Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Related search site und Spyhunter (https://www.trojaner-board.de/164507-related-search-site-spyhunter.html)

Firstclasshu 26.02.2015 22:27
Related search site und Spyhunter
 
Liebes forum,

Ich bitte um hilfe. Ich habe den trojaner, der mir die "related search sites" anzeigt im mozilla firefox. Nervt. Dummerweise wollte ich ihn mit spyhunter-download bekämpfen, keine super idee.
Hat jemand einen plan, wie ich beide dinge loswerden kann? Ich bin für jede hilfe dankbar.
Ich habe nur das gefühl, ich kann manche downloads oder online scans gar nicht mehr machen, weil sich der virus drüberlegt.
Wie gesagt, ich bin für jeden rat dankbar.
Ach ja, und wie ich mich vor diesem ding in zukunft schützen kann. Ich war auf keiner zwielichtigen seite, bin etwas verwundert, wieso ich den habe...
DANKE!
Alles gute weiterhin an alle,

Hans

Bootsektor 26.02.2015 22:35
:hallo:

Mein Name ist Sandra und ich werde Dir bei Deinem Problem behilflich sein.
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lese die Anleitungen sorgfältig durch bevor Du beginnst. Wenn es Probleme gibt oder Du etwas nicht verstehst, dann stoppe mit Deiner Ausführung und beschreibe mir das Problem
  • Führe bitte nur Scans durch zu denen Du von mir aufgefordert wirst.
  • Bitte kein Crossposting ( posten in mehreren Foren).
  • Installiere oder deinstalliere während der Bereinigung keine Software, ausser Du wurdest dazu aufgefordert.
  • Poste die Logfiles direkt in deinen Thread in Code-Tags.
  • Bedenke, dass wir hier alle während unserer Freizeit tätig sind, wenn du innerhalb von 2 Tagen nichts von mir hörst, dann schreibe mir bitte eine PM.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der schnellere und bei einem Befall durch Malware immer der sicherste Weg. Adware lässt sich in den allermeisten Fällen problemlos entfernen.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Dir jemand vom Team sagt, dass Du clean bist.

Posten in Code Tags
Bitte füge die Logs immer in Code-Tags ein. Wenn Du das nicht machst, erschwert es mir sehr das Auswerten. Danke.
Dazu:
  • Klicke über dem Antwortfenster auf die Raute #, dann steht dort in eckigen Klammern [] CODE /CODE.
  • Zwischen den beiden code-Bausteinen fügst Du dann deine Logfiles ein. Also CODE Logfile /CODE
  • Wenn die Logs zu lang sein sollten, dann teile sie bitte auf und poste sie dann hier in Deinem Thread, notfalls in mehreren Antworten.

Schritt 1
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


Firstclasshu 26.02.2015 23:26
Danke
 
Hi Sandra,

vielen Dank erst einmal für die Hilfe. Das mit dem #Symbol habe ich nicht ganz geschnallt, aber vielleicht reicht es ja so.

Die FRST.txt-Liste ist hier:
FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-02-2015 01
Ran by Mr.Mr. (administrator) on Mr. on 26-02-2015 23:07:38
Running from C:\Users\Mr.Mr.\AppData\Local\Microsoft\Windows\INetCache\IE\91PRR2FO
Loaded Profiles: Mr.Mr. (Available profiles: Mr.Mr.)
Platform: Windows 8.1 Pro (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
(Condusiv Technologies) C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB Card Reader\RIconMan.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\plugincontainer.exe
() C:\Program Files (x86)\Common Files\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\updater.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Samsung Electronics CO., LTD.) C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17477_none_fa2b7d3b9b36c7b4\TiWorker.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngentask.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngentask.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Dropbox, Inc.) C:\Users\Mr.Mr.\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Wondershare) C:\Program Files\Wondershare\Video Converter Ultimate\MediaLibServer.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.1\bin\EpmNews.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Side Sync\SideSync.exe
() C:\Program Files (x86)\Samsung\Side Sync\adb.exe
(Microsoft Corporation) C:\Windows\WinStore\WSHost.exe
(SEC) C:\Program Files\Samsung\Recovery\WCScheduler.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13263072 2012-12-12] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1260256 2013-01-04] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_SRSSA] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1260256 2013-01-04] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2875216 2013-01-02] (ELAN Microelectronics Corp.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [Bitcasa] => C:\Program Files\Bitcasa\Bitcasa.exe [4365824 2012-12-27] (Bitcasa, Inc)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [310640 2013-03-07] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-13] (Intel Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [97392 2012-08-15] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [StatusAlerts] => C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe [313656 2013-04-18] (Hewlett-Packard Company)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2072928 2014-10-31] (Wondershare)
HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\Wondershare\Video Converter Ultimate\DelayPluginI.exe [1960336 2014-11-21] ()
HKLM-x32\...\Run: [Wondershare Media Server] => C:\Program Files\Wondershare\Video Converter Ultimate\MediaLibServer.exe [215440 2014-11-21] (Wondershare)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126712 2015-01-19] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-11-24] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [EaseUS EPM tray] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.1\bin\EpmNews.exe [2086568 2014-03-06] (CHENGDU YIWO Tech Development Co., Ltd)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3609599866-1042440751-642132480-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-3609599866-1042440751-642132480-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Mr.Mr.\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Mr.Mr.\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mr.Mr.\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mr.Mr.\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mr.Mr.\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mr.Mr.\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mr.Mr.\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mr.Mr.\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mr.Mr.\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mr.Mr.\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [1EldosIconOverlay] -> {CF16A846-3240-485D-BA85-ED4B88EF6F5B} => C:\windows\SYSTEM32\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [BitcasaIconOverlay] -> {A6975448-A999-49BB-B3E4-7730CF6A82C0} => C:\Program Files\Bitcasa\ExplorerMenu.dll (Bitcasa, Inc)
ShellIconOverlayIdentifiers: [BitcasaProgressOverlay] -> {6FB8D52A-0064-45B2-B687-F596FEAD09C2} => C:\Program Files\Bitcasa\ExplorerMenu.dll (Bitcasa, Inc)
ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [1EldosIconOverlay] -> {CF16A846-3240-485D-BA85-ED4B88EF6F5B} => C:\windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\windows\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3609599866-1042440751-642132480-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKU\S-1-5-21-3609599866-1042440751-642132480-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung13.msn.com
SearchScopes: HKU\S-1-5-21-3609599866-1042440751-642132480-1001 -> DefaultScope {671FF2B8-43AB-44F6-B47A-BE187B60183A} URL =
SearchScopes: HKU\S-1-5-21-3609599866-1042440751-642132480-1001 -> {671FF2B8-43AB-44F6-B47A-BE187B60183A} URL =
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Positive Finds -> {30c85a3d-1d96-4589-b63f-91fb7ef45a41} -> C:\Program Files (x86)\Positive Finds\Extensions\30c85a3d-1d96-4589-b63f-91fb7ef45a41.dll ()
BHO-x32: Wondershare Video Converter Ultimate 7.1.0 -> {451C804F-C205-4F03-B48E-537EC94937BF} -> C:\ProgramData\Wondershare\Video Converter Ultimate\WSBrowserAppMgr.dll (Wondershare)
Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Mr.Mr.\AppData\Roaming\Mozilla\Firefox\Profiles\vl5mxxma.default
FF Homepage: www.google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @Sibelius.com/Scorch Plugin,version=6.2.0.88 -> C:\Program Files (x86)\Sibelius Software\Scorch\npsibelius.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\Mr.Mr.\AppData\Roaming\Mozilla\Firefox\Profiles\vl5mxxma.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPSibelius.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\PDFNetC.dll (PDFTron Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ScorchAxPlugin.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ScorchPDFWrapper.dll ()
FF Extension: Avira Browser Safety - C:\Users\Mr.Mr.\AppData\Roaming\Mozilla\Firefox\Profiles\vl5mxxma.default\Extensions\abs@avira.com [2015-02-11]
FF Extension: Positive Finds - C:\Users\Mr.Mr.\AppData\Roaming\Mozilla\Firefox\Profiles\vl5mxxma.default\Extensions\{7084813e-70d5-4251-9d2b-03bda4f44792}.xpi [2015-02-11]
FF HKLM-x32\...\Firefox\Extensions: [WSVCU@Wondershare.com] - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com
FF Extension: Wondershare Video Converter Ultimate - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com [2014-11-25]
FF HKU\S-1-5-21-3609599866-1042440751-642132480-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [182520 2015-01-19] (Avira Operations GmbH & Co. KG)
R2 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [37416 2014-12-15] (CHENGDU YIWO Tech Development Co., Ltd)
R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1594416 2013-02-28] (Samsung Electronics CO., LTD.)
R2 HP DS Service; C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe [13824 2011-10-17] (Hewlett-Packard Company) [File not signed]
S2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [174592 2012-12-04] (HP) [File not signed]
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB Card Reader\RIconMan.exe [2466448 2012-09-13] (Realsil Microelectronics Inc.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319376 2014-10-01] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131032 2013-01-14] (Intel Corporation)
R2 IntelliMemory; C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exe [55720 2012-12-21] (Condusiv Technologies)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165336 2013-01-14] (Intel Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] ()
R2 Service Mgr PositiveFinds; C:\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\plugincontainer.exe [581368 2015-02-26] () [File not signed]
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1026432 2015-02-24] (Enigma Software Group USA, LLC.)
R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3020632 2014-04-04] (Samsung Electronics CO., LTD.)
R2 Update Mgr PositiveFinds; C:\Program Files (x86)\Common Files\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\updater.exe [388856 2015-02-26] () [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36096 2014-07-21] (Advanced Micro Devices, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-11-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131608 2014-11-24] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-11-24] (Avira Operations GmbH & Co. KG)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-09-24] (Microsoft Corporation)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1337216 2012-10-01] (Motorola Solutions, Inc.)
R1 cbfs3; C:\windows\system32\drivers\cbfs3.sys [352456 2012-08-06] (EldoS Corporation)
S3 epmntdrv; C:\WINDOWS\system32\epmntdrv.sys [17480 2013-03-07] () [File not signed]
S3 epmntdrv; C:\WINDOWS\SysWOW64\epmntdrv.sys [13896 2013-03-07] () [File not signed]
S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [15920 2015-02-24] (Enigma Software Group USA, LLC.)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-02-24] ()
R3 ETDSMBus; C:\Windows\System32\drivers\ETDSMBus.sys [20336 2013-01-02] (ELAN Microelectronic Corp.)
R0 EUBKMON; C:\Windows\System32\drivers\EUBKMON.sys [48168 2014-12-15] ()
S3 EuGdiDrv; C:\WINDOWS\system32\EuGdiDrv.sys [9800 2013-03-07] () [File not signed]
S3 EuGdiDrv; C:\WINDOWS\SysWOW64\EuGdiDrv.sys [9160 2013-03-07] () [File not signed]
R1 intmfs; C:\Windows\System32\DRIVERS\intmfs.sys [29096 2012-12-21] (Condusiv Technologies)
R0 intmsd; C:\Windows\System32\DRIVERS\intmsd.sys [104872 2012-12-21] (Condusiv Technologies)
R3 NETwNe64; C:\Windows\system32\DRIVERS\Netwew00.sys [3345376 2013-10-08] (Intel Corporation)
R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows (R) Win 7 DDK provider)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
R3 SensorsAlsDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)
S3 SWDUMon; C:\Windows\system32\DRIVERS\SWDUMon.sys [16152 2014-08-24] ()
R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [47072 2012-10-09] (Windows (R) Win 7 DDK provider)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
R3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188896 2012-10-09] (Windows (R) Win 7 DDK provider)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-26 23:07 - 2015-02-26 23:07 - 00000000 ____D () C:\FRST
2015-02-24 21:03 - 2015-02-26 23:08 - 00000000 ____D () C:\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602
2015-02-24 20:15 - 2015-02-24 20:15 - 00003360 _____ () C:\WINDOWS\System32\Tasks\SpyHunter4Startup
2015-02-24 20:15 - 2015-02-24 20:15 - 00001103 _____ () C:\Users\Mr.Mr.\Desktop\SpyHunter.lnk
2015-02-24 20:15 - 2015-02-24 20:15 - 00000000 ____D () C:\Users\Mr.Mr.\AppData\Roaming\Enigma Software Group
2015-02-24 20:15 - 2015-02-24 20:15 - 00000000 ____D () C:\sh4ldr
2015-02-24 20:15 - 2015-02-24 20:15 - 00000000 _____ () C:\autoexec.bat
2015-02-24 20:14 - 2015-02-24 20:14 - 00022704 _____ () C:\WINDOWS\system32\Drivers\EsgScanner.sys
2015-02-24 20:14 - 2015-02-24 20:14 - 00016026 _____ () C:\Users\Mr.Mr.\Desktop\results.xml
2015-02-24 20:14 - 2015-02-24 20:14 - 00000000 ____D () C:\Program Files\Enigma Software Group
2015-02-24 20:01 - 2015-02-24 20:01 - 00000000 __SHD () C:\Users\Mr.Mr.\AppData\Local\EmieBrowserModeList
2015-02-24 19:58 - 2015-02-24 19:58 - 00061191 _____ () C:\WINDOWS\SysWOW64\CCCInstall_201502241958408242.log
2015-02-24 19:58 - 2015-02-24 19:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2015-02-24 19:58 - 2015-02-24 19:58 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2015-02-24 19:56 - 2015-02-24 19:56 - 00000728 _____ () C:\Users\Public\Desktop\Intel(R) HD Graphics Control Panel.lnk
2015-02-24 19:56 - 2015-01-15 23:43 - 00563504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-02-24 19:56 - 2015-01-15 23:43 - 00177984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-02-24 19:56 - 2015-01-14 05:22 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-02-24 19:56 - 2015-01-14 04:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-02-24 19:56 - 2014-10-29 03:51 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll
2015-02-24 19:56 - 2014-10-29 03:50 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2015-02-24 19:56 - 2014-10-29 03:06 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2015-02-24 19:56 - 2014-10-29 03:06 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll
2015-02-24 19:56 - 2014-10-29 02:31 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-02-24 19:56 - 2013-08-30 20:14 - 00156712 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdhcp64.dll
2015-02-24 19:56 - 2013-08-30 20:14 - 00141256 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdhcp32.dll
2015-02-24 19:56 - 2013-08-30 20:14 - 00114488 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiu9p64.dll
2015-02-24 19:56 - 2013-08-30 20:14 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atimpc64.dll
2015-02-24 19:56 - 2013-08-30 20:14 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdpcom64.dll
2015-02-24 19:56 - 2013-08-30 20:14 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atimpc32.dll
2015-02-24 19:56 - 2013-08-30 20:14 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdpcom32.dll
2015-02-24 19:56 - 2013-08-30 20:13 - 07256496 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiumd64.dll
2015-02-24 19:56 - 2013-08-30 20:13 - 06767240 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiumd6a.dll
2015-02-24 19:56 - 2013-08-30 20:13 - 06176008 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiumdva.dll
2015-02-24 19:56 - 2013-08-30 20:11 - 12528640 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\atikmdag.sys
2015-02-24 19:56 - 2013-08-30 20:05 - 00781312 _____ () C:\WINDOWS\system32\amdmiracast.dll
2015-02-24 19:56 - 2013-08-30 19:48 - 00229376 _____ () C:\WINDOWS\system32\clinfo.exe
2015-02-24 19:56 - 2013-08-30 19:48 - 00127488 _____ (AMD) C:\WINDOWS\system32\coinst_13.152.dll
2015-02-24 19:56 - 2013-08-30 19:47 - 28192256 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\amdocl64.dll
2015-02-24 19:56 - 2013-08-30 19:47 - 00098816 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\OpenVideo64.dll
2015-02-24 19:56 - 2013-08-30 19:47 - 00086528 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\OVDecode64.dll
2015-02-24 19:56 - 2013-08-30 19:47 - 00083456 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\OpenVideo.dll
2015-02-24 19:56 - 2013-08-30 19:47 - 00073216 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\OVDecode.dll
2015-02-24 19:56 - 2013-08-30 19:45 - 23760896 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\amdocl.dll
2015-02-24 19:56 - 2013-08-30 19:43 - 00063488 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2015-02-24 19:56 - 2013-08-30 19:43 - 00057344 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2015-02-24 19:56 - 2013-08-30 19:35 - 25387520 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atio6axx.dll
2015-02-24 19:56 - 2013-08-30 19:18 - 00530824 _____ () C:\WINDOWS\SysWOW64\atiapfxx.blb
2015-02-24 19:56 - 2013-08-30 19:18 - 00530824 _____ () C:\WINDOWS\system32\atiapfxx.blb
2015-02-24 19:56 - 2013-08-30 19:18 - 00368640 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiapfxx.exe
2015-02-24 19:56 - 2013-08-30 19:18 - 00062464 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticalrt64.dll
2015-02-24 19:56 - 2013-08-30 19:18 - 00055808 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticalcl64.dll
2015-02-24 19:56 - 2013-08-30 19:18 - 00052224 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\aticalrt.dll
2015-02-24 19:56 - 2013-08-30 19:18 - 00049152 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\aticalcl.dll
2015-02-24 19:56 - 2013-08-30 19:17 - 15716352 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticaldd64.dll
2015-02-24 19:56 - 2013-08-30 19:14 - 21400064 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atioglxx.dll
2015-02-24 19:56 - 2013-08-30 19:14 - 14302208 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\aticaldd.dll
2015-02-24 19:56 - 2013-08-30 19:04 - 03388672 _____ () C:\WINDOWS\system32\atiumd6a.cap
2015-02-24 19:56 - 2013-08-30 18:59 - 00442368 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atidemgy.dll
2015-02-24 19:56 - 2013-08-30 18:58 - 00571904 _____ (AMD) C:\WINDOWS\system32\atieclxx.exe
2015-02-24 19:56 - 2013-08-30 18:58 - 00026112 _____ (AMD) C:\WINDOWS\system32\atimuixx.dll
2015-02-24 19:56 - 2013-08-30 18:57 - 00239616 _____ (AMD) C:\WINDOWS\system32\atiesrxx.exe
2015-02-24 19:56 - 2013-08-30 18:56 - 00190976 _____ (AMD) C:\WINDOWS\system32\atitmm64.dll
2015-02-24 19:56 - 2013-08-30 18:50 - 03422720 _____ () C:\WINDOWS\SysWOW64\atiumdva.cap
2015-02-24 19:56 - 2013-08-30 18:37 - 00096256 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdave64.dll
2015-02-24 19:56 - 2013-08-30 18:37 - 00090624 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdave32.dll
2015-02-24 19:56 - 2013-08-30 18:37 - 00089088 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atisamu64.dll
2015-02-24 19:56 - 2013-08-30 18:37 - 00080896 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atisamu32.dll
2015-02-24 19:56 - 2013-08-30 18:35 - 00134656 _____ () C:\WINDOWS\system32\amdhdl64.dll
2015-02-24 19:56 - 2013-08-30 18:34 - 00123392 _____ () C:\WINDOWS\SysWOW64\amdhdl32.dll
2015-02-24 19:56 - 2013-08-30 18:33 - 00784384 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiadlxx.dll
2015-02-24 19:56 - 2013-08-30 18:33 - 00594944 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxy.dll
2015-02-24 19:56 - 2013-08-30 18:33 - 00075264 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atig6pxx.dll
2015-02-24 19:56 - 2013-08-30 18:33 - 00043520 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\ati2erec.dll
2015-02-24 19:56 - 2013-08-30 18:32 - 00618496 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\atikmpag.sys
2015-02-24 19:56 - 2013-08-30 18:32 - 00100352 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atig6txx.dll
2015-02-24 19:56 - 2013-08-30 18:32 - 00096768 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atigktxx.dll
2015-02-24 19:56 - 2013-08-30 18:32 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiglpxx.dll
2015-02-24 19:56 - 2013-08-30 18:32 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiglpxx.dll
2015-02-24 19:56 - 2013-08-27 15:06 - 00233652 _____ () C:\WINDOWS\system32\ativvaxy_cik.dat
2015-02-24 19:56 - 2013-08-27 13:27 - 00082336 _____ () C:\WINDOWS\system32\ativce02.dat
2015-02-24 19:56 - 2013-08-07 13:22 - 00716208 _____ () C:\WINDOWS\system32\atiicdxx.dat
2015-02-24 19:56 - 2013-08-07 11:12 - 00231984 _____ () C:\WINDOWS\system32\ativvaxy_cik_nd.dat
2015-02-24 19:56 - 2013-05-04 15:22 - 00047164 _____ () C:\WINDOWS\atiogl.xml
2015-02-24 19:54 - 2015-01-13 23:11 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-02-24 19:54 - 2015-01-13 23:04 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-02-24 19:54 - 2015-01-10 10:10 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-02-24 19:54 - 2015-01-10 10:10 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-02-24 19:54 - 2015-01-10 09:28 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-02-24 19:54 - 2014-12-09 04:45 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll
2015-02-24 19:54 - 2014-12-09 02:56 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2015-02-24 19:54 - 2014-10-29 03:02 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-02-24 19:54 - 2014-10-29 03:02 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-02-24 19:54 - 2014-10-29 02:57 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
2015-02-24 19:54 - 2014-10-29 02:15 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2015-02-24 19:54 - 2014-10-29 02:15 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll
2015-02-24 19:54 - 2014-10-29 02:14 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe
2015-02-24 19:54 - 2014-10-29 02:13 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe
2015-02-24 19:54 - 2014-10-29 02:13 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe
2015-02-24 19:53 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-02-24 19:53 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-02-24 19:53 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-02-24 19:53 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-02-24 19:53 - 2015-01-12 03:34 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-02-24 19:53 - 2015-01-12 03:32 - 06041088 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-02-24 19:53 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-02-24 19:53 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-02-24 19:53 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-02-24 19:53 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-02-24 19:53 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-02-24 19:53 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-02-24 19:53 - 2015-01-12 02:58 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-02-24 19:53 - 2015-01-12 02:55 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-02-24 19:53 - 2015-01-12 02:51 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-02-24 19:53 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-02-24 19:53 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-02-24 19:53 - 2015-01-12 02:48 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-02-24 19:53 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-02-24 19:53 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2015-02-24 19:53 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-02-24 19:53 - 2015-01-12 02:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-02-24 19:53 - 2015-01-12 02:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-02-24 19:53 - 2015-01-12 02:29 - 04300800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-02-24 19:53 - 2015-01-12 02:27 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-02-24 19:53 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-02-24 19:53 - 2015-01-12 02:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-02-24 19:53 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-02-24 19:53 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-02-24 19:53 - 2015-01-12 02:23 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-02-24 19:53 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-02-24 19:53 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-02-24 19:53 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-02-24 19:53 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-02-24 19:53 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-02-24 19:53 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-02-24 19:53 - 2015-01-10 09:22 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-02-24 19:53 - 2015-01-10 08:00 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-02-24 19:53 - 2015-01-10 07:38 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-02-24 19:47 - 2015-02-24 19:47 - 00000000 ____D () C:\Users\Mr.Mr.\Desktop\Documents\Wondershare Video Converter Ultimate
2015-02-24 19:47 - 2015-02-24 19:47 - 00000000 ____D () C:\Users\Mr.Mr.\Desktop\Documents\CyberLink
2015-02-24 19:47 - 2015-02-24 19:47 - 00000000 ____D () C:\Users\Mr.Mr.\Desktop\Documents\05 Arbeit
2015-02-24 19:47 - 2015-02-24 19:47 - 00000000 ____D () C:\Users\Mr.Mr.\Desktop\Documents\03 Haus (Stand 060113)
2015-02-24 19:47 - 2015-02-24 19:47 - 00000000 ____D () C:\Users\Mr.Mr.\Desktop\Documents\02 Konstantin
2015-02-24 19:47 - 2015-02-24 19:47 - 00000000 ____D () C:\Users\Mr.Mr.\Desktop\Documents\01 Raphael
2015-02-24 19:47 - 2014-12-23 21:14 - 00000000 _____ () C:\Users\Mr.Mr.\Desktop\Documents\HPLJM127_128_Fax_Port
2015-02-24 19:46 - 2015-02-24 19:46 - 00000000 ____D () C:\Users\Mr.Mr.\Desktop\Documents\Alt
2015-02-24 19:46 - 2015-02-24 19:46 - 00000000 ____D () C:\Users\Mr.Mr.\Desktop\Documents\15 Sonstiges
2015-02-24 19:46 - 2015-02-24 19:46 - 00000000 ____D () C:\Users\Mr.Mr.\Desktop\Documents\14 Buch
2015-02-24 19:46 - 2015-02-24 19:46 - 00000000 ____D () C:\Users\Mr.Mr.\Desktop\Documents\13 Geldanlage
2015-02-24 19:46 - 2015-02-24 19:46 - 00000000 ____D () C:\Users\Mr.Mr.\Desktop\Documents\12 Klavier
2015-02-24 19:46 - 2015-02-24 19:46 - 00000000 ____D () C:\Users\Mr.Mr.\Desktop\Documents\11 - Versuch
2015-02-24 19:46 - 2015-02-24 19:46 - 00000000 ____D () C:\Users\Mr.Mr.\Desktop\Documents\10 Sonstiges
2015-02-11 12:03 - 2015-02-11 12:03 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2015-02-11 11:28 - 2015-02-11 11:28 - 00002145 _____ () C:\Users\Public\Desktop\EaseUS Todo Backup Free 8.0 .lnk
2015-02-11 11:28 - 2015-02-11 11:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Todo Backup Free 8.0
2015-02-11 11:28 - 2015-02-11 11:28 - 00000000 ____D () C:\Meine Backups
2015-02-11 11:28 - 2014-12-15 00:59 - 00192040 _____ (CHENGDU YIWO Tech Development Co., Ltd) C:\WINDOWS\system32\Drivers\EuFdDisk.sys
2015-02-11 11:28 - 2014-12-15 00:59 - 00060968 _____ (CHENGDU YIWO Tech Development Co., Ltd) C:\WINDOWS\system32\Drivers\eubakup.sys
2015-02-11 11:28 - 2014-12-15 00:59 - 00048168 _____ () C:\WINDOWS\system32\Drivers\EUBKMON.sys
2015-02-11 11:28 - 2014-12-15 00:59 - 00018472 _____ (CHENGDU YIWO Tech Development Co., Ltd) C:\WINDOWS\system32\Drivers\eudskacs.sys
2015-02-11 11:26 - 2014-12-15 01:03 - 00024104 _____ (CHENGDU YIWO Tech Development Co., Ltd) C:\WINDOWS\system32\fbnative.exe
2015-02-11 11:24 - 2015-02-11 11:25 - 00000000 ____D () C:\ProgramData\TuneUp Software
2015-02-11 11:24 - 2015-02-11 11:25 - 00000000 ____D () C:\Program Files (x86)\EaseUS
2015-02-11 11:24 - 2015-02-11 11:24 - 00001404 _____ () C:\Users\Public\Desktop\EaseUS Partition Master 10.1.lnk
2015-02-11 11:24 - 2015-02-11 11:24 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2015-02-11 11:24 - 2015-02-11 11:24 - 00000000 ____D () C:\Users\Mr.Mr.\AppData\Roaming\TuneUp Software
2015-02-11 11:24 - 2015-02-11 11:24 - 00000000 ____D () C:\Users\Mr.Mr.\AppData\Roaming\OpenCandy
2015-02-11 11:24 - 2015-02-11 11:24 - 00000000 ____D () C:\Users\Mr.Mr.\AppData\Local\TuneUp Software
2015-02-11 11:24 - 2015-02-11 11:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Partition Master 10.1
2015-02-11 11:24 - 2015-02-11 11:24 - 00000000 ____D () C:\Program Files (x86)\Positive Finds
2015-02-11 11:24 - 2014-04-04 00:42 - 03382440 _____ () C:\WINDOWS\system32\BootMan.exe
2015-02-11 11:24 - 2014-04-04 00:25 - 02499752 _____ () C:\WINDOWS\SysWOW64\BootMan.exe
2015-02-11 11:24 - 2013-03-07 09:49 - 00100936 _____ () C:\WINDOWS\system32\setupempdrvx64.exe
2015-02-11 11:24 - 2013-03-07 09:49 - 00087112 _____ () C:\WINDOWS\SysWOW64\setupempdrv03.exe
2015-02-11 11:24 - 2013-03-07 09:49 - 00019840 _____ () C:\WINDOWS\SysWOW64\EuEpmGdi.dll
2015-02-11 11:24 - 2013-03-07 09:49 - 00017480 _____ () C:\WINDOWS\system32\epmntdrv.sys
2015-02-11 11:24 - 2013-03-07 09:49 - 00016256 _____ () C:\WINDOWS\system32\EuEpmGdi.dll
2015-02-11 11:24 - 2013-03-07 09:49 - 00013896 _____ () C:\WINDOWS\SysWOW64\epmntdrv.sys
2015-02-11 11:24 - 2013-03-07 09:49 - 00009800 _____ () C:\WINDOWS\system32\EuGdiDrv.sys
2015-02-11 11:24 - 2013-03-07 09:49 - 00009160 _____ () C:\WINDOWS\SysWOW64\EuGdiDrv.sys
2015-02-11 11:20 - 2015-02-11 11:21 - 30573888 _____ (EaseUS ) C:\Users\Mr.Mr.\Downloads\epm.exe
2015-02-11 11:17 - 2015-02-11 11:17 - 00000000 ____D () C:\Users\Mr.Mr.\AppData\Roaming\Avira
2015-02-11 11:16 - 2014-12-04 00:37 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-02-11 11:16 - 2014-12-04 00:09 - 00830464 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-02-11 11:16 - 2014-12-03 00:09 - 01083392 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-02-11 11:16 - 2014-12-03 00:09 - 00740864 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-02-11 11:16 - 2014-12-03 00:09 - 00412672 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-02-11 11:16 - 2014-12-03 00:09 - 00396288 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-02-11 11:16 - 2014-12-03 00:09 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2015-02-11 11:16 - 2014-11-10 03:29 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupStatusProvider.dll
2015-02-11 11:16 - 2014-11-10 02:51 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceSetupStatusProvider.dll
2015-02-11 11:16 - 2014-10-31 00:39 - 01970432 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2015-02-11 11:16 - 2014-10-31 00:38 - 01612992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2015-02-11 11:16 - 2014-10-13 03:33 - 00116032 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2015-02-11 11:16 - 2014-10-11 01:58 - 03320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2015-02-11 11:16 - 2014-10-11 01:53 - 03607040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2015-02-11 11:16 - 2014-10-08 08:30 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2015-02-11 11:16 - 2014-10-08 08:09 - 00428032 _____ (Microsoft Corporation) C:\WINDOWS\system32\msihnd.dll
2015-02-11 11:16 - 2014-10-08 07:27 - 00325120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msihnd.dll
2015-02-11 11:16 - 2014-10-08 06:32 - 02773504 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-02-11 11:16 - 2014-10-08 06:19 - 02459136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-02-11 11:16 - 2014-09-22 05:38 - 01519488 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2015-02-11 11:16 - 2014-09-22 04:06 - 00258368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2015-02-11 11:16 - 2014-09-22 04:06 - 00114496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2015-02-11 11:16 - 2014-09-22 03:49 - 00035320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2015-02-11 11:16 - 2014-09-19 01:16 - 01346048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2015-02-11 11:16 - 2014-09-02 23:08 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\winshfhc.dll
2015-02-11 11:16 - 2014-09-02 23:08 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winshfhc.dll
2015-02-11 11:16 - 2014-07-10 05:08 - 00321536 _____ (Microsoft Corporation) C:\WINDOWS\system32\lockscreencn.dll
2015-02-11 11:14 - 2014-11-01 00:57 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2015-02-11 11:14 - 2014-11-01 00:47 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2015-02-11 11:13 - 2015-02-11 11:12 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys
2015-02-11 11:11 - 2014-11-24 10:23 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2015-02-11 11:11 - 2014-11-24 10:23 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2015-02-11 11:11 - 2014-11-24 10:23 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys
2015-02-11 11:10 - 2015-02-11 11:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-02-11 11:10 - 2015-02-11 11:11 - 00000000 ____D () C:\ProgramData\Avira
2015-02-11 11:10 - 2015-02-11 11:11 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-02-11 11:10 - 2015-02-11 11:10 - 00001153 _____ () C:\Users\Public\Desktop\Avira.lnk
2015-02-11 11:09 - 2015-02-11 11:09 - 04515896 _____ (Avira Operations & Co. KG) C:\Users\Mr.Mr.\Downloads\avira_de_av_5843677129__ws.exe
2015-02-11 07:41 - 2015-02-11 07:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2015-02-11 07:41 - 2015-02-11 07:41 - 00000000 ____D () C:\Program Files\McAfee Security Scan

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-26 23:08 - 2014-08-30 15:46 - 00000000 ___RD () C:\Users\Mr.Mr.\Dropbox
2015-02-26 23:08 - 2014-08-23 15:05 - 00000000 ____D () C:\Users\Mr.Mr.\AppData\Roaming\Dropbox
2015-02-26 23:07 - 2013-04-19 06:51 - 00000000 ____D () C:\ProgramData\WinClon
2015-02-26 23:05 - 2014-12-14 18:36 - 02080193 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-26 23:05 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-02-26 22:12 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-02-26 22:06 - 2014-09-24 07:16 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-02-26 22:06 - 2014-09-24 06:43 - 00765582 _____ () C:\WINDOWS\system32\perfh007.dat
2015-02-26 22:06 - 2014-09-24 06:43 - 00159366 _____ () C:\WINDOWS\system32\perfc007.dat
2015-02-26 22:05 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-02-26 22:04 - 2014-12-14 18:46 - 00003958 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{E85DE4A8-84A6-4E18-BA15-6B403F2D6CA8}
2015-02-26 22:00 - 2013-08-22 15:46 - 00307490 _____ () C:\WINDOWS\setupact.log
2015-02-26 22:00 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-24 21:04 - 2014-08-23 15:00 - 00000000 ____D () C:\Users\Mr.Mr.\AppData\Local\CrashDumps
2015-02-24 21:03 - 2014-09-23 22:06 - 00835408 _____ () C:\WINDOWS\PFRO.log
2015-02-24 21:03 - 2013-08-22 15:44 - 00416656 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-02-24 21:03 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-02-24 21:02 - 2013-04-19 06:00 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-24 20:58 - 2015-01-11 12:07 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-02-24 20:57 - 2014-08-23 14:21 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3609599866-1042440751-642132480-1001
2015-02-24 20:15 - 2014-12-14 18:38 - 00000000 ____D () C:\Users\Mr.Mr.
2015-02-24 19:58 - 2013-04-19 06:50 - 00000000 ____D () C:\ProgramData\AMD
2015-02-24 19:57 - 2014-12-14 18:37 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies
2015-02-24 19:56 - 2014-12-14 18:36 - 00000000 ____D () C:\Program Files (x86)\Intel
2015-02-24 19:56 - 2013-04-19 05:59 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2015-02-24 19:49 - 2014-08-23 15:14 - 00000000 ____D () C:\Users\Mr.Mr.\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-24 19:47 - 2014-08-24 18:47 - 00000528 _____ () C:\WINDOWS\Tasks\DriverUpdate Daily Scan.job
2015-02-11 12:03 - 2014-09-24 08:41 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2015-02-11 12:03 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-02-11 12:03 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-02-11 12:03 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows Defender
2015-02-11 12:03 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-02-11 11:58 - 2015-01-11 12:07 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-02-11 11:43 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-02-11 11:41 - 2014-09-06 17:11 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-02-11 11:36 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-02-11 07:41 - 2015-01-11 12:07 - 00001947 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2015-02-11 07:41 - 2015-01-11 12:07 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2015-02-03 20:31 - 2014-09-24 08:43 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-02-03 20:31 - 2014-09-24 08:43 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-30 13:18 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2015-01-30 13:18 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2015-01-30 13:18 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\WinStore
2015-01-30 13:18 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-RS
2015-01-30 13:18 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-CS
2015-01-30 13:18 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2015-01-30 13:18 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\MediaViewer
2015-01-30 13:18 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\FileManager
2015-01-30 13:18 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\Camera

==================== Files in the root of some directories =======

2014-08-23 14:15 - 2014-08-24 18:15 - 0001492 _____ () C:\Users\Mr.Mr.\AppData\Roaming\AbsoluteReminder.xml
2014-12-23 21:24 - 2014-12-23 21:26 - 0563890 _____ () C:\Users\Mr.Mr.\AppData\Roaming\Scorch_Install.log
2013-04-19 06:56 - 2013-02-19 08:34 - 2064264 _____ (Samsung Electronics) C:\ProgramData\MakeMarkerFile.exe
2013-04-19 06:56 - 2013-01-12 15:51 - 0003004 _____ () C:\ProgramData\MakeMarkerFile.xml

Files to move or delete:
====================
C:\ProgramData\MakeMarkerFile.exe
C:\Users\EasySurvey\EasySurvey.exe


Some content of TEMP:
====================
C:\Users\Mr.Mr.\AppData\Local\Temp\avgnt.exe
C:\Users\Mr.Mr.\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpnlej0f.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-26 22:14

==================== End Of Log ============================
--- --- ---

--- --- ---


und die Addition.txt-Liste ist hier:FRST Additions Logfile:
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-02-2015 01
RanMr.Mr. at 2015-02-26 23:08:43
Running from C:\Users\Mr.Mr.\AppData\Local\Microsoft\Windows\INetCache\IE\91PRR2FO
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Absolute Reminder (HKLM-x32\...\{40F4FF7A-B214-4453-B973-080B09CED019}) (Version: 2.1.0.8 - Absolute Software)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader X (10.1.3) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.3 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{9043E92C-183C-7633-0237-96CE00F5C909}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avira (HKLM-x32\...\{bd538030-07d4-4999-a525-7fafa2483f56}) (Version: 1.1.30.21727 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.30.21727 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Bitcasa version 0.9.20.4135 (HKLM\...\{EDA09459-AD7D-4434-BA0C-647F6703EA12}_is1) (Version: 0.9.20.4135 - Bitcasa Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
CopyTrans Control Center deinstallieren (HKU\S-1-5-21-3609599866-1042440751-642132480-1001\...\CopyTrans Suite) (Version: 3.003 - WindSolutions)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4421.02 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKU\S-1-5-21-3609599866-1042440751-642132480-1001\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.)
EaseUS Partition Master 10.1 (HKLM-x32\...\EaseUS Partition Master_is1) (Version:  - EaseUS)
EaseUS Todo Backup Free 8.0  (HKLM-x32\...\EaseUS Todo Backup_is1) (Version: 8.0 - CHENGDU YIWO Tech Development Co., Ltd)
Easy File Share (HKLM-x32\...\{A7C37D4B-F37A-42E8-9B6A-B28C18AD4C12}) (Version: 1.3.6 - Samsung Electronics CO.,LTD.)
E-POP (HKLM-x32\...\{F06DD8D9-9DC8-430C-835C-C9BF21E05CC1}) (Version: 1.0.1 - Samsung Electronics CO., LTD.)
ETDWare X64 11.7.8.5_WHQL (HKLM\...\Elantech) (Version: 11.7.8.5 - ELAN Microelectronic Corp.)
Fotogalerie (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Help Desk (HKLM\...\{22B32087-797D-4A1B-AFA7-072C87580ADC}) (Version: 1.0.9 - Samsung Electronics CO., LTD.)
HP LaserJet Pro MFP M127-M128 (HKLM-x32\...\{3b050369-8d19-413d-9dec-84ff278472eb}) (Version: 8.0.13171.943 - Hewlett-Packard)
HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.002.004 - Hewlett-Packard)
hpbDSService (x32 Version: 002.002.07399 - Hewlett-Packard) Hidden
hpbM128DSService (x32 Version: 001.001.08254 - Hewlett-Packard) Hidden
HPDXP (x32 Version: 3.0.26.40 - HP) Hidden
HPLJDXPHelper (x32 Version: 060.048.005 - HP) Hidden
HPLJProMFPM127M128 (HKLM-x32\...\{7F2E85CF-9596-47C7-A4FF-80BAF7F09BAD}) (Version: 1.00.0000 - Hewlett-Packard)
HPLJUTCore (x32 Version: 008.000.0001 - HP) Hidden
HPLJUTM127_128 (x32 Version: 008.000.0001 - HP) Hidden
hppLaserJetService (x32 Version: 009.033.00905 - Hewlett-Packard) Hidden
hppM125LaserJetService (x32 Version: 001.032.00682 - Hewlett-Packard) Hidden
hpStatusAlerts (x32 Version: 080.040.00171 - Hewlett Packard) Hidden
hpStatusAlertsM127-M128 (x32 Version: 080.046.00111 - Hewlett-Packard) Hidden
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33070) (Version: 3.6.1.33070.11 - Intel)
Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.36843 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.30.1349 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3304 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{DA2600C1-6BDF-4FD1-8F3D-148929CC1385}) (Version: 2.6.1210.0278 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.6.0.1030 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{6097158B-0184-4140-BEC3-7885794D2571}) (Version: 3.5.40.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{87d45b7e-19da-4dd5-9214-5e0d587c312f}) (Version: 15.6.1 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{c9967fbd-e3c3-4ed0-992a-5b33260f2944}) (Version: 16.1.5 - Intel Corporation)
IntelliMemory (HKLM\...\{40320F22-7D70-49DB-9D66-B6FAE5F36B47}) (Version: 1.0.32.0 - Condusiv Technologies)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
LJDXPHelperUI (x32 Version: 060.048.005 - HP) Hidden
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Mozilla Firefox 34.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
OEM Application Profile (HKLM-x32\...\{EE55B368-EBDF-98F3-CFE7-7CE4ADBC4553}) (Version: 1.00.0004 - Advanced Micro Devices, Inc.)
OpenOffice 4.1.0 (HKLM-x32\...\{E19483E2-6C18-494D-A307-D4498BCFD2C7}) (Version: 4.10.9764 - Apache Software Foundation)
Phone Screen Sharing (HKLM-x32\...\{DF02C515-40B5-45AC-A601-5DC69D03885C}) (Version: 1.3.0.1 - RSUPPORT)
Plants vs. Zombies (HKLM-x32\...\Plants vs. Zombies) (Version:  - PopCap Games)
Positive Finds (HKLM-x32\...\Positive Finds) (Version: 2.0.5519.35162 - Positive Finds) <==== ATTENTION!
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Raccolta foto (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Ravensburger tiptoi (HKLM-x32\...\Ravensburger tiptoi) (Version:  - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.4.907.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6818 - Realtek Semiconductor Corp.)
Realtek USB Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.2.9200.39035 - Realtek Semiconductor Corp.)
Recovery (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 6.0.9.6 - Samsung Electronics CO., LTD.)
S Agent (Version: 1.1.47 - Samsung Electronics CO., LTD.) Hidden
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.2.13021_11 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.5.2.13021_11 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.22.0 - SAMSUNG Electronics Co., Ltd.)
Settings (HKLM-x32\...\{8CB5C357-12E5-41B1-A024-D57D4E6F32D9}) (Version: 2.0.1 - Samsung Electronics CO., LTD.)
Sibelius Scorch (Firefox, Opera, Netscape, Chrome only) (HKLM-x32\...\{41626CC0-A854-4402-AD06-D7939515C282}) (Version: 6.2.0 - Sibelius Software, a division of Avid Technology, Inc.)
Side Sync (HKLM-x32\...\{C6DA306C-B288-452A-B85C-01265DBFF0DA}) (Version: 1.1.12 - Samsung Electronics CO., LTD.)
SpyHunter 4 (HKLM-x32\...\SpyHunter) (Version: 4.19.13.4482 - Enigma Software Group, LLC)
SRS Premium Sound (HKLM-x32\...\{E44F8A34-529E-4318-A0E1-1893C337A47F}) (Version: 1.00.2600 - DTS, Inc.)
Support Center (HKLM\...\{50E36BBB-36A5-400A-8AC5-9F7C0BD751A2}) (Version: 2.1.80 - Samsung Electronics CO., LTD.)
Support Center FAQ (x32 Version: 1.0.8 - Samsung Electronics CO., LTD.) Hidden
SW Update (HKLM-x32\...\{D2B5F1E3-EA56-4D84-A453-A213B32974CB}) (Version: 2.1.25 - Samsung Electronics CO., LTD.)
User Guide (HKLM-x32\...\{491C3106-0333-4CC0-8085-7F82065FBFA4}) (Version: 1.2.00 - Samsung Electronics CO., LTD.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
Wondershare Video Converter Ultimate(Build 8.0.1.6) (HKLM-x32\...\Wondershare Video Converter Ultimate_is1) (Version: 8.0.1.6 - Wondershare Software)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3609599866-1042440751-642132480-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Mr.Mr.\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3609599866-1042440751-642132480-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-3609599866-1042440751-642132480-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Mr.Mr.\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3609599866-1042440751-642132480-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mr.Mr.\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3609599866-1042440751-642132480-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mr.Mr.\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3609599866-1042440751-642132480-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mr.Mr.\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3609599866-1042440751-642132480-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mr.Mr.\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3609599866-1042440751-642132480-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mr.Mr.\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3609599866-1042440751-642132480-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mr.Mr.\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3609599866-1042440751-642132480-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mr.Mr.\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3609599866-1042440751-642132480-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mr.Mr.\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1CB54DC0-A921-43AE-A702-D10D022B5987} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe [2015-02-24] (Enigma Software Group USA, LLC.)
Task: {1E113364-84B3-446E-B456-863CE11EB767} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2014-03-19] (Samsung Electronics CO., LTD.)
Task: {3D152E26-F629-4427-9DDE-9F83D79B285B} - System32\Tasks\Settings => C:\Program Files (x86)\Samsung\Settings\sSettings.exe [2013-02-28] (Samsung Electronics CO., LTD.)
Task: {42218450-F3E0-4CCD-93E9-5BAEE3C43A35} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-11] (Adobe Systems Incorporated)
Task: {69327EB8-C412-4FFE-B1E7-390AD6645EA9} - System32\Tasks\advRecovery => C:\Program Files\Samsung\Recovery\WCScheduler.exe [2013-03-12] (SEC)
Task: {74C00219-6163-44C7-941B-81120ADEA451} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-09-13] (Intel Corporation)
Task: {A2CED977-AE9E-4488-9C50-8A141CFA6B1F} - System32\Tasks\SideSyncAutoRun => C:\Program Files (x86)\Samsung\Side Sync\SideSync.exe [2013-06-24] (Samsung Electronics CO., LTD.)
Task: {BEAB95F0-1767-4767-9EB8-B5A4360C4C3E} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-09-13] (Intel Corporation)
Task: {D44ACA08-0D84-46F4-B577-E4A8746B91C9} - System32\Tasks\DriverUpdate Daily Scan => C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe
Task: {FAF7E472-B233-49FA-BCB2-6D3DA4674FF0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {FB58A61D-764C-4FB5-A652-7614E09C8017} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-12-31] (Microsoft Corporation)
Task: {FDA8C184-B727-4571-A667-F4EE5E3194A9} - System32\Tasks\HPLJCustParticipation => C:\Program Files (x86)\HP\HPLJUT\HPLJUTSCH.exe [2013-01-28] (Hewlett Packard)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\DriverUpdate Daily Scan.job => C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2015-02-26 22:01 - 2015-02-26 03:34 - 00581368 ____N () C:\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\plugincontainer.exe
2015-02-11 08:33 - 2015-02-26 03:34 - 00388856 ____N () C:\Program Files (x86)\Common Files\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\updater.exe
2013-02-28 09:03 - 2013-02-28 09:03 - 00085040 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
2014-10-01 19:54 - 2014-10-01 19:54 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-03-19 10:41 - 2014-03-19 10:41 - 00088624 _____ () C:\Program Files\Samsung\S Agent\ToastX64.dll
2013-06-24 20:04 - 2013-06-24 20:04 - 00815104 _____ () C:\Program Files (x86)\Samsung\Side Sync\adb.exe
2013-04-19 06:51 - 2013-03-12 01:09 - 00674816 _____ () C:\Program Files\Samsung\Recovery\Clonix.UC.dll
2013-04-19 06:51 - 2013-03-12 01:09 - 00886784 _____ () C:\Program Files\Samsung\Recovery\Clonix.UC.Res.dll
2014-07-31 11:16 - 2014-07-31 11:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-02-11 11:25 - 2014-12-15 00:53 - 00098856 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CodeLog.dll
2015-02-11 11:25 - 2014-12-15 00:53 - 00031272 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CheckTool.dll
2015-02-11 11:25 - 2014-12-15 00:53 - 00017448 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CompressFile.dll
2015-02-11 11:25 - 2014-12-15 00:53 - 00088616 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBGetRemoteNetInfo.dll
2015-02-11 11:25 - 2014-12-15 00:53 - 01296424 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\libxml2.dll
2015-02-11 11:26 - 2014-12-15 00:53 - 00060968 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\zlib1.dll
2015-02-11 11:25 - 2014-12-15 00:53 - 00107560 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ActivationOnline.dll
2015-02-11 11:25 - 2014-12-15 00:53 - 00077864 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\logsys.dll
2015-02-11 11:25 - 2014-12-15 00:53 - 00030248 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DiskSearchImg.dll
2015-02-11 11:25 - 2014-12-15 00:53 - 00068136 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\MountImg.dll
2015-02-11 11:25 - 2014-12-15 00:53 - 00158248 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ImgFile.dll
2015-02-11 11:25 - 2014-12-15 00:53 - 00280104 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DsImgFile.dll
2015-02-11 11:25 - 2014-12-15 00:53 - 00072232 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CheckImg.dll
2015-02-11 11:26 - 2014-12-15 00:53 - 00139816 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\vhdvmdk.dll
2015-02-11 11:25 - 2014-12-15 00:53 - 00037416 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\BootDriver.dll
2015-02-11 11:25 - 2014-12-15 00:53 - 00754728 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ExImage.dll
2015-02-11 11:25 - 2014-12-15 00:53 - 00193064 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EmailBackupSize.dll
2015-02-11 11:25 - 2014-12-15 00:53 - 00407080 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AndroidImage.dll
2015-02-11 11:25 - 2014-12-15 00:53 - 00148008 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EnumDisk.dll
2015-02-11 11:25 - 2014-12-15 00:53 - 00076840 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\FatLib.dll
2015-02-11 11:25 - 2014-12-15 00:53 - 00207912 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\NTFSLib.dll
2015-02-11 11:25 - 2014-12-15 00:53 - 00024616 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\GetDriverInfo.dll
2015-02-11 11:25 - 2014-12-15 00:53 - 00020520 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CorrectMbr.dll
2015-02-11 11:25 - 2014-12-15 00:53 - 00032296 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EnumTapeDevice.dll
2015-02-11 11:25 - 2014-12-15 00:53 - 00034856 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbTapeBrowse.dll
2015-02-11 11:25 - 2014-12-15 00:53 - 00064040 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\RegLib.dll
2015-02-11 11:25 - 2014-12-15 00:53 - 00022568 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AccountManager.dll
2015-02-11 11:25 - 2014-12-15 00:53 - 00115752 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\NasOperator.dll
2015-02-11 11:25 - 2014-12-15 00:53 - 00194088 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EmailBrowser.dll
2015-02-11 11:25 - 2014-12-15 00:53 - 00077864 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CloudOperator.dll
2015-02-11 11:25 - 2014-12-15 00:53 - 00037928 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ActiveOnline.dll
2015-02-11 11:26 - 2014-12-15 00:53 - 00135720 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\VMConfig.dll
2015-02-11 11:25 - 2014-12-15 00:53 - 00020008 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AndroidDeviceManager.dll
2015-02-11 11:25 - 2014-12-15 00:53 - 00043048 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbDataSwap.dll
2015-02-11 11:25 - 2014-12-15 00:53 - 00096808 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBFireWall.dll
2015-02-11 11:25 - 2014-12-15 00:53 - 00353832 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DeviceManager.dll
2015-02-11 11:25 - 2014-12-15 00:53 - 00027176 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DeviceAdapter.dll
2015-02-11 11:25 - 2014-12-15 00:53 - 00137256 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\Device.dll
2015-02-11 11:25 - 2014-12-15 00:53 - 00146984 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\Partition.dll
2013-04-19 05:59 - 2013-01-14 19:25 - 01200088 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2013-02-28 09:03 - 2013-02-28 09:03 - 00029232 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdWrapper.dll
2013-02-28 09:03 - 2013-02-28 09:03 - 01121328 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmd.dll
2013-02-28 09:03 - 2013-02-28 09:03 - 00111152 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsBase.dll
2013-02-28 09:03 - 2013-02-28 09:03 - 00056440 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\HookDllPS2.dll
2013-02-28 09:03 - 2013-02-28 09:03 - 00211064 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\WinCRT.dll
2013-02-28 09:03 - 2013-02-28 09:03 - 00027184 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsAPI.dll
2013-02-28 09:03 - 2013-02-28 09:03 - 00111152 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsBase.dll
2013-02-28 09:03 - 2013-02-28 09:03 - 00060976 _____ () C:\Program Files (x86)\Samsung\Settings\EasyMovieEnhancer.dll
2013-02-28 09:03 - 2013-02-28 09:03 - 00103472 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsCmdClient.dll
2015-02-10 22:00 - 2015-02-10 22:00 - 00750080 _____ () C:\Users\Mr.Mr.\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-02-26 23:05 - 2015-02-26 23:05 - 00043008 _____ () c:\Users\Mr.Mr.\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpnlej0f.dll
2015-02-10 22:00 - 2015-02-10 22:00 - 00047616 _____ () C:\Users\Mr.Mr.\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-02-10 22:00 - 2015-02-10 22:00 - 00865280 _____ () C:\Users\Mr.Mr.\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-02-10 22:00 - 2015-02-10 22:00 - 00200704 _____ () C:\Users\Mr.Mr.\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2014-11-25 21:23 - 2014-10-31 16:37 - 01498112 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2014-11-25 21:23 - 2014-05-19 17:19 - 00137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2014-11-25 21:22 - 2014-11-21 18:03 - 00204800 _____ () C:\Program Files\Wondershare\Video Converter Ultimate\WS_Log.dll
2014-11-25 21:23 - 2014-11-20 19:12 - 00051200 _____ () C:\Program Files\Wondershare\Video Converter Ultimate\CreateLib.dll
2014-11-25 21:22 - 2014-11-21 18:03 - 00857088 _____ () C:\Program Files\Wondershare\Video Converter Ultimate\StreamServer.dll
2013-06-24 20:04 - 2013-06-24 20:04 - 01679408 _____ () C:\Program Files (x86)\Samsung\Side Sync\SideSyncNetworkFramework.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\WINDOWS\system32\Drivers\btmhsf.sys:Microsoft_Appcompat_ReinstallUpgrade

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3609599866-1042440751-642132480-1001\Control Panel\Desktop\\Wallpaper -> C:\windows\Web\Wallpaper\Samsung\Samsung_wallpaper.jpg
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-3609599866-1042440751-642132480-500 - Administrator - Disabled)
Mr.Mr. (S-1-5-21-3609599866-1042440751-642132480-1001 - Administrator - Enabled) => C:\Users\Mr.Mr.
Gast (S-1-5-21-3609599866-1042440751-642132480-501 - Limited - Disabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/26/2015 11:07:13 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm WWAHost.exe, Version 6.3.9600.17031 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: abc

Startzeit: 01d052107db5aa9f

Endzeit: 4294967295

Anwendungspfad: C:\Windows\System32\WWAHost.exe

Berichts-ID: d00d14ce-be03-11e4-be94-b4b6765e617b

Vollständiger Name des fehlerhaften Pakets: winstore_1.0.0.0_neutral_neutral_cw5n1h2txyewy

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Windows.Store

Error: (02/26/2015 11:07:12 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: Mr.)
Description: Das Paket „winstore_1.0.0.0_neutral_neutral_cw5n1h2txyewy+Windows.Store“ wurde beendet, da das Anhalten zu lange dauerte.

Error: (02/26/2015 11:05:14 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (02/26/2015 11:05:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2901391

Error: (02/26/2015 11:05:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2901391

Error: (02/26/2015 11:05:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/26/2015 10:16:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3531

Error: (02/26/2015 10:16:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3531

Error: (02/26/2015 10:16:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/26/2015 10:16:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2344


System errors:
=============
Error: (02/26/2015 10:16:04 PM) (Source: DCOM) (EventID: 10010) (User: Mr.)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (02/26/2015 10:15:34 PM) (Source: DCOM) (EventID: 10010) (User Mr.)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (02/26/2015 10:00:52 PM) (Source: DCOM) (EventID: 10016) (User: Mr.)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}Mr.Mr.S-1-5-21-3609599866-1042440751-642132480-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (02/26/2015 10:00:52 PM) (Source: DCOM) (EventID: 10016) (User: Mr.)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}Mr.Mr.S-1-5-21-3609599866-1042440751-642132480-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (02/26/2015 10:00:52 PM) (Source: DCOM) (EventID: 10016) (User: Mr.)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}Mr.Mr.S-1-5-21-3609599866-1042440751-642132480-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (02/26/2015 10:00:51 PM) (Source: DCOM) (EventID: 10016) (User: Mr.)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}Mr.Mr.FS-1-5-21-3609599866-1042440751-642132480-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (02/26/2015 10:00:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Service Mgr PositiveFinds" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (02/26/2015 10:00:36 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎24.‎02.‎2015 um 21:03:42 unerwartet heruntergefahren.

Error: (02/24/2015 09:03:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Service Mgr PositiveFinds" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (02/24/2015 09:02:56 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Superfetch" wurde mit folgendem Fehler beendet:
%%1062


Microsoft Office Sessions:
=========================
Error: (02/26/2015 11:07:13 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: WWAHost.exe6.3.9600.17031abc01d052107db5aa9f4294967295C:\Windows\System32\WWAHost.exed00d14ce-be03-11e4-be94-b4b6765e617bwinstore_1.0.0.0_neutral_neutral_cw5n1h2txyewyWindows.Store

Error: (02/26/2015 11:07:12 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User:Mr.)
Description: winstore_1.0.0.0_neutral_neutral_cw5n1h2txyewy+Windows.Store

Error: (02/26/2015 11:05:14 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (02/26/2015 11:05:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2901391

Error: (02/26/2015 11:05:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2901391

Error: (02/26/2015 11:05:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/26/2015 10:16:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3531

Error: (02/26/2015 10:16:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3531

Error: (02/26/2015 10:16:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/26/2015 10:16:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2344


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-3337U CPU @ 1.80GHz
Percentage of memory in use: 63%
Total physical RAM: 3980.38 MB
Available physical RAM: 1452.84 MB
Total Pagefile: 4812.38 MB
Available Pagefile: 2007.29 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:94.14 GB) (Free:18.99 GB) NTFS
Drive d: (Volume) (Fixed) (Total:22.75 GB) (Free:22.7 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 119.2 GB) (Disk ID: EFF55DBF)

Partition: GPT Partition Type.

==================== End Of Log ============================
--- --- ---

Bootsektor 26.02.2015 23:40
Hallo Hans,

so ists doch super.

Es kann sein dass bei den folgenden Schritten dein Antivirus meckert, in dem Fall einfach abschalten.

Schritt 1
Bitte deinstalliere folgende Programme:

McAfee Security Scan Plus
Positive Finds

Dazu drücke auf:
Windowstaste und X
dann:
Programme und Funktionen --> Programm auswählen --> entfernen

Falls du ein Programm nicht deinstallieren kannst, lade dir von hier den Revo-uninstaller herunter und deinstalliere es damit, wähle dabei den moderaten Modus.

Schritt 2
  • Lade dir bitte die folgendes Programm auf deinen Desktop: SpyHunterKiller.exe
  • Starte das Tool und klicke Weiter.
  • Sobald das Tool fertig ist, klicke auf Ende, um das Programm zu beenden.

Schritt 3
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Schritt 4
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad.
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Sollte die Benutzeroberfläche noch in Englisch sein, klicke auf Settings und wähle bei Language Deutsch aus.
  • Klicke im Anschluss auf Suchlauf, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf jetzt starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Aktionen anwenden.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Suchlauf-Protokoll aus und klicke auf Ansicht. Wähle Exportieren auf Textdatei (.txt) und speichere die Datei als mbam.txt auf dem Desktop ab.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Schritt 5
Starte noch einmal FRST.
  • Setze den Haken bei addition.txt und drücke auf Scan.
  • Wenn der Scan abgeschlossen ist, werden zwei neue Logfiles FRST.txt und addition.txt erstellt und auf dem Desktop (oder in dem Verzeichnis in dem FRST liegt) gespeichert.
  • Poste den Inhalt dieser Logfiles bitte hier in deinen Thread.

Firstclasshu 04.03.2015 20:21
Weiter gehts....
 
Halllo Sabine,

vielen Dank für die Hilfe, hat etwas gedauert, aber ich habe alles gemacht.

ADW CLEANER:AdwCleaner Logfile:
Code:
# AdwCleaner v4.111 - Bericht erstellt 04/03/2015 um 19:47:56
# Aktualisiert 18/02/2015 von Xplode
# Datenbank : 2015-03-02.3 [Server]
# Betriebssystem : Windows 8.1 Pro  (x64)
# Benutzername : XXX - XXX
# Gestarted von : C:\Users\XXX\Downloads\AdwCleaner_4.111.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Users\XXX\AppData\Roaming\OpenCandy
Datei Gelöscht : C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\vl5mxxma.default\user.js

***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9C81D00A-3DAA-48AB-90C7-8252119ABB93}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{1DA17428-323D-48FF-857C-98CFEE48BFD5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1663C10B-0D55-438D-8496-19A3DBAEC0E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKLM\SOFTWARE\PositiveFinds
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Mozilla Firefox v34.0.5 (x86 de)


*************************

AdwCleaner[R0].txt - [2401 Bytes] - [04/03/2015 19:44:55]
AdwCleaner[S0].txt - [2269 Bytes] - [04/03/2015 19:47:56]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2328  Bytes] ##########
--- --- ---




MBAM:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 04.03.2015
Scan Time: 19:55:02
Logfile: mbam.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.03.04.05
Rootkit Database: v2015.02.25.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: xxx

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 365233
Time Elapsed: 10 min, 3 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
PUP.Optional.Downloader, C:\Users\xxx\Downloads\OpenOffice - CHIP-Installer.exe, Quarantined, [3550ae93c0caea4c9c01501b9a66f907],

Physical Sectors: 0
(No malicious items detected)


(end)


FRST:
FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-03-2015 01
Ran by XXX (administrator) on XXX on 04-03-2015 20:14:02
Running from C:\Users\XXX\Downloads
Loaded Profiles: XXX (Available profiles: XXX)
Platform: Windows 8.1 Pro (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Condusiv Technologies) C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB Card Reader\RIconMan.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
() C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
() C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Side Sync\SideSync.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Dropbox, Inc.) C:\Users\XXX\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
() C:\Program Files (x86)\Samsung\Side Sync\adb.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Wondershare) C:\Program Files\Wondershare\Video Converter Ultimate\MediaLibServer.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.1\bin\EpmNews.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\WinStore\WSHost.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Samsung Electronics CO., LTD.) C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\Support Center\GuaranaAgent.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13263072 2012-12-12] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1260256 2013-01-04] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_SRSSA] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1260256 2013-01-04] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2875216 2013-01-02] (ELAN Microelectronics Corp.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [Bitcasa] => C:\Program Files\Bitcasa\Bitcasa.exe [4365824 2012-12-27] (Bitcasa, Inc)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [310640 2013-03-07] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-13] (Intel Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [97392 2012-08-15] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [StatusAlerts] => C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe [313656 2013-04-18] (Hewlett-Packard Company)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2072928 2014-10-31] (Wondershare)
HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\Wondershare\Video Converter Ultimate\DelayPluginI.exe [1960336 2014-11-21] ()
HKLM-x32\...\Run: [Wondershare Media Server] => C:\Program Files\Wondershare\Video Converter Ultimate\MediaLibServer.exe [215440 2014-11-21] (Wondershare)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126712 2015-01-19] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-11-24] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [EaseUS EPM tray] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.1\bin\EpmNews.exe [2086568 2014-03-06] (CHENGDU YIWO Tech Development Co., Ltd)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3609599866-1042440751-642132480-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-3609599866-1042440751-642132480-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)
Startup: C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\XXX\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\XXX\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\XXX\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\XXX\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\XXX\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\XXX\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\XXX\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\XXX\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\XXX\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [1EldosIconOverlay] -> {CF16A846-3240-485D-BA85-ED4B88EF6F5B} => C:\windows\SYSTEM32\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [BitcasaIconOverlay] -> {A6975448-A999-49BB-B3E4-7730CF6A82C0} => C:\Program Files\Bitcasa\ExplorerMenu.dll (Bitcasa, Inc)
ShellIconOverlayIdentifiers: [BitcasaProgressOverlay] -> {6FB8D52A-0064-45B2-B687-F596FEAD09C2} => C:\Program Files\Bitcasa\ExplorerMenu.dll (Bitcasa, Inc)
ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [1EldosIconOverlay] -> {CF16A846-3240-485D-BA85-ED4B88EF6F5B} => C:\windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\windows\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3609599866-1042440751-642132480-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKU\S-1-5-21-3609599866-1042440751-642132480-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung13.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3609599866-1042440751-642132480-1001 -> {671FF2B8-43AB-44F6-B47A-BE187B60183A} URL =
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Wondershare Video Converter Ultimate 7.1.0 -> {451C804F-C205-4F03-B48E-537EC94937BF} -> C:\ProgramData\Wondershare\Video Converter Ultimate\WSBrowserAppMgr.dll (Wondershare)
Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\vl5mxxma.default
FF Homepage: www.google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @Sibelius.com/Scorch Plugin,version=6.2.0.88 -> C:\Program Files (x86)\Sibelius Software\Scorch\npsibelius.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPSibelius.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\PDFNetC.dll (PDFTron Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ScorchAxPlugin.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ScorchPDFWrapper.dll ()
FF Extension: Avira Browser Safety - C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\vl5mxxma.default\Extensions\abs@avira.com [2015-02-11]
FF HKLM-x32\...\Firefox\Extensions: [WSVCU@Wondershare.com] - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com
FF Extension: Wondershare Video Converter Ultimate - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com [2014-11-25]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [182520 2015-01-19] (Avira Operations GmbH & Co. KG)
R2 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [37416 2014-12-15] (CHENGDU YIWO Tech Development Co., Ltd)
R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1594416 2013-02-28] (Samsung Electronics CO., LTD.)
R2 HP DS Service; C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe [13824 2011-10-17] (Hewlett-Packard Company) [File not signed]
S2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [174592 2012-12-04] (HP) [File not signed]
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB Card Reader\RIconMan.exe [2466448 2012-09-13] (Realsil Microelectronics Inc.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319376 2014-10-01] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131032 2013-01-14] (Intel Corporation)
R2 IntelliMemory; C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exe [55720 2012-12-21] (Condusiv Technologies)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165336 2013-01-14] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] ()
R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3020632 2014-04-04] (Samsung Electronics CO., LTD.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36096 2014-07-21] (Advanced Micro Devices, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-11-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131608 2014-11-24] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-11-24] (Avira Operations GmbH & Co. KG)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-09-24] (Microsoft Corporation)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1337216 2012-10-01] (Motorola Solutions, Inc.)
R1 cbfs3; C:\windows\system32\drivers\cbfs3.sys [352456 2012-08-06] (EldoS Corporation)
S3 epmntdrv; C:\WINDOWS\system32\epmntdrv.sys [17480 2013-03-07] () [File not signed]
S3 epmntdrv; C:\WINDOWS\SysWOW64\epmntdrv.sys [13896 2013-03-07] () [File not signed]
R3 ETDSMBus; C:\Windows\System32\drivers\ETDSMBus.sys [20336 2013-01-02] (ELAN Microelectronic Corp.)
R0 EUBKMON; C:\Windows\System32\drivers\EUBKMON.sys [48168 2014-12-15] ()
S3 EuGdiDrv; C:\WINDOWS\system32\EuGdiDrv.sys [9800 2013-03-07] () [File not signed]
S3 EuGdiDrv; C:\WINDOWS\SysWOW64\EuGdiDrv.sys [9160 2013-03-07] () [File not signed]
R1 intmfs; C:\Windows\System32\DRIVERS\intmfs.sys [29096 2012-12-21] (Condusiv Technologies)
R0 intmsd; C:\Windows\System32\DRIVERS\intmsd.sys [104872 2012-12-21] (Condusiv Technologies)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-03-04] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\Netwew00.sys [3345376 2013-10-08] (Intel Corporation)
R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows (R) Win 7 DDK provider)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
R3 SensorsAlsDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)
S3 SWDUMon; C:\Windows\system32\DRIVERS\SWDUMon.sys [16152 2014-08-24] ()
R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [47072 2012-10-09] (Windows (R) Win 7 DDK provider)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
R3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188896 2012-10-09] (Windows (R) Win 7 DDK provider)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-04 20:14 - 2015-03-04 20:14 - 00022486 _____ () C:\Users\XXX\Downloads\FRST.txt
2015-03-04 20:13 - 2015-03-04 20:13 - 02092544 _____ (Farbar) C:\Users\XXX\Downloads\FRST64.exe
2015-03-04 19:54 - 2015-03-04 20:07 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-03-04 19:54 - 2015-03-04 19:54 - 00001114 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-03-04 19:54 - 2015-03-04 19:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-04 19:54 - 2015-03-04 19:54 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-04 19:54 - 2015-03-04 19:54 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-03-04 19:54 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-03-04 19:54 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-03-04 19:54 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-03-04 19:53 - 2015-03-04 19:53 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\XXX\Downloads\mbam-setup-2.0.4.1028.exe
2015-03-04 19:44 - 2015-03-04 19:47 - 00000000 ____D () C:\AdwCleaner
2015-03-04 19:44 - 2015-03-04 19:44 - 02126848 _____ () C:\Users\XXX\Downloads\AdwCleaner_4.111.exe
2015-02-26 23:07 - 2015-03-04 20:14 - 00000000 ____D () C:\FRST
2015-02-24 20:15 - 2015-02-24 20:15 - 00000000 ____D () C:\Users\XXX\AppData\Roaming\Enigma Software Group
2015-02-24 20:15 - 2015-02-24 20:15 - 00000000 _____ () C:\autoexec.bat
2015-02-24 20:14 - 2015-02-24 20:14 - 00016026 _____ () C:\Users\XXX\Desktop\results.xml
2015-02-24 20:01 - 2015-02-24 20:01 - 00000000 __SHD () C:\Users\XXX\AppData\Local\EmieBrowserModeList
2015-02-24 19:58 - 2015-02-24 19:58 - 00061191 _____ () C:\WINDOWS\SysWOW64\CCCInstall_201502241958408242.log
2015-02-24 19:58 - 2015-02-24 19:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2015-02-24 19:58 - 2015-02-24 19:58 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2015-02-24 19:56 - 2015-02-24 19:56 - 00000728 _____ () C:\Users\Public\Desktop\Intel(R) HD Graphics Control Panel.lnk
2015-02-24 19:56 - 2015-01-15 23:43 - 00563504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-02-24 19:56 - 2015-01-15 23:43 - 00177984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-02-24 19:56 - 2015-01-14 05:22 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-02-24 19:56 - 2015-01-14 04:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-02-24 19:56 - 2014-10-29 03:51 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll
2015-02-24 19:56 - 2014-10-29 03:50 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2015-02-24 19:56 - 2014-10-29 03:06 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2015-02-24 19:56 - 2014-10-29 03:06 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll
2015-02-24 19:56 - 2014-10-29 02:31 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-02-24 19:56 - 2013-08-30 20:14 - 00156712 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdhcp64.dll
2015-02-24 19:56 - 2013-08-30 20:14 - 00141256 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdhcp32.dll
2015-02-24 19:56 - 2013-08-30 20:14 - 00114488 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiu9p64.dll
2015-02-24 19:56 - 2013-08-30 20:14 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atimpc64.dll
2015-02-24 19:56 - 2013-08-30 20:14 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdpcom64.dll
2015-02-24 19:56 - 2013-08-30 20:14 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atimpc32.dll
2015-02-24 19:56 - 2013-08-30 20:14 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdpcom32.dll
2015-02-24 19:56 - 2013-08-30 20:13 - 07256496 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiumd64.dll
2015-02-24 19:56 - 2013-08-30 20:13 - 06767240 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiumd6a.dll
2015-02-24 19:56 - 2013-08-30 20:13 - 06176008 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiumdva.dll
2015-02-24 19:56 - 2013-08-30 20:11 - 12528640 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\atikmdag.sys
2015-02-24 19:56 - 2013-08-30 20:05 - 00781312 _____ () C:\WINDOWS\system32\amdmiracast.dll
2015-02-24 19:56 - 2013-08-30 19:48 - 00229376 _____ () C:\WINDOWS\system32\clinfo.exe
2015-02-24 19:56 - 2013-08-30 19:48 - 00127488 _____ (AMD) C:\WINDOWS\system32\coinst_13.152.dll
2015-02-24 19:56 - 2013-08-30 19:47 - 28192256 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\amdocl64.dll
2015-02-24 19:56 - 2013-08-30 19:47 - 00098816 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\OpenVideo64.dll
2015-02-24 19:56 - 2013-08-30 19:47 - 00086528 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\OVDecode64.dll
2015-02-24 19:56 - 2013-08-30 19:47 - 00083456 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\OpenVideo.dll
2015-02-24 19:56 - 2013-08-30 19:47 - 00073216 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\OVDecode.dll
2015-02-24 19:56 - 2013-08-30 19:45 - 23760896 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\amdocl.dll
2015-02-24 19:56 - 2013-08-30 19:43 - 00063488 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2015-02-24 19:56 - 2013-08-30 19:43 - 00057344 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2015-02-24 19:56 - 2013-08-30 19:35 - 25387520 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atio6axx.dll
2015-02-24 19:56 - 2013-08-30 19:18 - 00530824 _____ () C:\WINDOWS\SysWOW64\atiapfxx.blb
2015-02-24 19:56 - 2013-08-30 19:18 - 00530824 _____ () C:\WINDOWS\system32\atiapfxx.blb
2015-02-24 19:56 - 2013-08-30 19:18 - 00368640 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiapfxx.exe
2015-02-24 19:56 - 2013-08-30 19:18 - 00062464 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticalrt64.dll
2015-02-24 19:56 - 2013-08-30 19:18 - 00055808 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticalcl64.dll
2015-02-24 19:56 - 2013-08-30 19:18 - 00052224 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\aticalrt.dll
2015-02-24 19:56 - 2013-08-30 19:18 - 00049152 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\aticalcl.dll
2015-02-24 19:56 - 2013-08-30 19:17 - 15716352 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticaldd64.dll
2015-02-24 19:56 - 2013-08-30 19:14 - 21400064 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atioglxx.dll
2015-02-24 19:56 - 2013-08-30 19:14 - 14302208 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\aticaldd.dll
2015-02-24 19:56 - 2013-08-30 19:04 - 03388672 _____ () C:\WINDOWS\system32\atiumd6a.cap
2015-02-24 19:56 - 2013-08-30 18:59 - 00442368 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atidemgy.dll
2015-02-24 19:56 - 2013-08-30 18:58 - 00571904 _____ (AMD) C:\WINDOWS\system32\atieclxx.exe
2015-02-24 19:56 - 2013-08-30 18:58 - 00026112 _____ (AMD) C:\WINDOWS\system32\atimuixx.dll
2015-02-24 19:56 - 2013-08-30 18:57 - 00239616 _____ (AMD) C:\WINDOWS\system32\atiesrxx.exe
2015-02-24 19:56 - 2013-08-30 18:56 - 00190976 _____ (AMD) C:\WINDOWS\system32\atitmm64.dll
2015-02-24 19:56 - 2013-08-30 18:50 - 03422720 _____ () C:\WINDOWS\SysWOW64\atiumdva.cap
2015-02-24 19:56 - 2013-08-30 18:37 - 00096256 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdave64.dll
2015-02-24 19:56 - 2013-08-30 18:37 - 00090624 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdave32.dll
2015-02-24 19:56 - 2013-08-30 18:37 - 00089088 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atisamu64.dll
2015-02-24 19:56 - 2013-08-30 18:37 - 00080896 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atisamu32.dll
2015-02-24 19:56 - 2013-08-30 18:35 - 00134656 _____ () C:\WINDOWS\system32\amdhdl64.dll
2015-02-24 19:56 - 2013-08-30 18:34 - 00123392 _____ () C:\WINDOWS\SysWOW64\amdhdl32.dll
2015-02-24 19:56 - 2013-08-30 18:33 - 00784384 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiadlxx.dll
2015-02-24 19:56 - 2013-08-30 18:33 - 00594944 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxy.dll
2015-02-24 19:56 - 2013-08-30 18:33 - 00075264 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atig6pxx.dll
2015-02-24 19:56 - 2013-08-30 18:33 - 00043520 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\ati2erec.dll
2015-02-24 19:56 - 2013-08-30 18:32 - 00618496 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\atikmpag.sys
2015-02-24 19:56 - 2013-08-30 18:32 - 00100352 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atig6txx.dll
2015-02-24 19:56 - 2013-08-30 18:32 - 00096768 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atigktxx.dll
2015-02-24 19:56 - 2013-08-30 18:32 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiglpxx.dll
2015-02-24 19:56 - 2013-08-30 18:32 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiglpxx.dll
2015-02-24 19:56 - 2013-08-27 15:06 - 00233652 _____ () C:\WINDOWS\system32\ativvaxy_cik.dat
2015-02-24 19:56 - 2013-08-27 13:27 - 00082336 _____ () C:\WINDOWS\system32\ativce02.dat
2015-02-24 19:56 - 2013-08-07 13:22 - 00716208 _____ () C:\WINDOWS\system32\atiicdxx.dat
2015-02-24 19:56 - 2013-08-07 11:12 - 00231984 _____ () C:\WINDOWS\system32\ativvaxy_cik_nd.dat
2015-02-24 19:56 - 2013-05-04 15:22 - 00047164 _____ () C:\WINDOWS\atiogl.xml
2015-02-24 19:54 - 2015-01-13 23:11 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-02-24 19:54 - 2015-01-13 23:04 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-02-24 19:54 - 2015-01-10 10:10 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-02-24 19:54 - 2015-01-10 10:10 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-02-24 19:54 - 2015-01-10 09:28 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-02-24 19:54 - 2014-12-09 04:45 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll
2015-02-24 19:54 - 2014-12-09 02:56 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2015-02-24 19:54 - 2014-10-29 03:02 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-02-24 19:54 - 2014-10-29 03:02 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-02-24 19:54 - 2014-10-29 02:57 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
2015-02-24 19:54 - 2014-10-29 02:15 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2015-02-24 19:54 - 2014-10-29 02:15 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll
2015-02-24 19:54 - 2014-10-29 02:14 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe
2015-02-24 19:54 - 2014-10-29 02:13 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe
2015-02-24 19:54 - 2014-10-29 02:13 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe
2015-02-24 19:53 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-02-24 19:53 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-02-24 19:53 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-02-24 19:53 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-02-24 19:53 - 2015-01-12 03:34 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-02-24 19:53 - 2015-01-12 03:32 - 06041088 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-02-24 19:53 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-02-24 19:53 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-02-24 19:53 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-02-24 19:53 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-02-24 19:53 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-02-24 19:53 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-02-24 19:53 - 2015-01-12 02:58 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-02-24 19:53 - 2015-01-12 02:55 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-02-24 19:53 - 2015-01-12 02:51 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-02-24 19:53 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-02-24 19:53 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-02-24 19:53 - 2015-01-12 02:48 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-02-24 19:53 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-02-24 19:53 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2015-02-24 19:53 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-02-24 19:53 - 2015-01-12 02:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-02-24 19:53 - 2015-01-12 02:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-02-24 19:53 - 2015-01-12 02:29 - 04300800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-02-24 19:53 - 2015-01-12 02:27 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-02-24 19:53 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-02-24 19:53 - 2015-01-12 02:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-02-24 19:53 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-02-24 19:53 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-02-24 19:53 - 2015-01-12 02:23 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-02-24 19:53 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-02-24 19:53 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-02-24 19:53 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-02-24 19:53 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-02-24 19:53 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-02-24 19:53 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-02-24 19:53 - 2015-01-10 09:22 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-02-24 19:53 - 2015-01-10 08:00 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-02-24 19:53 - 2015-01-10 07:38 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-02-24 19:47 - 2015-02-24 19:47 - 00000000 ____D () C:\Users\XXX\Desktop\Documents\Wondershare Video Converter Ultimate
2015-02-24 19:47 - 2015-02-24 19:47 - 00000000 ____D () C:\Users\XXX\Desktop\Documents\CyberLink
2015-02-24 19:47 - 2015-02-24 19:47 - 00000000 ____D () C:\Users\XXX\Desktop\Documents\05 Arbeit
2015-02-24 19:47 - 2015-02-24 19:47 - 00000000 ____D () C:\Users\XXX\Desktop\Documents\03 Haus (Stand 060113)
2015-02-24 19:47 - 2015-02-24 19:47 - 00000000 ____D () C:\Users\XXX\Desktop\Documents\02 Konstantin
2015-02-24 19:47 - 2015-02-24 19:47 - 00000000 ____D () C:\Users\XXX\Desktop\Documents\01 Raphael
2015-02-24 19:47 - 2014-12-23 21:14 - 00000000 _____ () C:\Users\XXX\Desktop\Documents\HPLJM127_128_Fax_Port
2015-02-24 19:46 - 2015-03-04 20:09 - 00000000 ____D () C:\Users\XXX\Desktop\Documents\15 Sonstiges
2015-02-24 19:46 - 2015-02-24 19:46 - 00000000 ____D () C:\Users\XXX\Desktop\Documents\Alt
2015-02-24 19:46 - 2015-02-24 19:46 - 00000000 ____D () C:\Users\XXX\Desktop\Documents\14 Buch
2015-02-24 19:46 - 2015-02-24 19:46 - 00000000 ____D () C:\Users\XXX\Desktop\Documents\13 Geldanlage
2015-02-24 19:46 - 2015-02-24 19:46 - 00000000 ____D () C:\Users\XXX\Desktop\Documents\12 Klavier
2015-02-24 19:46 - 2015-02-24 19:46 - 00000000 ____D () C:\Users\XXX\Desktop\Documents\11 - Versuch
2015-02-24 19:46 - 2015-02-24 19:46 - 00000000 ____D () C:\Users\XXX\Desktop\Documents\10 Sonstiges
2015-02-11 12:03 - 2015-02-11 12:03 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2015-02-11 11:28 - 2015-02-11 11:28 - 00002145 _____ () C:\Users\Public\Desktop\EaseUS Todo Backup Free 8.0 .lnk
2015-02-11 11:28 - 2015-02-11 11:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Todo Backup Free 8.0
2015-02-11 11:28 - 2015-02-11 11:28 - 00000000 ____D () C:\Meine Backups
2015-02-11 11:28 - 2014-12-15 00:59 - 00192040 _____ (CHENGDU YIWO Tech Development Co., Ltd) C:\WINDOWS\system32\Drivers\EuFdDisk.sys
2015-02-11 11:28 - 2014-12-15 00:59 - 00060968 _____ (CHENGDU YIWO Tech Development Co., Ltd) C:\WINDOWS\system32\Drivers\eubakup.sys
2015-02-11 11:28 - 2014-12-15 00:59 - 00048168 _____ () C:\WINDOWS\system32\Drivers\EUBKMON.sys
2015-02-11 11:28 - 2014-12-15 00:59 - 00018472 _____ (CHENGDU YIWO Tech Development Co., Ltd) C:\WINDOWS\system32\Drivers\eudskacs.sys
2015-02-11 11:26 - 2014-12-15 01:03 - 00024104 _____ (CHENGDU YIWO Tech Development Co., Ltd) C:\WINDOWS\system32\fbnative.exe
2015-02-11 11:24 - 2015-02-11 11:25 - 00000000 ____D () C:\ProgramData\TuneUp Software
2015-02-11 11:24 - 2015-02-11 11:25 - 00000000 ____D () C:\Program Files (x86)\EaseUS
2015-02-11 11:24 - 2015-02-11 11:24 - 00001404 _____ () C:\Users\Public\Desktop\EaseUS Partition Master 10.1.lnk
2015-02-11 11:24 - 2015-02-11 11:24 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2015-02-11 11:24 - 2015-02-11 11:24 - 00000000 ____D () C:\Users\XXX\AppData\Roaming\TuneUp Software
2015-02-11 11:24 - 2015-02-11 11:24 - 00000000 ____D () C:\Users\XXX\AppData\Local\TuneUp Software
2015-02-11 11:24 - 2015-02-11 11:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Partition Master 10.1
2015-02-11 11:24 - 2014-04-04 00:42 - 03382440 _____ () C:\WINDOWS\system32\BootMan.exe
2015-02-11 11:24 - 2014-04-04 00:25 - 02499752 _____ () C:\WINDOWS\SysWOW64\BootMan.exe
2015-02-11 11:24 - 2013-03-07 09:49 - 00100936 _____ () C:\WINDOWS\system32\setupempdrvx64.exe
2015-02-11 11:24 - 2013-03-07 09:49 - 00087112 _____ () C:\WINDOWS\SysWOW64\setupempdrv03.exe
2015-02-11 11:24 - 2013-03-07 09:49 - 00019840 _____ () C:\WINDOWS\SysWOW64\EuEpmGdi.dll
2015-02-11 11:24 - 2013-03-07 09:49 - 00017480 _____ () C:\WINDOWS\system32\epmntdrv.sys
2015-02-11 11:24 - 2013-03-07 09:49 - 00016256 _____ () C:\WINDOWS\system32\EuEpmGdi.dll
2015-02-11 11:24 - 2013-03-07 09:49 - 00013896 _____ () C:\WINDOWS\SysWOW64\epmntdrv.sys
2015-02-11 11:24 - 2013-03-07 09:49 - 00009800 _____ () C:\WINDOWS\system32\EuGdiDrv.sys
2015-02-11 11:24 - 2013-03-07 09:49 - 00009160 _____ () C:\WINDOWS\SysWOW64\EuGdiDrv.sys
2015-02-11 11:20 - 2015-02-11 11:21 - 30573888 _____ (EaseUS ) C:\Users\XXX\Downloads\epm.exe
2015-02-11 11:17 - 2015-02-11 11:17 - 00000000 ____D () C:\Users\XXX\AppData\Roaming\Avira
2015-02-11 11:16 - 2014-12-04 00:37 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-02-11 11:16 - 2014-12-04 00:09 - 00830464 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-02-11 11:16 - 2014-12-03 00:09 - 01083392 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-02-11 11:16 - 2014-12-03 00:09 - 00740864 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-02-11 11:16 - 2014-12-03 00:09 - 00412672 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-02-11 11:16 - 2014-12-03 00:09 - 00396288 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-02-11 11:16 - 2014-12-03 00:09 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2015-02-11 11:16 - 2014-11-10 03:29 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupStatusProvider.dll
2015-02-11 11:16 - 2014-11-10 02:51 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceSetupStatusProvider.dll
2015-02-11 11:16 - 2014-10-31 00:39 - 01970432 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2015-02-11 11:16 - 2014-10-31 00:38 - 01612992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2015-02-11 11:16 - 2014-10-13 03:33 - 00116032 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2015-02-11 11:16 - 2014-10-11 01:58 - 03320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2015-02-11 11:16 - 2014-10-11 01:53 - 03607040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2015-02-11 11:16 - 2014-10-08 08:30 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2015-02-11 11:16 - 2014-10-08 08:09 - 00428032 _____ (Microsoft Corporation) C:\WINDOWS\system32\msihnd.dll
2015-02-11 11:16 - 2014-10-08 07:27 - 00325120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msihnd.dll
2015-02-11 11:16 - 2014-10-08 06:32 - 02773504 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-02-11 11:16 - 2014-10-08 06:19 - 02459136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-02-11 11:16 - 2014-09-22 05:38 - 01519488 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2015-02-11 11:16 - 2014-09-22 04:06 - 00258368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2015-02-11 11:16 - 2014-09-22 04:06 - 00114496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2015-02-11 11:16 - 2014-09-22 03:49 - 00035320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2015-02-11 11:16 - 2014-09-19 01:16 - 01346048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2015-02-11 11:16 - 2014-09-02 23:08 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\winshfhc.dll
2015-02-11 11:16 - 2014-09-02 23:08 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winshfhc.dll
2015-02-11 11:16 - 2014-07-10 05:08 - 00321536 _____ (Microsoft Corporation) C:\WINDOWS\system32\lockscreencn.dll
2015-02-11 11:14 - 2014-11-01 00:57 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2015-02-11 11:14 - 2014-11-01 00:47 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2015-02-11 11:13 - 2015-02-11 11:12 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys
2015-02-11 11:11 - 2014-11-24 10:23 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2015-02-11 11:11 - 2014-11-24 10:23 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2015-02-11 11:11 - 2014-11-24 10:23 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys
2015-02-11 11:10 - 2015-02-11 11:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-02-11 11:10 - 2015-02-11 11:11 - 00000000 ____D () C:\ProgramData\Avira
2015-02-11 11:10 - 2015-02-11 11:11 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-02-11 11:10 - 2015-02-11 11:10 - 00001153 _____ () C:\Users\Public\Desktop\Avira.lnk
2015-02-11 11:09 - 2015-02-11 11:09 - 04515896 _____ (Avira Operations & Co. KG) C:\Users\XXX\Downloads\avira_de_av_5843677129__ws.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-04 20:12 - 2014-08-23 14:21 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3609599866-1042440751-642132480-1001
2015-03-04 20:11 - 2014-12-14 18:36 - 01109474 _____ () C:\WINDOWS\WindowsUpdate.log
2015-03-04 20:11 - 2014-09-24 07:16 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-03-04 20:11 - 2014-09-24 06:43 - 00765582 _____ () C:\WINDOWS\system32\perfh007.dat
2015-03-04 20:11 - 2014-09-24 06:43 - 00159366 _____ () C:\WINDOWS\system32\perfc007.dat
2015-03-04 20:09 - 2013-04-19 06:51 - 00000000 ____D () C:\ProgramData\WinClon
2015-03-04 20:08 - 2014-08-30 15:46 - 00000000 ___RD () C:\Users\XXX\Dropbox
2015-03-04 20:08 - 2014-08-23 15:05 - 00000000 ____D () C:\Users\XXX\AppData\Roaming\Dropbox
2015-03-04 20:06 - 2014-09-23 22:06 - 00840518 _____ () C:\WINDOWS\PFRO.log
2015-03-04 20:06 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\MediaViewer
2015-03-04 20:06 - 2013-08-22 15:46 - 00307644 _____ () C:\WINDOWS\setupact.log
2015-03-04 20:06 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-03-04 20:06 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-03-04 20:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-03-04 19:58 - 2015-01-11 12:07 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-03-04 19:47 - 2014-08-24 18:47 - 00000528 _____ () C:\WINDOWS\Tasks\DriverUpdate Daily Scan.job
2015-03-04 19:39 - 2014-12-14 18:46 - 00003958 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{E85DE4A8-84A6-4E18-BA15-6B403F2D6CA8}
2015-02-26 22:12 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-02-26 22:05 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-02-24 21:04 - 2014-08-23 15:00 - 00000000 ____D () C:\Users\XXX\AppData\Local\CrashDumps
2015-02-24 21:03 - 2013-08-22 15:44 - 00416656 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-02-24 21:02 - 2013-04-19 06:00 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-24 20:15 - 2014-12-14 18:38 - 00000000 ____D () C:\Users\XXX
2015-02-24 19:58 - 2013-04-19 06:50 - 00000000 ____D () C:\ProgramData\AMD
2015-02-24 19:57 - 2014-12-14 18:37 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies
2015-02-24 19:56 - 2014-12-14 18:36 - 00000000 ____D () C:\Program Files (x86)\Intel
2015-02-24 19:56 - 2013-04-19 05:59 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2015-02-24 19:49 - 2014-08-23 15:14 - 00000000 ____D () C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-11 12:03 - 2014-09-24 08:41 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2015-02-11 12:03 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-02-11 12:03 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-02-11 12:03 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows Defender
2015-02-11 12:03 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-02-11 11:58 - 2015-01-11 12:07 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-02-11 11:43 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-02-11 11:41 - 2014-09-06 17:11 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-02-11 11:36 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-02-03 20:31 - 2014-09-24 08:43 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-02-03 20:31 - 2014-09-24 08:43 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2014-08-23 14:15 - 2014-08-24 18:15 - 0001492 _____ () C:\Users\XXX\AppData\Roaming\AbsoluteReminder.xml
2014-12-23 21:24 - 2014-12-23 21:26 - 0563890 _____ () C:\Users\XXX\AppData\Roaming\Scorch_Install.log
2013-04-19 06:56 - 2013-02-19 08:34 - 2064264 _____ (Samsung Electronics) C:\ProgramData\MakeMarkerFile.exe
2013-04-19 06:56 - 2013-01-12 15:51 - 0003004 _____ () C:\ProgramData\MakeMarkerFile.xml

Files to move or delete:
====================
C:\ProgramData\MakeMarkerFile.exe
C:\Users\EasySurvey\EasySurvey.exe


Some content of TEMP:
====================
C:\Users\XXX\AppData\Local\Temp\avgnt.exe
C:\Users\XXX\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpcel7cf.dll
C:\Users\XXX\AppData\Local\Temp\Quarantine.exe
C:\Users\XXX\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-26 22:14

==================== End Of Log ============================
--- --- ---



Und Addition:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-03-2015 01
Ran by xxx at 2015-03-04 20:14:59
Running from C:\Users\xxx\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Absolute Reminder (HKLM-x32\...\{40F4FF7A-B214-4453-B973-080B09CED019}) (Version: 2.1.0.8 - Absolute Software)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader X (10.1.3) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.3 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{9043E92C-183C-7633-0237-96CE00F5C909}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avira (HKLM-x32\...\{bd538030-07d4-4999-a525-7fafa2483f56}) (Version: 1.1.30.21727 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.30.21727 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Bitcasa version 0.9.20.4135 (HKLM\...\{EDA09459-AD7D-4434-BA0C-647F6703EA12}_is1) (Version: 0.9.20.4135 - Bitcasa Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
CopyTrans Control Center deinstallieren (HKU\S-1-5-21-3609599866-1042440751-642132480-1001\...\CopyTrans Suite) (Version: 3.003 - WindSolutions)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4421.02 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKU\S-1-5-21-3609599866-1042440751-642132480-1001\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.)
EaseUS Partition Master 10.1 (HKLM-x32\...\EaseUS Partition Master_is1) (Version: - EaseUS)
EaseUS Todo Backup Free 8.0 (HKLM-x32\...\EaseUS Todo Backup_is1) (Version: 8.0 - CHENGDU YIWO Tech Development Co., Ltd)
Easy File Share (HKLM-x32\...\{A7C37D4B-F37A-42E8-9B6A-B28C18AD4C12}) (Version: 1.3.6 - Samsung Electronics CO.,LTD.)
E-POP (HKLM-x32\...\{F06DD8D9-9DC8-430C-835C-C9BF21E05CC1}) (Version: 1.0.1 - Samsung Electronics CO., LTD.)
ETDWare X64 11.7.8.5_WHQL (HKLM\...\Elantech) (Version: 11.7.8.5 - ELAN Microelectronic Corp.)
Fotogalerie (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Help Desk (HKLM\...\{22B32087-797D-4A1B-AFA7-072C87580ADC}) (Version: 1.0.9 - Samsung Electronics CO., LTD.)
HP LaserJet Pro MFP M127-M128 (HKLM-x32\...\{3b050369-8d19-413d-9dec-84ff278472eb}) (Version: 8.0.13171.943 - Hewlett-Packard)
HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.002.004 - Hewlett-Packard)
hpbDSService (x32 Version: 002.002.07399 - Hewlett-Packard) Hidden
hpbM128DSService (x32 Version: 001.001.08254 - Hewlett-Packard) Hidden
HPDXP (x32 Version: 3.0.26.40 - HP) Hidden
HPLJDXPHelper (x32 Version: 060.048.005 - HP) Hidden
HPLJProMFPM127M128 (HKLM-x32\...\{7F2E85CF-9596-47C7-A4FF-80BAF7F09BAD}) (Version: 1.00.0000 - Hewlett-Packard)
HPLJUTCore (x32 Version: 008.000.0001 - HP) Hidden
HPLJUTM127_128 (x32 Version: 008.000.0001 - HP) Hidden
hppLaserJetService (x32 Version: 009.033.00905 - Hewlett-Packard) Hidden
hppM125LaserJetService (x32 Version: 001.032.00682 - Hewlett-Packard) Hidden
hpStatusAlerts (x32 Version: 080.040.00171 - Hewlett Packard) Hidden
hpStatusAlertsM127-M128 (x32 Version: 080.046.00111 - Hewlett-Packard) Hidden
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33070) (Version: 3.6.1.33070.11 - Intel)
Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.36843 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.30.1349 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3304 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{DA2600C1-6BDF-4FD1-8F3D-148929CC1385}) (Version: 2.6.1210.0278 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.6.0.1030 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{6097158B-0184-4140-BEC3-7885794D2571}) (Version: 3.5.40.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{87d45b7e-19da-4dd5-9214-5e0d587c312f}) (Version: 15.6.1 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{c9967fbd-e3c3-4ed0-992a-5b33260f2944}) (Version: 16.1.5 - Intel Corporation)
IntelliMemory (HKLM\...\{40320F22-7D70-49DB-9D66-B6FAE5F36B47}) (Version: 1.0.32.0 - Condusiv Technologies)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
LJDXPHelperUI (x32 Version: 060.048.005 - HP) Hidden
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Mozilla Firefox 34.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
OEM Application Profile (HKLM-x32\...\{EE55B368-EBDF-98F3-CFE7-7CE4ADBC4553}) (Version: 1.00.0004 - Advanced Micro Devices, Inc.)
OpenOffice 4.1.0 (HKLM-x32\...\{E19483E2-6C18-494D-A307-D4498BCFD2C7}) (Version: 4.10.9764 - Apache Software Foundation)
Phone Screen Sharing (HKLM-x32\...\{DF02C515-40B5-45AC-A601-5DC69D03885C}) (Version: 1.3.0.1 - RSUPPORT)
Plants vs. Zombies (HKLM-x32\...\Plants vs. Zombies) (Version: - PopCap Games)
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Raccolta foto (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Ravensburger tiptoi (HKLM-x32\...\Ravensburger tiptoi) (Version: - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.4.907.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6818 - Realtek Semiconductor Corp.)
Realtek USB Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.2.9200.39035 - Realtek Semiconductor Corp.)
Recovery (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 6.0.9.6 - Samsung Electronics CO., LTD.)
S Agent (Version: 1.1.47 - Samsung Electronics CO., LTD.) Hidden
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.2.13021_11 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.5.2.13021_11 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.22.0 - SAMSUNG Electronics Co., Ltd.)
Settings (HKLM-x32\...\{8CB5C357-12E5-41B1-A024-D57D4E6F32D9}) (Version: 2.0.1 - Samsung Electronics CO., LTD.)
Sibelius Scorch (Firefox, Opera, Netscape, Chrome only) (HKLM-x32\...\{41626CC0-A854-4402-AD06-D7939515C282}) (Version: 6.2.0 - Sibelius Software, a division of Avid Technology, Inc.)
Side Sync (HKLM-x32\...\{C6DA306C-B288-452A-B85C-01265DBFF0DA}) (Version: 1.1.12 - Samsung Electronics CO., LTD.)
SpyHunter 4 (HKLM-x32\...\SpyHunter) (Version: 4.19.13.4482 - Enigma Software Group, LLC)
SRS Premium Sound (HKLM-x32\...\{E44F8A34-529E-4318-A0E1-1893C337A47F}) (Version: 1.00.2600 - DTS, Inc.)
Support Center (HKLM\...\{50E36BBB-36A5-400A-8AC5-9F7C0BD751A2}) (Version: 2.1.80 - Samsung Electronics CO., LTD.)
Support Center FAQ (x32 Version: 1.0.8 - Samsung Electronics CO., LTD.) Hidden
SW Update (HKLM-x32\...\{D2B5F1E3-EA56-4D84-A453-A213B32974CB}) (Version: 2.1.25 - Samsung Electronics CO., LTD.)
User Guide (HKLM-x32\...\{491C3106-0333-4CC0-8085-7F82065FBFA4}) (Version: 1.2.00 - Samsung Electronics CO., LTD.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
Wondershare Video Converter Ultimate(Build 8.0.1.6) (HKLM-x32\...\Wondershare Video Converter Ultimate_is1) (Version: 8.0.1.6 - Wondershare Software)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3609599866-1042440751-642132480-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\xxx\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3609599866-1042440751-642132480-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-3609599866-1042440751-642132480-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\xxx\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3609599866-1042440751-642132480-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\xxx\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3609599866-1042440751-642132480-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\xxx\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3609599866-1042440751-642132480-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\xxx\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3609599866-1042440751-642132480-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\xxx\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3609599866-1042440751-642132480-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\xxx\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3609599866-1042440751-642132480-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\xxx\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3609599866-1042440751-642132480-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\xxx\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3609599866-1042440751-642132480-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\xxx\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

==================== Restore Points =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1CB54DC0-A921-43AE-A702-D10D022B5987} - \SpyHunter4Startup No Task File <==== ATTENTION
Task: {1E113364-84B3-446E-B456-863CE11EB767} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2014-03-19] (Samsung Electronics CO., LTD.)
Task: {3D152E26-F629-4427-9DDE-9F83D79B285B} - System32\Tasks\Settings => C:\Program Files (x86)\Samsung\Settings\sSettings.exe [2013-02-28] (Samsung Electronics CO., LTD.)
Task: {42218450-F3E0-4CCD-93E9-5BAEE3C43A35} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-11] (Adobe Systems Incorporated)
Task: {69327EB8-C412-4FFE-B1E7-390AD6645EA9} - System32\Tasks\advRecovery => C:\Program Files\Samsung\Recovery\WCScheduler.exe [2013-03-12] (SEC)
Task: {74C00219-6163-44C7-941B-81120ADEA451} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-09-13] (Intel Corporation)
Task: {A2CED977-AE9E-4488-9C50-8A141CFA6B1F} - System32\Tasks\SideSyncAutoRun => C:\Program Files (x86)\Samsung\Side Sync\SideSync.exe [2013-06-24] (Samsung Electronics CO., LTD.)
Task: {BEAB95F0-1767-4767-9EB8-B5A4360C4C3E} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-09-13] (Intel Corporation)
Task: {D44ACA08-0D84-46F4-B577-E4A8746B91C9} - System32\Tasks\DriverUpdate Daily Scan => C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe
Task: {FAF7E472-B233-49FA-BCB2-6D3DA4674FF0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {FB58A61D-764C-4FB5-A652-7614E09C8017} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-12-31] (Microsoft Corporation)
Task: {FDA8C184-B727-4571-A667-F4EE5E3194A9} - System32\Tasks\HPLJCustParticipation => C:\Program Files (x86)\HP\HPLJUT\HPLJUTSCH.exe [2013-01-28] (Hewlett Packard)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\DriverUpdate Daily Scan.job => C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2015-02-11 11:25 - 2014-12-15 01:03 - 00241704 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
2013-02-28 09:03 - 2013-02-28 09:03 - 00085040 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
2014-03-19 10:41 - 2014-03-19 10:41 - 00088624 _____ () C:\Program Files\Samsung\S Agent\ToastX64.dll
2014-10-01 19:54 - 2014-10-01 19:54 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-06-24 20:04 - 2013-06-24 20:04 - 00815104 _____ () C:\Program Files (x86)\Samsung\Side Sync\adb.exe
2014-07-31 11:16 - 2014-07-31 11:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-02-11 11:25 - 2014-12-15 00:53 - 00098856 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CodeLog.dll
2015-02-11 11:25 - 2014-12-15 00:53 - 00031272 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CheckTool.dll
2015-02-11 11:25 - 2014-12-15 00:53 - 00017448 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CompressFile.dll
2015-02-11 11:25 - 2014-12-15 00:53 - 00088616 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBGetRemoteNetInfo.dll
2015-02-11 11:25 - 2014-12-15 00:53 - 01296424 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\libxml2.dll
2015-02-11 11:26 - 2014-12-15 00:53 - 00060968 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\zlib1.dll
2015-02-11 11:25 - 2014-12-15 00:53 - 00107560 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ActivationOnline.dll
2015-02-11 11:25 - 2014-12-15 00:53 - 00077864 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\logsys.dll
2015-02-11 11:25 - 2014-12-15 00:53 - 00030248 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DiskSearchImg.dll
2015-02-11 11:25 - 2014-12-15 00:53 - 00068136 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\MountImg.dll
2015-02-11 11:25 - 2014-12-15 00:53 - 00158248 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ImgFile.dll
2015-02-11 11:25 - 2014-12-15 00:53 - 00280104 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DsImgFile.dll
2015-02-11 11:25 - 2014-12-15 00:53 - 00072232 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CheckImg.dll
2015-02-11 11:26 - 2014-12-15 00:53 - 00139816 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\vhdvmdk.dll
2015-02-11 11:25 - 2014-12-15 00:53 - 00037416 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\BootDriver.dll
2015-02-11 11:25 - 2014-12-15 00:53 - 00754728 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ExImage.dll
2015-02-11 11:25 - 2014-12-15 00:53 - 00193064 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EmailBackupSize.dll
2015-02-11 11:25 - 2014-12-15 00:53 - 00407080 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AndroidImage.dll
2015-02-11 11:25 - 2014-12-15 00:53 - 00148008 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EnumDisk.dll
2015-02-11 11:25 - 2014-12-15 00:53 - 00076840 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\FatLib.dll
2015-02-11 11:25 - 2014-12-15 00:53 - 00207912 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\NTFSLib.dll
2015-02-11 11:25 - 2014-12-15 00:53 - 00024616 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\GetDriverInfo.dll
2015-02-11 11:25 - 2014-12-15 00:53 - 00020520 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CorrectMbr.dll
2015-02-11 11:25 - 2014-12-15 00:53 - 00032296 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EnumTapeDevice.dll
2015-02-11 11:25 - 2014-12-15 00:53 - 00034856 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbTapeBrowse.dll
2015-02-11 11:25 - 2014-12-15 00:53 - 00064040 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\RegLib.dll
2015-02-11 11:25 - 2014-12-15 00:53 - 00022568 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AccountManager.dll
2015-02-11 11:25 - 2014-12-15 00:53 - 00115752 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\NasOperator.dll
2015-02-11 11:25 - 2014-12-15 00:53 - 00194088 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EmailBrowser.dll
2015-02-11 11:25 - 2014-12-15 00:53 - 00077864 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CloudOperator.dll
2015-02-11 11:25 - 2014-12-15 00:53 - 00037928 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ActiveOnline.dll
2015-02-11 11:26 - 2014-12-15 00:53 - 00135720 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\VMConfig.dll
2015-02-11 11:25 - 2014-12-15 00:53 - 00020008 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AndroidDeviceManager.dll
2015-02-11 11:25 - 2014-12-15 00:53 - 00096808 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBFireWall.dll
2015-02-11 11:25 - 2014-12-15 00:53 - 00043048 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbDataSwap.dll
2015-02-11 11:25 - 2014-12-15 00:53 - 00223784 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\SmartBackup.dll
2013-02-28 09:03 - 2013-02-28 09:03 - 00029232 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdWrapper.dll
2013-02-28 09:03 - 2013-02-28 09:03 - 01121328 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmd.dll
2013-02-28 09:03 - 2013-02-28 09:03 - 00111152 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsBase.dll
2013-02-28 09:03 - 2013-02-28 09:03 - 00056440 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\HookDllPS2.dll
2013-02-28 09:03 - 2013-02-28 09:03 - 00211064 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\WinCRT.dll
2013-02-28 09:03 - 2013-02-28 09:03 - 00027184 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsAPI.dll
2013-02-28 09:03 - 2013-02-28 09:03 - 00111152 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsBase.dll
2013-02-28 09:03 - 2013-02-28 09:03 - 00060976 _____ () C:\Program Files (x86)\Samsung\Settings\EasyMovieEnhancer.dll
2013-02-28 09:03 - 2013-02-28 09:03 - 00103472 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsCmdClient.dll
2013-06-24 20:04 - 2013-06-24 20:04 - 01679408 _____ () C:\Program Files (x86)\Samsung\Side Sync\SideSyncNetworkFramework.dll
2015-02-10 22:00 - 2015-02-10 22:00 - 00750080 _____ () C:\Users\xxx\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-04 20:08 - 2015-03-04 20:08 - 00043008 _____ () c:\Users\xxx\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpcel7cf.dll
2015-02-10 22:00 - 2015-02-10 22:00 - 00047616 _____ () C:\Users\xxx\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-02-10 22:00 - 2015-02-10 22:00 - 00865280 _____ () C:\Users\xxx\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-02-10 22:00 - 2015-02-10 22:00 - 00200704 _____ () C:\Users\xxx\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2014-11-25 21:23 - 2014-10-31 16:37 - 01498112 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2014-11-25 21:23 - 2014-05-19 17:19 - 00137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2014-11-25 21:22 - 2014-11-21 18:03 - 00204800 _____ () C:\Program Files\Wondershare\Video Converter Ultimate\WS_Log.dll
2014-11-25 21:23 - 2014-11-20 19:12 - 00051200 _____ () C:\Program Files\Wondershare\Video Converter Ultimate\CreateLib.dll
2014-11-25 21:22 - 2014-11-21 18:03 - 00857088 _____ () C:\Program Files\Wondershare\Video Converter Ultimate\StreamServer.dll
2013-04-19 05:59 - 2013-01-14 19:25 - 01200088 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\WINDOWS\system32\Drivers\btmhsf.sys:Microsoft_Appcompat_ReinstallUpgrade

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3609599866-1042440751-642132480-1001\Control Panel\Desktop\\Wallpaper -> C:\windows\Web\Wallpaper\Samsung\Samsung_wallpaper.jpg
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-3609599866-1042440751-642132480-500 - Administrator - Disabled)
xxx (S-1-5-21-3609599866-1042440751-642132480-1001 - Administrator - Enabled) => C:\Users\xxx
Gast (S-1-5-21-3609599866-1042440751-642132480-501 - Limited - Disabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/04/2015 08:09:22 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm WWAHost.exe, Version 6.3.9600.17031 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1e38

Startzeit: 01d056aea5521717

Endzeit: 4294967295

Anwendungspfad: C:\Windows\System32\WWAHost.exe

Berichts-ID: f56e2a57-c2a1-11e4-be96-b4b6765e617b

Vollständiger Name des fehlerhaften Pakets: winstore_1.0.0.0_neutral_neutral_cw5n1h2txyewy

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Windows.Store

Error: (03/04/2015 08:09:19 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: xxx)
Description: Das Paket „winstore_1.0.0.0_neutral_neutral_cw5n1h2txyewy+Windows.Store“ wurde beendet, da das Anhalten zu lange dauerte.

Error: (03/04/2015 08:05:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mbam.exe, Version: 1.0.1.711, Zeitstempel: 0x542b53ec
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17630, Zeitstempel: 0x54b0d74f
Ausnahmecode: 0xc0000374
Fehleroffset: 0x000e5994
ID des fehlerhaften Prozesses: 0x7ac
Startzeit der fehlerhaften Anwendung: 0xmbam.exe0
Pfad der fehlerhaften Anwendung: mbam.exe1
Pfad des fehlerhaften Moduls: mbam.exe2
Berichtskennung: mbam.exe3
Vollständiger Name des fehlerhaften Pakets: mbam.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: mbam.exe5

Error: (02/26/2015 11:28:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1047

Error: (02/26/2015 11:28:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1047

Error: (02/26/2015 11:28:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/26/2015 11:07:13 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm WWAHost.exe, Version 6.3.9600.17031 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: abc

Startzeit: 01d052107db5aa9f

Endzeit: 4294967295

Anwendungspfad: C:\Windows\System32\WWAHost.exe

Berichts-ID: d00d14ce-be03-11e4-be94-b4b6765e617b

Vollständiger Name des fehlerhaften Pakets: winstore_1.0.0.0_neutral_neutral_cw5n1h2txyewy

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Windows.Store

Error: (02/26/2015 11:07:12 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: xxx)
Description: Das Paket „winstore_1.0.0.0_neutral_neutral_cw5n1h2txyewy+Windows.Store“ wurde beendet, da das Anhalten zu lange dauerte.

Error: (02/26/2015 11:05:14 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (02/26/2015 11:05:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2901391


System errors:
=============
Error: (03/04/2015 07:48:22 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.

Modulpfad: C:\WINDOWS\System32\IWMSSvc.dll

Error: (03/04/2015 07:48:22 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.

Modulpfad: C:\WINDOWS\System32\IWMSSvc.dll

Error: (03/04/2015 07:48:21 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.

Modulpfad: C:\WINDOWS\System32\IWMSSvc.dll

Error: (03/04/2015 07:47:58 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) ME Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (03/04/2015 07:47:58 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "SW Update Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (03/04/2015 07:47:58 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Management and Security Application User Notification Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (03/04/2015 07:47:58 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Modules Installer" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (03/04/2015 07:47:58 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (03/04/2015 07:47:58 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (03/04/2015 07:47:58 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Virtueller Datenträger" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.


Microsoft Office Sessions:
=========================
Error: (03/04/2015 08:09:22 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: WWAHost.exe6.3.9600.170311e3801d056aea55217174294967295C:\Windows\System32\WWAHost.exef56e2a57-c2a1-11e4-be96-b4b6765e617bwinstore_1.0.0.0_neutral_neutral_cw5n1h2txyewyWindows.Store

Error: (03/04/2015 08:09:19 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: xxx)
Description: winstore_1.0.0.0_neutral_neutral_cw5n1h2txyewy+Windows.Store

Error: (03/04/2015 08:05:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.1.711542b53ecntdll.dll6.3.9600.1763054b0d74fc0000374000e59947ac01d056acaa12c534C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\WINDOWS\SYSTEM32\ntdll.dll7dece591-c2a1-11e4-be95-b4b6765e617b

Error: (02/26/2015 11:28:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1047

Error: (02/26/2015 11:28:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1047

Error: (02/26/2015 11:28:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/26/2015 11:07:13 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: WWAHost.exe6.3.9600.17031abc01d052107db5aa9f4294967295C:\Windows\System32\WWAHost.exed00d14ce-be03-11e4-be94-b4b6765e617bwinstore_1.0.0.0_neutral_neutral_cw5n1h2txyewyWindows.Store

Error: (02/26/2015 11:07:12 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: xxx)
Description: winstore_1.0.0.0_neutral_neutral_cw5n1h2txyewy+Windows.Store

Error: (02/26/2015 11:05:14 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (02/26/2015 11:05:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2901391


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-3337U CPU @ 1.80GHz
Percentage of memory in use: 79%
Total physical RAM: 3980.38 MB
Available physical RAM: 802.89 MB
Total Pagefile: 4812.38 MB
Available Pagefile: 1173.6 MB
Total Virtual: 131072 MB
Available Virtual: 131071.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:94.14 GB) (Free:19.83 GB) NTFS
Drive d: (Volume) (Fixed) (Total:22.75 GB) (Free:22.69 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 119.2 GB) (Disk ID: EFF55DBF)

Partition: GPT Partition Type.

==================== End Of Log ============================



Bin sehr gespannt, was Du herausliest. Hoffe, es ist alles in Ordnung.
Schon einmal sehr sehr vielen Dank!
Ich hatte im Firefox den Eindruck, es geht wieder.

Beste Grüße

Hans


Alle Zeitangaben in WEZ +1. Es ist jetzt 16:47 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131