.30.21727 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.30.21727 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.00495 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.00495 - Cisco Systems, Inc.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKU\S-1-5-21-341994271-839112875-1329040048-1001\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
ExpressCache (HKLM\...\{2EBEFDA8-F905-4C39-AC1C-D5ABE7B3E0AE}) (Version: 1.0.86 - Diskeeper Corporation)
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Free YouTube to MP3 Converter version 3.12.33.424 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.33.424 - DVDVideoSoft Ltd.)
Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Google Chrome (HKU\S-1-5-21-341994271-839112875-1329040048-1001\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.10.0.001 - HTC Corporation)
HTC Sync Manager (HKLM-x32\...\{231D0C79-98A6-4693-A366-36DE7D7346EC}) (Version: 3.0.52.0 - HTC)
IBM SPSS Statistics 22 (HKLM\...\{104875A1-D083-4A34-BC4F-3F635B7F8EF7}) (Version: 22.0.0.0 - IBM Corp)
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 6.0.6.1082 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation)
Intel(R) Rapid Start Technology (HKLM-x32\...\3D073343-CEEB-4ce7-85AC-A69A7631B5D6) (Version: 2.1.0.1002 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
Kaminfeuer Comprehensive Edition Free (HKLM-x32\...\ST5UNST #1) (Version: - )
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft Office 365 ProPlus - de-de (HKLM\...\O365ProPlusRetail - de-de) (Version: 15.0.4693.1002 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-341994271-839112875-1329040048-1001\...\OneDriveSetup.exe) (Version: 17.3.4713.0209 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 25.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 25.0 (x86 de)) (Version: 25.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.4.0 - Mozilla)
Mozilla Thunderbird 31.4.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.4.0 (x86 de)) (Version: 31.4.0 - Mozilla)
MyBitCast 2.0 (HKLM-x32\...\MyBitCast) (Version: 2.0 - ASUS)
MyFreeCodec (HKU\S-1-5-21-341994271-839112875-1329040048-1001\...\MyFreeCodec) (Version: - )
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4693.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4693.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4693.1002 - Microsoft Corporation) Hidden
OpenOffice 4.0.0 (HKLM-x32\...\{B28DBCBA-60F8-40ED-B35B-F510C327946C}) (Version: 4.00.9702 - Apache Software Foundation)
PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDF Settings CC (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
PDF24 Creator 6.4.1 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.1 - pdfforge)
PhotoScape (HKLM-x32\...\PhotoScape) (Version: - )
Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.218 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Raccolta foto (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Right Backup (HKLM-x32\...\980124D4-3D52-4c2d-AD41-9E90BDF4C031_Systweak_Ri~01F2B2E8_is1) (Version: 2.1.1000.3945 - Systweak Software)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.2.14014_6 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.2.14014_6 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.43.0 - SAMSUNG Electronics Co., Ltd.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Spotify (HKU\S-1-5-21-341994271-839112875-1329040048-1001\...\Spotify) (Version: 0.9.7.16.g4b197456 - Spotify AB)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.8.21 - Synaptics Incorporated)
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.1 - ASUS)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-341994271-839112875-1329040048-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\S\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-341994271-839112875-1329040048-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\S\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-341994271-839112875-1329040048-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\S\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-341994271-839112875-1329040048-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\S\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-341994271-839112875-1329040048-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\S\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-341994271-839112875-1329040048-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\S\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-341994271-839112875-1329040048-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\S\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-341994271-839112875-1329040048-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\S\AppData\Local\Microsoft\OneDrive\17.3.4713.0209\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-341994271-839112875-1329040048-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\S\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-341994271-839112875-1329040048-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\S\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-341994271-839112875-1329040048-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\S\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-341994271-839112875-1329040048-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\S\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-341994271-839112875-1329040048-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\S\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-341994271-839112875-1329040048-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\S\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-341994271-839112875-1329040048-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\S\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-341994271-839112875-1329040048-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\S\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-341994271-839112875-1329040048-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\S\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
==================== Restore Points =========================
23-02-2015 18:13:29 Windows Update
27-02-2015 15:53:01 Revo Uninstaller's restore point - DMUninstaller
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {05F9A178-CA93-4927-8456-5D8C59ACB194} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-341994271-839112875-1329040048-1001 => %localappdata%\Microsoft\OneDrive\OneDrive.exe
Task: {0900E1CB-AEFA-4B6D-9D0A-821A9999B89A} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2013-08-15] (ASUSTeK Computer Inc.)
Task: {0988628B-0EDD-4EE7-A33A-45A5F44AF274} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-02-19] (Microsoft Corporation)
Task: {29968AB1-831F-4D47-8087-8D580315B0C2} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-12-30] (Microsoft Corporation)
Task: {2BBBA6A7-78CB-457E-849D-2629F989D2B5} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-08-24] (ASUS)
Task: {3467A4C9-8A6D-453B-95A0-8355952841C1} - System32\Tasks\ASUS VivoBook => C:\Program Files\ASUS\ASUS VivoBook\VivoBook.exe [2012-12-25] (ASUSTeK Computer Inc.)
Task: {415181A5-86B2-4F36-851D-BE50BFE2700F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-341994271-839112875-1329040048-1001Core => C:\Users\S\AppData\Local\Google\Update\GoogleUpdate.exe [2013-07-20] (Google Inc.)
Task: {4EBE2273-AA0C-4649-8420-9FA8094196FB} - System32\Tasks\ASUS Patch for VIA Audio => C:\Windows\system32\AsPatchViaAudio.exe [2012-11-07] (ASUSTek Computer INC.)
Task: {4F4847AE-1E32-48DB-9540-476526FC0110} - System32\Tasks\ASUS Splendid ColorU => C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe [2012-11-29] ()
Task: {5357961E-18D1-42BB-9A4D-56B0A4318AD8} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2013-08-15] (ASUSTeK Computer Inc.)
Task: {5A9CE836-E25B-4977-9DBB-1066A57E7725} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2012-11-29] (ASUS)
Task: {60CE8CA3-FFA7-434F-9FA9-DE76A736BC9A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-01-06] (Microsoft Corporation)
Task: {613B679A-ADDA-4180-AD45-0776EB40574E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-01-06] (Microsoft Corporation)
Task: {6B698859-C465-43C1-918A-4E2D1509CB41} - System32\Tasks\{23CE1126-09A9-4D25-B399-D7B33717AE23} => pcalua.exe -a C:\Users\S\Downloads\22001905.exe -d C:\Users\S\Downloads
Task: {728297BF-D589-427B-BBE2-5E7D21C9FB14} - System32\Tasks\ASUS Patch for Touch Panel => C:\ProgramData\AsTouchPanel\AsPatchTouchPanel64.exe [2013-01-09] (ASUSTek Computer INC.)
Task: {8A0C6533-1CF2-408F-B0BA-53B2021F15E3} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-*****.*****@arcor.de => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27] (Adobe Systems Incorporated)
Task: {92BEA5FC-E768-48D4-8722-6821B0416896} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-01-14] (Microsoft Corporation)
Task: {92D1C1DF-4089-402E-863E-8FCB47E47BAF} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {9C0F9CDA-4F3F-43C2-9A9D-E9EFA9EC6EFE} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2013-08-15] (ASUSTeK Computer Inc.)
Task: {A25E5C3E-4447-4456-972B-5A6118AB5643} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-12-30] (Microsoft Corporation)
Task: {AA43C85E-F90D-4AB4-B8EA-402B0650B152} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-341994271-839112875-1329040048-1001UA => C:\Users\S\AppData\Local\Google\Update\GoogleUpdate.exe [2013-07-20] (Google Inc.)
Task: {AE83C723-9651-4753-BD5F-85B28C37A00A} - System32\Tasks\Microsoft\Windows\WCM\Provisioning\Purge.S-1-5-21-341994271-839112875-1329040048-1001
Task: {C2321246-0909-46B1-9873-72C4873597C2} - System32\Tasks\Microsoft Office 15 Sync Maintenance for *****-LAPTOP-S *****-Laptop => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2015-01-06] (Microsoft Corporation)
Task: {C77B8B10-50C6-43B5-AF21-63D2A5254260} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-341994271-839112875-1329040048-1001Core1cec4dca7115bb0 => C:\Users\S\AppData\Local\Google\Update\GoogleUpdate.exe [2013-07-20] (Google Inc.)
Task: {CAC0DDEF-1986-4BF2-9C09-27EAD59901DB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-06] (Adobe Systems Incorporated)
Task: {CB4F55D8-0D4E-4DA5-B353-231E70E8D5DB} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-07-24] (ASUSTek Computer Inc.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-341994271-839112875-1329040048-1001Core1cec4dca7115bb0.job => C:\Users\S\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-341994271-839112875-1329040048-1001UA.job => C:\Users\S\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) ==============
2014-12-23 12:52 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-10-17 14:27 - 2013-10-17 14:27 - 00166912 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2014-03-20 10:24 - 2014-03-20 10:24 - 00667808 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
2014-03-24 10:32 - 2014-03-24 10:32 - 00821600 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
2012-11-29 18:15 - 2012-11-29 18:15 - 00171224 _____ () C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
2012-08-24 18:26 - 2012-08-24 18:26 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2013-08-22 08:19 - 2013-08-22 07:54 - 00049664 _____ () C:\WINDOWS\system32\WinMetadata\Windows.Graphics.winmd
2013-08-22 08:19 - 2013-08-22 07:54 - 00030208 _____ () C:\WINDOWS\system32\WinMetadata\Windows.Foundation.winmd
2013-01-15 10:06 - 2012-11-02 08:19 - 00094208 _____ () C:\Windows\system32\IccLibDll_x64.dll
2012-12-28 13:07 - 2012-12-28 13:07 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2012-12-28 13:04 - 2012-12-28 13:04 - 00084480 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll
2012-12-28 13:09 - 2012-12-28 13:09 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
2012-08-03 20:53 - 2012-08-03 20:53 - 00062968 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2014-02-06 00:52 - 2014-02-06 00:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-06 00:52 - 2014-02-06 00:52 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-03-24 10:31 - 2014-03-24 10:31 - 00031080 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DbAccess.dll
2014-03-24 10:32 - 2014-03-24 10:32 - 00607376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\sqlite3.dll
2014-03-24 10:32 - 2014-03-24 10:32 - 00059752 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NAdvLog.dll
2014-03-24 10:32 - 2014-03-24 10:32 - 00036216 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NFileCacheDBAccess.dll
2014-03-24 10:32 - 2014-03-24 10:32 - 00080248 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\ninstallerhelper.dll
2014-03-24 10:34 - 2014-03-24 10:34 - 00129376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\zlib1.dll
2014-03-24 10:36 - 2014-03-24 10:36 - 00223592 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DevConnMon.dll
2013-04-27 10:24 - 2013-04-27 10:24 - 00071680 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\checkmetro.dll
2014-12-23 12:57 - 2014-12-23 13:01 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll
2013-03-13 01:58 - 2012-06-25 11:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Users\S\SkyDrive:ms-properties
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-341994271-839112875-1329040048-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\S\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.2.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\Run: => "VIAAUD"
HKLM\...\StartupApproved\Run: => "HDAudDeck"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "SynTPEnh"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "sysTPL"
HKLM\...\StartupApproved\Run32: => "Cisco AnyConnect Secure Mobility Agent for Windows"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKU\S-1-5-21-341994271-839112875-1329040048-1001\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
HKU\S-1-5-21-341994271-839112875-1329040048-1001\...\StartupApproved\Run: => "Driver Pro"
HKU\S-1-5-21-341994271-839112875-1329040048-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-341994271-839112875-1329040048-1001\...\StartupApproved\Run: => "Spotify Web Helper"
==================== Accounts: =============================
Administrator (S-1-5-21-341994271-839112875-1329040048-500 - Administrator - Disabled)
Gast (S-1-5-21-341994271-839112875-1329040048-501 - Limited - Disabled)
S (S-1-5-21-341994271-839112875-1329040048-1001 - Administrator - Enabled) => C:\Users\S
s***** (S-1-5-21-341994271-839112875-1329040048-1002 - Limited - Enabled) => C:\Users\s*****
==================== Faulty Device Manager Devices =============
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (02/27/2015 06:50:51 PM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Fehler beim Verarbeiten von Sitzungsänderung. System.NullReferenceException: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
bei Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription)
bei System.ServiceProcess.ServiceBase.DeferredSessionChange(Int32 eventType, Int32 sessionId)
Error: (02/27/2015 06:47:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: LiveUpdate.exe, Version: 3.2.5.0, Zeitstempel: 0x520c29b7
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17630, Zeitstempel: 0x54b0d74f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00042f0e
ID des fehlerhaften Prozesses: 0x1534
Startzeit der fehlerhaften Anwendung: 0xLiveUpdate.exe0
Pfad der fehlerhaften Anwendung: LiveUpdate.exe1
Pfad des fehlerhaften Moduls: LiveUpdate.exe2
Berichtskennung: LiveUpdate.exe3
Vollständiger Name des fehlerhaften Pakets: LiveUpdate.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: LiveUpdate.exe5
Error: (02/27/2015 06:47:31 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: LiveUpdate.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: Ausnahmecode c0000005, Ausnahmeadresse 10008CE4
System errors:
=============
Error: (02/27/2015 06:51:43 PM) (Source: DCOM) (EventID: 10016) (User: *****-LAPTOP)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}*****-LaptopSS-1-5-21-341994271-839112875-1329040048-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (02/27/2015 06:51:43 PM) (Source: DCOM) (EventID: 10016) (User: *****-LAPTOP)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}*****-LaptopSS-1-5-21-341994271-839112875-1329040048-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (02/27/2015 06:51:43 PM) (Source: DCOM) (EventID: 10016) (User: *****-LAPTOP)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}*****-LaptopSS-1-5-21-341994271-839112875-1329040048-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (02/27/2015 06:51:43 PM) (Source: DCOM) (EventID: 10016) (User: *****-LAPTOP)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}*****-LaptopSS-1-5-21-341994271-839112875-1329040048-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (02/27/2015 06:51:43 PM) (Source: DCOM) (EventID: 10016) (User: *****-LAPTOP)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}*****-LaptopSS-1-5-21-341994271-839112875-1329040048-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (02/27/2015 06:51:43 PM) (Source: DCOM) (EventID: 10016) (User: *****-LAPTOP)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}*****-LaptopSS-1-5-21-341994271-839112875-1329040048-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (02/27/2015 06:51:42 PM) (Source: DCOM) (EventID: 10016) (User: *****-LAPTOP)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}*****-LaptopSS-1-5-21-341994271-839112875-1329040048-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (02/27/2015 06:51:41 PM) (Source: DCOM) (EventID: 10016) (User: *****-LAPTOP)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}*****-LaptopSS-1-5-21-341994271-839112875-1329040048-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (02/27/2015 06:50:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "McAfee PC Task Scheduler Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Microsoft Office Sessions:
=========================
Error: (02/27/2015 06:50:51 PM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Fehler beim Verarbeiten von Sitzungsänderung. System.NullReferenceException: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
bei Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription)
bei System.ServiceProcess.ServiceBase.DeferredSessionChange(Int32 eventType, Int32 sessionId)
Error: (02/27/2015 06:47:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: LiveUpdate.exe3.2.5.0520c29b7ntdll.dll6.3.9600.1763054b0d74fc000000500042f0e153401d052ace5e3ec76C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exeC:\WINDOWS\SYSTEM32\ntdll.dllb49eb551-bea8-11e4-bee5-6c71d9512b2c
Error: (02/27/2015 06:47:31 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: LiveUpdate.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: Ausnahmecode c0000005, Ausnahmeadresse 10008CE4
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-3317U CPU @ 1.70GHz
Percentage of memory in use: 62%
Total physical RAM: 3981.7 MB
Available physical RAM: 1491.88 MB
Total Pagefile: 8077.7 MB
Available Pagefile: 4838.68 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:186.3 GB) (Free:74.4 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Data) (Fixed) (Total:258.15 GB) (Free:258.01 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 04A53D1B)
Partition: GPT Partition Type.
========================================================
Disk: 1 (Size: 22.4 GB) (Disk ID: 640ECA63)
Partition: GPT Partition Type.
==================== End Of Log ============================
|
Hinweis: 
FRST 32-Bit | FRST 64-Bit
Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
AdwCleaner auf deinen Desktop.
Malwarebytes Anti-Malware 
SecurityCheck und:
dann auf 
und dann auf 
. 