Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Laptop Leistung stark beeinträchtigt + diverse andere Probleme (https://www.trojaner-board.de/164624-laptop-leistung-stark-beeintraechtigt-diverse-andere-probleme.html)

L3n0r3 02.03.2015 16:45
Laptop Leistung stark beeinträchtigt + diverse andere Probleme
 
Hi!

Ich habe schon seit längerem immer wieder Probleme mit meinem Laptop (upgegraded von Windows 8 auf 8.1 irgendwann letztes Jahr),
die mittlerweile aber dermaßen ausarten, dass es einfach keinen Spaß mehr macht, damit zu arbeiten.
Eigene Rettungsversuche sind bisher kläglich gescheitert bzw. haben es wohl noch schlimmer gemacht :pfeiff: .

Zu den Problemen:
  • Hoch-/Runterfahren dauert ewig! Bzw. beim Hochfahren, bis das System eben "voll da" ist, runter fährt er anscheinend manchmal auch gar nicht...
    (Laut Ereignisanzeige z.B. gestern --> booten: 126760ms, shutdown 100273ms).
  • Laptop friert ständig ein (unabhängig von Laufzeit, Anzahl der geöffneten Datein/Programme/....), sehr oft "Keine Rückmeldung"
    mit Mauszeiger mal sichtbar und beweglich, oder eben nicht da....
    hin und wieder schließen sich auch einfach alle Fenster eines Programms (Browser oder OpenOffice....).
  • an manchen Tagen erscheint ständig ein Benachrichtigungs-Pop-Up, dass keine Internetverbindung besteht, obwohl der Stick arbeitet und ich
    weiterhin Seiten öffnen / E-Mails verschicken kann.
  • Seiten wie Windows (auf der Suche nach evtl Updates) erzählen, mein aktuelles Betriebssystem sei Windows 7? :confused:
  • Seit einiger Zeit ist es wohl stimmungsabhängig, ob ich 2 Akkustandswarnungen erhalte, oder der Laptop eben ohne plötzlich aus geht.
  • Die "Auslastung aller physischen Laufwerke" und die der CPU ist oft extrem hoch. Ich habe mir aber auch erst vor 2 Tagen eine externe Festplatte zugelegt
    und ca. 100 GB dahin verschoben.
  • und seit heute ganz neu (beim Rumstöbern im Explorer): ich werde immer nach Angabe von Administratorberechtigungen gefragt, obwohl ich das ja bin.
    (erst vorhin, als ich einen - nach der Deinstallation noch übrigen - Ordner "PDF Architekt 2" löschen wollte).

Seit dem 24.08.14 bis heute sind es nu 1.815 Warnungen, Kritisch- oder Fehlermeldungen in der Ereignisanzeige. Hauptsächlich "Der Desktopfenster-Manager
hat eine starke Ressourcenauslastung ermittelt....usw. usw." und Einträge zu Windows starten / herunterfahren.

Hoffe, da ist noch was zu retten! Danke schon mal.....

schrauber 02.03.2015 17:03
hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


L3n0r3 02.03.2015 17:35
FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-02-2015
Ran by - (administrator) on SUPERHUHN on 02-03-2015 14:46:14
Running from C:\Users\-\Desktop
Loaded Profiles: UpdatusUser & - (Available profiles: UpdatusUser & -)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
() C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Windows\SysWOW64\MPK\lsynchost.exe
() C:\Windows\SysWOW64\MPK\lsynchost.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
() C:\Windows\SysWOW64\MPK\MPK.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
() C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
() C:\Windows\SysWOW64\MPK\MpkL64.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2894152 2013-09-13] (ELAN Microelectronics Corp.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-13] (Intel Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-16] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126712 2015-01-19] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-09-25] ( (Atheros Communications))
HKU\S-1-5-21-3774421412-1007907057-219690849-1001\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2014-10-29] (Microsoft Corporation)
HKU\S-1-5-21-3774421412-1007907057-219690849-1001\...\MountPoints2: {6fe46d1d-3af4-11e3-bf0d-20689d529cf9} - "F:\HTC_Sync_Manager_PC.exe"
HKU\S-1-5-21-3774421412-1007907057-219690849-1001\...\MountPoints2: {f047934c-baa3-11e3-bf41-20689d529cf9} - "E:\Startme.exe"
HKU\S-1-5-21-3774421412-1007907057-219690849-1001\...\MountPoints2: {fcecff43-b157-11e3-bf3e-20689d529cf9} - "E:\setup.exe" -a
HKU\S-1-5-21-3774421412-1007907057-219690849-1002\...\MountPoints2: {094e4444-77ef-11e4-bfab-20689d529cf9} - "E:\.\Setup.exe" AUTORUN=1
HKU\S-1-5-21-3774421412-1007907057-219690849-1002\...\MountPoints2: {09753480-b22c-11e4-bfdf-20689d529cf9} - "E:\.\Setup.exe" AUTORUN=1
HKU\S-1-5-21-3774421412-1007907057-219690849-1002\...\MountPoints2: {0c04df42-5859-11e4-bf99-806e6f6e6963} - "E:\HTC_Sync_Manager_PC.exe"
HKU\S-1-5-21-3774421412-1007907057-219690849-1002\...\MountPoints2: {6fe46d1d-3af4-11e3-bf0d-20689d529cf9} - "F:\HTC_Sync_Manager_PC.exe"
HKU\S-1-5-21-3774421412-1007907057-219690849-1002\...\MountPoints2: {f047934c-baa3-11e3-bf41-20689d529cf9} - "E:\Startme.exe"
HKU\S-1-5-21-3774421412-1007907057-219690849-1002\...\MountPoints2: {fcecff43-b157-11e3-bf3e-20689d529cf9} - "E:\setup.exe" -a
AppInit_DLLs: C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll File Not Found
BootExecute: autocheck autochk * 

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1422584475&from=cvs1&uid=ST500LM012XHN-M500MBB_S2RSJ9CC837427
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1422584475&from=cvs1&uid=ST500LM012XHN-M500MBB_S2RSJ9CC837427
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1422584475&from=cvs1&uid=ST500LM012XHN-M500MBB_S2RSJ9CC837427&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1422584475&from=cvs1&uid=ST500LM012XHN-M500MBB_S2RSJ9CC837427&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1422584475&from=cvs1&uid=ST500LM012XHN-M500MBB_S2RSJ9CC837427
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1422584475&from=cvs1&uid=ST500LM012XHN-M500MBB_S2RSJ9CC837427
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1422584475&from=cvs1&uid=ST500LM012XHN-M500MBB_S2RSJ9CC837427&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1422584475&from=cvs1&uid=ST500LM012XHN-M500MBB_S2RSJ9CC837427&q={searchTerms}
HKU\S-1-5-21-3774421412-1007907057-219690849-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung13.msn.com
HKU\S-1-5-21-3774421412-1007907057-219690849-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1422584475&from=cvs1&uid=ST500LM012XHN-M500MBB_S2RSJ9CC837427
HKU\S-1-5-21-3774421412-1007907057-219690849-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1422584475&from=cvs1&uid=ST500LM012XHN-M500MBB_S2RSJ9CC837427
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKU\S-1-5-21-3774421412-1007907057-219690849-1001 -> {0AD69A11-BE0B-4770-8FD4-BF91E4435485} URL =
SearchScopes: HKU\S-1-5-21-3774421412-1007907057-219690849-1002 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1422584475&from=cvs1&uid=ST500LM012XHN-M500MBB_S2RSJ9CC837427&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3774421412-1007907057-219690849-1002 -> {0AD69A11-BE0B-4770-8FD4-BF91E4435485} URL =
SearchScopes: HKU\S-1-5-21-3774421412-1007907057-219690849-1002 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1422584475&from=cvs1&uid=ST500LM012XHN-M500MBB_S2RSJ9CC837427&q={searchTerms}
BHO: No Name -> {41564952-412D-5637-00A7-7A786E7484D7} ->  No File
BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
BHO-x32: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\..\Interfaces\{845FC729-E580-436B-8923-A11077662D3A}: [NameServer] 212.23.103.9 212.23.103.8
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&ts=1422584475&from=cvs1&uid=ST500LM012XHN-M500MBB_S2RSJ9CC837427

FireFox:
========
FF ProfilePath: C:\Users\-\AppData\Roaming\Mozilla\Firefox\Profiles\1pd4fa4x.default-1420750732713
FF NewTab: chrome://quick_start/content/index.html
FF SelectedSearchEngine: webssearches
FF Homepage: hxxp://google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Multirow Bookmarks Toolbar Plus - C:\Users\-\AppData\Roaming\Mozilla\Firefox\Profiles\1pd4fa4x.default-1420750732713\Extensions\{4c7097f7-08f2-4ef2-9b9f-f95fa4cbb064}.xpi [2015-01-08]
FF Extension: NoScript - C:\Users\-\AppData\Roaming\Mozilla\Firefox\Profiles\1pd4fa4x.default-1420750732713\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-01-23]
FF Extension: Adblock Plus - C:\Users\-\AppData\Roaming\Mozilla\Firefox\Profiles\1pd4fa4x.default-1420750732713\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-01-08]
FF Extension: Tab Mix Plus - C:\Users\-\AppData\Roaming\Mozilla\Firefox\Profiles\1pd4fa4x.default-1420750732713\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2015-01-08]
FF Extension: Multirow Bookmarks Toolbar - C:\Users\-\AppData\Roaming\Mozilla\Firefox\Profiles\1pd4fa4x.default-1420750732713\Extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}.xpi [2015-01-08]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2013-07-22]
FF HKLM-x32\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] - C:\Program Files (x86)\congstar\Internet-Manager\Bin\addon
FF HKLM-x32\...\Firefox\Extensions: [fftoolbar2014@etech.com] - C:\Users\-\AppData\Roaming\Mozilla\Firefox\Profiles\1pd4fa4x.default-1420750732713\extensions\fftoolbar2014@etech.com
FF HKLM-x32\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\-\AppData\Roaming\Mozilla\Firefox\Profiles\1pd4fa4x.default-1420750732713\extensions\faststartff@gmail.com
FF HKU\S-1-5-21-3774421412-1007907057-219690849-1002\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-11-14]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [piehhloihgjjiomhieeddiidpekaajio] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Chrome\ChromePicker.crx [2013-07-22]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ALDITALKVerbindungsassistent_Service; C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe [358968 2014-11-30] ()
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [993584 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-09-25] (Windows (R) Win 7 DDK provider) [File not signed]
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [182520 2015-01-19] (Avira Operations GmbH & Co. KG)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1593152 2014-01-29] (Samsung Electronics CO., LTD.)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [100104 2013-09-06] (ELAN Microelectronics Corp.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-16] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
S2 MainLSyncHost; c:\windows\syswow64\mpk\lsynchost.exe [1701176 2014-02-03] ()
S3 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1363160 2014-11-28] (Secunia)
S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [765144 2014-11-28] (Secunia)
S3 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3000664 2015-01-06] (Samsung Electronics CO., LTD.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-09-25] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-15] (Qualcomm Atheros Communications, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131608 2014-10-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-12-09] (Avira Operations GmbH & Co. KG)
U4 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43064 2014-10-17] (Avira Operations GmbH & Co. KG)
R3 BTATH_HID; C:\Windows\system32\DRIVERS\btath_hid.sys [223432 2013-09-25] (Qualcomm Atheros)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-25] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00B\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R3 ewusbnet; C:\Windows\system32\DRIVERS\ewusbnet.sys [138752 2014-11-29] (Huawei Technologies Co., Ltd.)
S3 ggsomc; C:\Windows\System32\drivers\ggsomc.sys [30424 2014-09-27] (Sony Mobile Communications)
R0 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20672 2014-05-21] (Glarysoft Ltd)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2014-11-28] (Secunia)
R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows (R) Win 7 DDK provider)
S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2012-09-14] (Windows (R) 2003 DDK 3790 provider)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
R3 WUDFWpdComp; C:\Windows\System32\drivers\WUDFRd.sys [226304 2014-10-29] (Microsoft Corporation)
S0 BMLoad; system32\drivers\BMLoad.sys [X]
S0 BootDefragDriver; System32\drivers\BootDefragDriver.sys [X]
S3 BTCFilterService; \SystemRoot\system32\DRIVERS\motfilt.sys [X]
S3 HSPADataCardusbmdm; \SystemRoot\system32\DRIVERS\HSPADataCardusbmdm.sys [X]
S3 HSPADataCardusbnmea; \SystemRoot\system32\DRIVERS\HSPADataCardusbnmea.sys [X]
S3 HSPADataCardusbser; \SystemRoot\system32\DRIVERS\HSPADataCardusbser.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 motccgp; \SystemRoot\System32\drivers\motccgp.sys [X]
S3 motccgpfl; \SystemRoot\System32\drivers\motccgpfl.sys [X]
S3 motmodem; \SystemRoot\system32\DRIVERS\motmodem.sys [X]
S3 MotoSwitchService; \SystemRoot\System32\drivers\motswch.sys [X]
S3 Motousbnet; \SystemRoot\system32\DRIVERS\Motousbnet.sys [X]
S3 motusbdevice; \SystemRoot\System32\drivers\motusbdevice.sys [X]
S1 tcpipBM; \??\C:\WINDOWS\system32\drivers\tcpipBM.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-02 14:46 - 2015-03-02 14:47 - 00020686 _____ () C:\Users\-\Desktop\FRST.txt
2015-03-02 14:46 - 2015-03-02 14:46 - 00000000 ____D () C:\FRST
2015-03-02 14:44 - 2015-03-02 14:44 - 00000464 _____ () C:\Users\-\Desktop\defogger_disable.log
2015-03-02 14:44 - 2015-03-02 14:44 - 00000000 _____ () C:\Users\-\defogger_reenable
2015-03-02 14:42 - 2015-03-02 14:42 - 02092544 _____ (Farbar) C:\Users\-\Desktop\FRST64.exe
2015-03-02 14:42 - 2015-03-02 14:42 - 00380416 _____ () C:\Users\-\Desktop\Gmer-19357.exe
2015-03-02 14:17 - 2015-03-02 14:17 - 00001581 _____ () C:\Users\-\Desktop\mbam - Verknüpfung.lnk
2015-03-02 14:15 - 2014-11-28 13:02 - 01983192 _____ (Secunia) C:\Users\-\Desktop\psi.exe
2015-03-02 13:05 - 2015-03-02 13:05 - 00050477 _____ () C:\Users\-\Desktop\Defogger.exe
2015-03-02 11:41 - 2015-03-02 11:41 - 00000000 ___RD () C:\Users\-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2015-03-01 23:39 - 2015-03-01 23:39 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Aufgaben der Ereignisanzeige
2015-03-01 22:07 - 2015-03-01 22:07 - 00003114 _____ () C:\WINDOWS\System32\Tasks\{0170AE36-7A68-4E7A-80A3-C73135927424}
2015-03-01 20:15 - 2015-03-01 20:15 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-03-01 20:00 - 2015-03-01 20:25 - 00000691 _____ () C:\WINDOWS\SecuniaPackage.log
2015-03-01 19:23 - 2015-03-01 20:41 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-03-01 19:23 - 2015-03-01 19:23 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-03-01 19:23 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-03-01 19:23 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-03-01 19:23 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-03-01 19:20 - 2015-03-01 19:20 - 00000000 ____D () C:\Users\-\AppData\Local\Secunia PSI
2015-03-01 19:20 - 2015-03-01 19:20 - 00000000 ____D () C:\Program Files (x86)\Secunia
2015-03-01 16:55 - 2015-03-01 16:55 - 05490752 _____ (Secunia) C:\Users\-\Downloads\PSISetup10004.exe
2015-03-01 16:30 - 2015-03-01 16:30 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\-\Downloads\revosetup95.exe
2015-03-01 16:18 - 2015-03-01 16:18 - 02126848 _____ () C:\Users\-\Downloads\AdwCleaner_4.111.exe
2015-03-01 15:34 - 2015-03-01 15:36 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\-\Downloads\mbam-setup-2.0.4.1028.exe
2015-02-28 22:06 - 2015-02-28 22:06 - 00000000 ____D () C:\Users\-\Downloads\WindowsShortcutArrowEditor
2015-02-28 22:05 - 2015-02-28 22:05 - 00828938 _____ () C:\Users\-\Downloads\WindowsShortcutArrowEditor.zip
2015-02-25 12:01 - 2014-12-13 22:28 - 00513488 _____ () C:\WINDOWS\SysWOW64\locale.nls
2015-02-25 12:01 - 2014-12-13 22:28 - 00513488 _____ () C:\WINDOWS\system32\locale.nls
2015-02-22 17:59 - 2014-04-16 00:35 - 00028352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll
2015-02-22 17:59 - 2014-04-16 00:34 - 00029888 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
2015-02-22 03:10 - 2015-02-22 03:10 - 00000000 ____D () C:\Users\-\AppData\Local\PDF24
2015-02-22 03:09 - 2015-02-22 03:10 - 00000000 ____D () C:\Program Files (x86)\PDF24
2015-02-22 03:09 - 2015-02-22 03:09 - 00001091 _____ () C:\Users\Public\Desktop\PDF24 Creator.lnk
2015-02-21 20:25 - 2015-02-21 20:26 - 16342352 _____ (Geek Software GmbH ) C:\Users\-\Downloads\pdf24-creator-6.9.2.exe
2015-02-21 17:38 - 2015-02-21 17:44 - 27721680 _____ (pdfforge ) C:\Users\-\Downloads\PDFCreator-2_0_2-setup.exe
2015-02-21 06:52 - 2015-02-21 06:52 - 00000000 ____D () C:\Users\-\AppData\Roaming\Avira
2015-02-20 05:07 - 2015-02-20 05:07 - 00001389 _____ () C:\Users\-\Desktop\mom schicken.txt
2015-02-19 18:51 - 2015-03-01 20:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-02-13 23:43 - 2015-03-02 13:51 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-02-13 23:43 - 2015-02-13 23:43 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-02-13 14:26 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-02-13 14:26 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-02-12 02:51 - 2015-01-15 23:43 - 00563504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-02-12 02:51 - 2015-01-15 23:43 - 00177984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-02-12 02:51 - 2015-01-14 05:22 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-02-12 02:51 - 2015-01-14 04:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-02-12 02:51 - 2015-01-13 23:11 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-02-12 02:51 - 2015-01-13 23:04 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-02-12 02:51 - 2015-01-10 10:10 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-02-12 02:51 - 2015-01-10 10:10 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-02-12 02:51 - 2015-01-10 09:28 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-02-12 02:51 - 2015-01-10 08:00 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-02-12 02:51 - 2015-01-10 07:38 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-02-12 02:51 - 2014-12-09 04:45 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll
2015-02-12 02:51 - 2014-12-09 02:56 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2015-02-12 02:50 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-02-12 02:50 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-02-12 02:50 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-02-12 02:50 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-02-12 02:50 - 2015-01-12 03:34 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-02-12 02:50 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-02-12 02:50 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-02-12 02:50 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-02-12 02:50 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-02-12 02:50 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-02-12 02:50 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-02-12 02:50 - 2015-01-12 02:58 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-02-12 02:50 - 2015-01-12 02:55 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-02-12 02:50 - 2015-01-12 02:51 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-02-12 02:50 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-02-12 02:50 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-02-12 02:50 - 2015-01-12 02:48 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-02-12 02:50 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-02-12 02:50 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2015-02-12 02:50 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-02-12 02:50 - 2015-01-12 02:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-02-12 02:50 - 2015-01-12 02:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-02-12 02:50 - 2015-01-12 02:27 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-02-12 02:50 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-02-12 02:50 - 2015-01-12 02:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-02-12 02:50 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-02-12 02:50 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-02-12 02:50 - 2015-01-12 02:23 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-02-12 02:50 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-02-12 02:50 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-02-12 02:50 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-02-12 02:50 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-02-12 02:50 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-02-12 02:50 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-02-12 02:50 - 2014-12-19 09:57 - 00788680 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2015-02-12 02:50 - 2014-12-19 09:25 - 00602776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2015-02-12 02:50 - 2014-12-09 00:12 - 00391526 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-02-12 02:49 - 2015-01-19 19:42 - 01487976 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-02-12 02:49 - 2015-01-10 09:22 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-02 14:44 - 2013-11-30 17:29 - 00000000 ____D () C:\Users\-
2015-03-02 14:43 - 2014-05-11 13:43 - 00000000 ____D () C:\Users\-\Desktop\ipodfotos
2015-03-02 14:36 - 2012-10-31 18:26 - 00000000 ____D () C:\Users\-\Desktop\start
2015-03-02 14:07 - 2013-01-21 18:03 - 00000000 ____D () C:\Users\-\AppData\Roaming\Skype
2015-03-02 14:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-03-02 13:51 - 2015-01-26 14:00 - 01147212 _____ () C:\WINDOWS\WindowsUpdate.log
2015-03-02 13:40 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\tracing
2015-03-02 13:24 - 2013-07-22 10:34 - 00000000 ____D () C:\Users\-\Documents\Citavi 4
2015-03-02 12:42 - 2014-11-29 18:48 - 00000000 ____D () C:\Users\-\AppData\Roaming\ALDITALKVerbindungsassistent
2015-03-02 12:42 - 2013-07-15 11:38 - 00000000 ___RD () C:\Users\-\Dropbox
2015-03-02 12:35 - 2013-01-24 19:32 - 00000000 ____D () C:\Users\-\Documents\CyberLink
2015-03-02 12:33 - 2012-10-31 16:34 - 00000000 ____D () C:\Users\-\Documents\Bluetooth Folder
2015-03-02 12:31 - 2014-12-31 21:48 - 00000000 ____D () C:\Users\-\Desktop\schatzi ordner#
2015-03-02 12:09 - 2014-01-31 12:45 - 00000000 ___DO () C:\Users\-\SkyDrive
2015-03-02 11:42 - 2014-05-21 06:50 - 00000344 _____ () C:\WINDOWS\Tasks\GlaryInitialize 5.job
2015-03-02 02:06 - 2012-11-07 16:31 - 00000000 ____D () C:\Users\-\AppData\Local\CrashDumps
2015-03-01 23:45 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-03-01 22:29 - 2012-10-31 16:39 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3774421412-1007907057-219690849-1002
2015-03-01 22:13 - 2012-08-23 04:34 - 00000000 ____D () C:\Program Files (x86)\Samsung
2015-03-01 22:02 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-03-01 22:01 - 2015-01-26 20:24 - 00006596 _____ () C:\WINDOWS\PFRO.log
2015-03-01 22:01 - 2015-01-26 14:27 - 00008729 _____ () C:\WINDOWS\setupact.log
2015-03-01 22:01 - 2013-08-22 14:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-03-01 22:01 - 2012-10-31 16:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-01 21:58 - 2012-08-05 23:44 - 00000000 ____D () C:\WINDOWS\Sec
2015-03-01 21:58 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\LiveKernelReports
2015-03-01 20:52 - 2012-08-23 04:32 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-03-01 20:51 - 2012-08-23 05:35 - 00000000 ____D () C:\Program Files (x86)\CyberLink
2015-03-01 20:48 - 2012-10-31 21:21 - 00000000 ____D () C:\Program Files (x86)\Ashampoo
2015-03-01 19:39 - 2014-07-12 13:59 - 00000000 ____D () C:\AdwCleaner
2015-03-01 14:55 - 2013-09-30 05:14 - 01780340 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-03-01 14:55 - 2013-09-30 04:56 - 00766620 _____ () C:\WINDOWS\system32\perfh007.dat
2015-03-01 14:55 - 2013-09-30 04:56 - 00159902 _____ () C:\WINDOWS\system32\perfc007.dat
2015-03-01 03:06 - 2012-10-31 20:52 - 00000000 ____D () C:\Users\-\AppData\Roaming\vlc
2015-02-27 17:26 - 2012-08-23 04:34 - 00003040 _____ () C:\WINDOWS\System32\Tasks\SAgent
2015-02-27 16:58 - 2014-05-21 06:50 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities 5
2015-02-25 17:04 - 2012-10-31 18:22 - 00000000 ____D () C:\Program Files (x86)\Audiograbber
2015-02-24 14:09 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-02-18 14:37 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-02-14 04:23 - 2012-10-31 18:54 - 00000000 ____D () C:\Users\-\AppData\Roaming\Spotify
2015-02-14 03:24 - 2013-05-17 19:12 - 00000000 ____D () C:\Users\-\AppData\Roaming\Spotydl
2015-02-14 03:19 - 2012-10-31 19:04 - 00000000 ____D () C:\Users\-\AppData\Local\Spotify
2015-02-13 23:44 - 2012-10-31 20:58 - 00000000 ____D () C:\Users\-\AppData\Local\Adobe
2015-02-12 11:20 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-02-12 10:34 - 2013-12-17 16:09 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-02-12 10:27 - 2013-08-22 15:44 - 00362760 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-02-12 03:44 - 2013-08-21 12:27 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-02-12 03:35 - 2012-12-14 16:42 - 116773704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-02-11 21:29 - 2015-01-24 18:20 - 00000000 ____D () C:\Users\-\AppData\Roaming\Atheros
2015-02-03 20:31 - 2014-05-17 08:26 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-02-03 20:31 - 2014-05-17 08:26 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-01 21:54 - 2012-10-31 16:30 - 00000000 ____D () C:\Users\-\AppData\Local\VirtualStore

==================== Files in the root of some directories =======

2012-11-01 12:21 - 2015-01-09 00:00 - 0007597 _____ () C:\Users\-\AppData\Local\resmon.resmoncfg
2014-07-19 21:21 - 2014-07-19 21:21 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2012-08-23 05:42 - 2012-08-08 05:07 - 2258432 _____ (Samsung Electronics) C:\ProgramData\MakeMarkerFile.exe
2012-08-23 05:42 - 2012-08-07 11:11 - 0003196 _____ () C:\ProgramData\MakeMarkerFile.xml

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-01 22:29

==================== End Of Log ============================
--- --- ---
--- --- ---
--- --- ---
--- --- ---
FRST Additions Logfile:
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-02-2015
Ran by - at 2015-03-02 14:48:53
Running from C:\Users\-\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
ALDI TALK Verbindungsassistent (HKLM-x32\...\ALDITALKVerbindungsassistent) (Version: ALDI TALK 4.0 - ALDI TALK Verbindungsassistent)
AllSharePlayLink (HKLM-x32\...\{CE1836A8-3F2B-49BD-8395-93DD414068D2}) (Version: 1.0.0 - Samsung Electronics Co., Ltd.)
Alternate Pic View 1.425 (HKLM-x32\...\Alternate Pic View_is1) (Version:  - Alternate Tools)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avira (HKLM-x32\...\{bd538030-07d4-4999-a525-7fafa2483f56}) (Version: 1.1.30.21727 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.30.21727 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - Canon Inc.)
Canon MG6400 series Benutzerregistrierung (HKLM-x32\...\Canon MG6400 series Benutzerregistrierung) (Version:  - *Canon Inc.)
Canon MG6400 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG6400_series) (Version: 1.01 - Canon Inc.)
Canon MG6400 series On-screen Manual (HKLM-x32\...\Canon MG6400 series On-screen Manual) (Version: 7.6.1 - Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 2.0.1 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 2.0.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.2.1 - Canon Inc.)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4415.02 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Easy File Share (HKLM-x32\...\{A7C37D4B-F37A-42E8-9B6A-B28C18AD4C12}) (Version: 1.3.4 - Samsung Electronics CO.,LTD.)
E-POP (HKLM-x32\...\{F06DD8D9-9DC8-430C-835C-C9BF21E05CC1}) (Version: 1.0.1 - Samsung Electronics CO., LTD.)
ETDWare X64 11.7.18.2_WHQL (HKLM\...\Elantech) (Version: 11.7.18.2 - ELAN Microelectronic Corp.)
Fotogalerie (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Free YouTube to MP3 Converter version 3.12.50.1111 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.50.1111 - DVDVideoSoft Ltd.)
Galerie de photos (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Glary Utilities 5.0 (HKLM-x32\...\Glary Utilities 5) (Version: 5.0.0.1 - Glarysoft Ltd)
Help Desk (HKLM\...\{AEC9D273-E162-4614-83F1-722B8C74B185}) (Version: 1.0.96 - Samsung Electronics CO., LTD.)
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33070) (Version: 3.6.1.33070.11 - Intel)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel(R) Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MotoHelper MergeModules (x32 Version: 1.2.0 - Motorola) Hidden
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.5.0 - Mozilla)
Mozilla Thunderbird 31.5.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.5.0 (x86 de)) (Version: 31.5.0 - Mozilla)
Nokia Connectivity Cable Driver (HKLM\...\{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}) (Version: 7.1.32.69 - )
Norton Online Backup ARA (x32 Version: 4.1.0.11 - Symantec Corporation) Hidden
NVIDIA Graphics Driver 305.46 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 305.46 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.0613 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0613 - NVIDIA Corporation)
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
PDF24 Creator 6.9.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.306 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Quick Starter (HKLM\...\{EC36E2BC-86F7-44C9-84B2-93930F0FBDBF}) (Version: 1.0.0 - Samsung Electronics CO., LTD.)
Raccolta foto (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.19.726.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7055 - Realtek Semiconductor Corp.)
Recovery (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 6.0.12.18 - Samsung Electronics CO., LTD.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
S Agent (Version: 1.1.51 - Samsung Electronics CO., LTD.) Hidden
Secunia PSI (3.0.0.10004) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.10004 - Secunia)
Settings (HKLM-x32\...\{8CB5C357-12E5-41B1-A024-D57D4E6F32D9}) (Version: 2.0.1 - Samsung Electronics CO., LTD.)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Sony Mobile Update Engine (HKLM-x32\...\Update Engine) (Version: 2.14.13.201409122125 - Sony Mobile Communications AB)
Sony PC Companion 2.10.245 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.245 - Sony)
Spotify (HKU\S-1-5-21-3774421412-1007907057-219690849-1001\...\Spotify) (Version: 0.9.8.296.g91f68827 - Spotify AB)
Spotify (HKU\S-1-5-21-3774421412-1007907057-219690849-1002\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
Spotydl 0.9.14 (HKLM-x32\...\Spotydl_is1) (Version: 0.9.14 - spotydl.com)
Support Center (HKLM\...\{332518C0-0D31-4FFA-9D15-24C9C3D70B08}) (Version: 2.0.7 - Samsung Electronics CO., LTD.)
Support Center FAQ (x32 Version: 1.0.14 - Samsung Electronics CO., LTD.) Hidden
SW Update (HKLM-x32\...\{1687FC01-135F-4ADE-B828-B461CC74BD8A}) (Version: 2.2.4 - Samsung Electronics CO., LTD.)
SWFPlayer 2.6.2.0 (HKLM-x32\...\SWFPlayer_is1) (Version: 2.6.2.0 - Michael Faust, Alpha Interactive)
User Guide (HKLM-x32\...\{039EA659-E421-45C6-8913-BED5D69B5536}) (Version: 1.1.00 - Samsung Electronics CO., LTD.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Live (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version:  - )
Windows Mobile-Gerätecenter (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows-Treiberpaket - Samsung Electronics Co. Ltd. (RadioHIDMini) HIDClass  (08/23/2013 6.2.8400.4218) (HKLM\...\26BFE384C802803107F583AE1A739E4FEB56134B) (Version: 08/23/2013 6.2.8400.4218 - Samsung Electronics Co. Ltd.)
WinRAR 5.10 beta 1 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.10.1 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3774421412-1007907057-219690849-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\-\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File

==================== Restore Points  =========================

01-03-2015 20:12:46 Removed Bonjour

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {05468152-0B1E-44C3-B517-C491346F1D90} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {0A99B9E9-A1AF-4C2F-A0CD-214C11B1900F} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: {2D25E92D-F9CC-43D8-AAA5-E3303E935525} - System32\Tasks\GU5SkipUAC => C:\Program Files (x86)\Glary Utilities 5\Integrator.exe [2014-05-14] (Glarysoft Ltd)
Task: {3EEF9F8E-295C-4E42-9264-41C1262030F9} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-13] (Adobe Systems Incorporated)
Task: {47AFA574-7503-4D40-80AE-18D62BFA2E13} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2014-10-29] (Samsung Electronics CO., LTD.)
Task: {77F71704-E625-400A-8F71-9DA6CC8782D3} - System32\Tasks\advRecovery => C:\Program Files\Samsung\Recovery\WCScheduler.exe [2014-11-12] (SEC)
Task: {7A25B493-539C-48C2-8D1E-8F128716DEEA} - System32\Tasks\{8378029A-814D-4215-9A77-DEF77C35981C} => pcalua.exe -a E:\.\Setup.exe -d E:\ -c AUTORUN=1
Task: {7CDF6B51-4BDF-4820-B165-664C4A3269A3} - System32\Tasks\{183BE2E9-43C2-40CD-AFDA-E6D3F285BE3F} => pcalua.exe -a C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_16_0_0_235_Plugin.exe -c -maintain plugin
Task: {831C0EFA-1DB7-41A3-93CA-3DFFBD89A5DC} - System32\Tasks\Settings => C:\Program Files (x86)\Samsung\Settings\sSettings.exe [2014-01-29] (Samsung Electronics CO., LTD.)
Task: {8EC28373-BC22-4611-808B-90845C2F9162} - \DSite No Task File <==== ATTENTION
Task: {A249F33D-442C-4CF4-9A62-973689817110} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {B1DB9514-EC55-4F2D-9689-573773EBAAF6} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {B8E50768-06E3-4D6E-8E92-B62DC06C4E2D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {BF74403E-4BE6-475A-AB3B-71F33BC068BD} - System32\Tasks\{0170AE36-7A68-4E7A-80A3-C73135927424} => pcalua.exe -a "C:\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe"
Task: {CD9F2675-4FF6-490E-88C0-841436E8E7BB} - System32\Tasks\GlaryInitialize 5 => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe [2014-05-14] (Glarysoft Ltd)
Task: {E659995D-DEF8-4A7C-8461-ED58DFC13190} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-02-12] (Microsoft Corporation)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GlaryInitialize 5.job => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe

==================== Loaded Modules (whitelisted) ==============

2011-04-11 14:26 - 2011-04-11 14:26 - 00034304 _____ () C:\WINDOWS\System32\spd__l.dll
2014-09-18 11:06 - 2014-09-18 11:06 - 00034304 _____ () C:\WINDOWS\System32\ssm1mlm.dll
2014-11-29 18:48 - 2014-11-30 15:25 - 00358968 _____ () C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe
2014-05-04 23:26 - 2014-02-03 08:40 - 01701176 _____ () c:\windows\syswow64\mpk\lsynchost.exe
2013-03-30 17:28 - 2014-03-31 13:54 - 00725816 _____ () c:\windows\syswow64\mpk\MPK64.dll
2013-03-30 17:28 - 2014-03-31 13:52 - 01848632 _____ () c:\windows\syswow64\mpk\MPK.exe
2014-01-29 12:20 - 2014-01-29 12:20 - 00084800 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
2014-05-04 23:26 - 2014-03-31 13:54 - 00079160 _____ () c:\windows\syswow64\mpk\MpkL64.exe
2013-09-25 03:04 - 2013-09-25 03:04 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-09-25 03:01 - 2013-09-25 03:01 - 00086016 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll
2013-09-25 03:08 - 2013-09-25 03:08 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
2012-08-16 03:26 - 2012-08-16 03:26 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-11-29 18:48 - 2014-11-30 15:25 - 00510520 _____ () C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe
2014-11-29 18:48 - 2014-11-30 15:25 - 01792568 _____ () C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent.exe
2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-07-19 19:04 - 2013-09-16 11:20 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-01-29 12:20 - 2014-01-29 12:20 - 00211064 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\WinCRT.dll
2014-01-29 12:20 - 2014-01-29 12:20 - 00027968 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdWrapper.dll
2014-01-29 12:20 - 2014-01-29 12:20 - 01141056 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmd.dll
2014-01-29 12:20 - 2014-01-29 12:20 - 00109888 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsBase.dll
2014-01-29 12:20 - 2014-01-29 12:20 - 00056440 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\HookDllPS2.dll
2014-01-29 12:20 - 2014-01-29 12:20 - 00025920 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsAPI.dll
2014-01-29 12:20 - 2014-01-29 12:20 - 00109888 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsBase.dll
2014-01-29 12:20 - 2014-01-29 12:20 - 00059712 _____ () C:\Program Files (x86)\Samsung\Settings\EasyMovieEnhancer.dll
2014-01-29 12:20 - 2014-01-29 12:20 - 00102720 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsCmdClient.dll
2015-01-26 20:44 - 2015-01-26 20:44 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-11-29 18:48 - 2014-11-30 15:25 - 00102400 _____ () C:\Program Files (x86)\ALDITALKVerbindungsassistent\WtgDatabase.dll
2014-11-29 18:48 - 2014-11-30 15:25 - 00200704 _____ () C:\Program Files (x86)\ALDITALKVerbindungsassistent\WtgDetection.dll
2014-11-29 18:48 - 2014-11-30 15:25 - 00086016 _____ () C:\Program Files (x86)\ALDITALKVerbindungsassistent\WtgDialup.dll
2014-11-29 18:48 - 2014-11-30 15:25 - 00090112 _____ () C:\Program Files (x86)\ALDITALKVerbindungsassistent\WtgPorts.dll
2014-11-29 18:48 - 2014-11-30 15:25 - 00106496 _____ () C:\Program Files (x86)\ALDITALKVerbindungsassistent\WtgUtil.dll
2014-11-29 18:48 - 2014-11-30 15:25 - 00012288 _____ () C:\Program Files (x86)\ALDITALKVerbindungsassistent\WTGDebugs.dll
2014-11-29 18:48 - 2014-11-30 15:25 - 00073728 _____ () C:\Program Files (x86)\ALDITALKVerbindungsassistent\WtgDriverInstall.dll
2014-11-29 18:48 - 2014-11-30 15:25 - 00569344 _____ () C:\Program Files (x86)\ALDITALKVerbindungsassistent\WtgCore.dll
2014-11-29 18:48 - 2014-11-30 15:25 - 00204800 _____ () C:\Program Files (x86)\ALDITALKVerbindungsassistent\LiveBoxCM.dll
2014-11-29 18:48 - 2014-11-30 15:25 - 00139264 _____ () C:\Program Files (x86)\ALDITALKVerbindungsassistent\WtgBluetooth.dll
2014-11-29 18:48 - 2007-02-27 18:44 - 00823296 ____N () C:\Program Files (x86)\ALDITALKVerbindungsassistent\LIBEAY32.dll
2014-11-29 18:48 - 2014-11-30 15:25 - 00126976 _____ () C:\Program Files (x86)\ALDITALKVerbindungsassistent\WtgWiFi.dll
2014-11-29 18:48 - 2010-12-02 07:33 - 01097728 ____N () C:\Program Files (x86)\ALDITALKVerbindungsassistent\NDISAPI.dll
2014-11-29 18:48 - 2014-11-30 15:25 - 00614400 _____ () C:\Program Files (x86)\ALDITALKVerbindungsassistent\WTGXMLUtil.dll
2014-11-29 18:48 - 2014-11-30 15:25 - 00303104 _____ () C:\Program Files (x86)\ALDITALKVerbindungsassistent\WTGSMSPCClient.Dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\-\SkyDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3774421412-1007907057-219690849-1001\Control Panel\Desktop\\Wallpaper ->
HKU\S-1-5-21-3774421412-1007907057-219690849-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\-\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
DNS Servers: 212.23.103.9 - 212.23.103.8

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: NOBU => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\startupfolder: C:^Users^-^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Facebook Messenger.lnk => C:\windows\pss\Facebook Messenger.lnk.Startup
MSCONFIG\startupfolder: C:^Users^-^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.4.1.lnk => C:\WINDOWS\pss\OpenOffice.org 3.4.1.lnk.Startup
MSCONFIG\startupreg: avgnt => "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
MSCONFIG\startupreg: GUDelayStartup => "C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe" -delayrun
MSCONFIG\startupreg: Norton Online Backup => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\-\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
HKLM\...\StartupApproved\Run32: => "avgnt"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "ApnTBMon"
HKLM\...\StartupApproved\Run32: => "CanonQuickMenu"
HKU\S-1-5-21-3774421412-1007907057-219690849-1001\...\StartupApproved\StartupFolder: => "OpenOffice.org 3.4.1.lnk"
HKU\S-1-5-21-3774421412-1007907057-219690849-1001\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
HKU\S-1-5-21-3774421412-1007907057-219690849-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-3774421412-1007907057-219690849-1002\...\StartupApproved\StartupFolder: => "OpenOffice.org 3.4.1.lnk"
HKU\S-1-5-21-3774421412-1007907057-219690849-1002\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
HKU\S-1-5-21-3774421412-1007907057-219690849-1002\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-3774421412-1007907057-219690849-1002\...\StartupApproved\Run: => "GUDelayStartup"

==================== Accounts: =============================

- (S-1-5-21-3774421412-1007907057-219690849-1002 - Administrator - Enabled) => C:\Users\-
Administrator (S-1-5-21-3774421412-1007907057-219690849-500 - Administrator - Disabled)
Gast (S-1-5-21-3774421412-1007907057-219690849-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3774421412-1007907057-219690849-1004 - Limited - Enabled)
UpdatusUser (S-1-5-21-3774421412-1007907057-219690849-1001 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/02/2015 02:36:08 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest.

Error: (03/02/2015 02:36:08 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest.

Error: (03/02/2015 01:39:12 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: MSDTCC:\WINDOWS\system32\msdtcuiu.DLL4

Error: (03/02/2015 01:39:11 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: LsaC:\Windows\System32\Secur32.dll4

Error: (03/02/2015 01:39:11 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: ESENTC:\WINDOWS\system32\esentprf.dll4

Error: (03/02/2015 01:39:11 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: .NETFrameworkC:\WINDOWS\system32\mscoree.dll4

Error: (03/02/2015 02:00:20 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: FlashPlayerPlugin_16_0_0_305.exe, Version: 16.0.0.305, Zeitstempel: 0x54cff379
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc00001a5
Fehleroffset: 0x02684e50
ID des fehlerhaften Prozesses: 0x1440
Startzeit der fehlerhaften Anwendung: 0xFlashPlayerPlugin_16_0_0_305.exe0
Pfad der fehlerhaften Anwendung: FlashPlayerPlugin_16_0_0_305.exe1
Pfad des fehlerhaften Moduls: FlashPlayerPlugin_16_0_0_305.exe2
Berichtskennung: FlashPlayerPlugin_16_0_0_305.exe3
Vollständiger Name des fehlerhaften Pakets: FlashPlayerPlugin_16_0_0_305.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: FlashPlayerPlugin_16_0_0_305.exe5

Error: (03/01/2015 10:40:31 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (03/01/2015 08:39:44 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm mbam.exe, Version 1.0.1.711 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 16e8

Startzeit: 01d0544cdc7a47e1

Endzeit: 11

Anwendungspfad: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

Berichts-ID: aba28cc0-c04a-11e4-bfeb-001e101f42e5

Vollständiger Name des fehlerhaften Pakets:

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (03/01/2015 08:16:35 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm LiveComm.exe, Version 17.5.9600.20689 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 17b8

Startzeit: 01d05451f12372a3

Endzeit: 4294967295

Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe

Berichts-ID: 5d23c480-c046-11e4-bfeb-001e101f42e5

Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1


System errors:
=============
Error: (03/02/2015 01:03:58 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "FRITZ-NAS",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{FD296FC5-A9E0-4C8E-8AD0-D6E46F6F7403}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (03/02/2015 00:15:55 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "FRITZ-NAS",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{FD296FC5-A9E0-4C8E-8AD0-D6E46F6F7403}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (03/02/2015 01:39:17 AM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "FRITZ-NAS",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{FD296FC5-A9E0-4C8E-8AD0-D6E46F6F7403}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (03/01/2015 08:50:59 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "FRITZ-NAS",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{FD296FC5-A9E0-4C8E-8AD0-D6E46F6F7403}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (03/01/2015 08:03:10 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Secunia PSI Agent" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (03/01/2015 07:38:57 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "FRITZ-NAS",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{FD296FC5-A9E0-4C8E-8AD0-D6E46F6F7403}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (03/01/2015 05:02:45 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "FRITZ-NAS",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{FD296FC5-A9E0-4C8E-8AD0-D6E46F6F7403}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (03/01/2015 04:48:33 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎01.‎03.‎2015 um 16:32:26 unerwartet heruntergefahren.

Error: (03/01/2015 02:48:19 AM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (03/01/2015 01:25:48 AM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "FRITZ-NAS",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{FD296FC5-A9E0-4C8E-8AD0-D6E46F6F7403}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.


Microsoft Office Sessions:
=========================
Error: (03/02/2015 02:36:08 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifestC:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifestC:\$Recycle.Bin\S-1-5-21-3774421412-1007907057-219690849-1002\$RYGD91N.exe

Error: (03/02/2015 02:36:08 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifestC:\$Recycle.Bin\S-1-5-21-3774421412-1007907057-219690849-1002\$RZHH0D4.exe

Error: (03/02/2015 01:39:12 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: MSDTCC:\WINDOWS\system32\msdtcuiu.DLL4

Error: (03/02/2015 01:39:11 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: LsaC:\Windows\System32\Secur32.dll4

Error: (03/02/2015 01:39:11 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: ESENTC:\WINDOWS\system32\esentprf.dll4

Error: (03/02/2015 01:39:11 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: .NETFrameworkC:\WINDOWS\system32\mscoree.dll4

Error: (03/02/2015 02:00:20 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: FlashPlayerPlugin_16_0_0_305.exe16.0.0.30554cff379unknown0.0.0.000000000c00001a502684e50144001d054843fbf0978C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exeunknown7eff3898-c077-11e4-bfec-20689d529cf9

Error: (03/01/2015 10:40:31 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (03/01/2015 08:39:44 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: mbam.exe1.0.1.71116e801d0544cdc7a47e111C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeaba28cc0-c04a-11e4-bfeb-001e101f42e5

Error: (03/01/2015 08:16:35 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.2068917b801d05451f12372a34294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe5d23c480-c046-11e4-bfeb-001e101f42e5microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1


CodeIntegrity Errors:
===================================
  Date: 2013-11-30 17:52:48.348
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Definition Updates\{D4C7FB14-A336-4BE2-93DA-9D7E1C5E7F1F}\mpengine.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2013-11-30 17:52:46.207
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Definition Updates\{664DDE36-C4D2-491C-94B6-987B98173A9B}\mpengine.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3-2328M CPU @ 2.20GHz
Percentage of memory in use: 53%
Total physical RAM: 3795.54 MB
Available physical RAM: 1758.2 MB
Total Pagefile: 4435.54 MB
Available Pagefile: 2126.21 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:439.31 GB) (Free:395.97 GB) NTFS
Drive d: (Disc) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
Drive e: (Disk) (CDROM) (Total:0.02 GB) (Free:0 GB) CDFS
Drive g: () (Fixed) (Total:298.09 GB) (Free:198.15 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 0014168A)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 298.1 GB) (Disk ID: 44FDFE06)
Partition 1: (Not Active) - (Size=298.1 GB) - (Type=07 NTFS)

==================== End Of Log ============================
--- --- ---

schrauber 03.03.2015 07:09
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

L3n0r3 04.03.2015 00:56
Anmerkung zum MBAM log:

  • nach Beendigung des Suchlaufs und Klick auf "Aktionen anwenden" --> ca. 5 Minuten "(Keine Rückmeldung)"
  • als es endlich abgeschglossen war, habe ich einen Neustart durchgeführt --> Windows-Meldung "Features werden verarbeitet...."
  • Nach MBAM-Start und Klicken auf "Verlauf" --> ca. 6 Min. "(Keine Rückmeldung)"
  • der heutige Suchlauf war ca. 22:00 beendet, angezeigt wurde unter "Suchlauf" - "Anwendungsprotokoll" jedoch nur der vom 02.03. (hatte das Prog. gestern schon installiert und mal drüber gejagt, vorhin aber zuerst de- und dann neuinstalliert).
  • wollte Log wie beschrieben speichern --> ca. 15 Min. "(Keine Rückmeldung)"
Wo sieht man bitte die bereits geschriebenen Zeichen eines Beitrags? mbam.txt ist mit 1,27 MB zu groß fürs Einfügen :killpc:
Das Anhängen hat auch nicht geklappt.

Ich schicke einfach mal die restlichen drei logs, in der Hoffnung, dass das irgendwas bringt.

AdwCleaner Logfile:
Code:
# AdwCleaner v4.111 - Bericht erstellt 03/03/2015 um 23:23:32
# Aktualisiert 18/02/2015 von Xplode
# Datenbank : 2015-02-18.3 [Lokal]
# Betriebssystem : Windows 8.1  (x64)
# Benutzername : - - SUPERHUHN
# Gestarted von : C:\Users\-\Desktop\AdwCleaner_4.111.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Geplante Tasks ] *****

Task Gelöscht : DSite

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [faststartff@gmail.com]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [fftoolbar2014@etech.com]
Schlüssel Gelöscht : HKCU\Software\Mozilla\Extends
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{41564952-412D-5637-00A7-7A786E7484D7}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{41564952-412D-5637-00A7-7A786E7484D7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Daten Wiederhergestellt : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\SOFTWARE\webssearchesSoftware
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local;192.168.*.*

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17416

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Mozilla Firefox v35.0.1 (x86 de)

[1pd4fa4x.default-1420750732713\prefs.js] - Zeile Gelöscht : user_pref("browser.newtab.url", "chrome://quick_start/content/index.html");
[1pd4fa4x.default-1420750732713\prefs.js] - Zeile Gelöscht : user_pref("browser.search.searchengine.alias", "webssearches");
[1pd4fa4x.default-1420750732713\prefs.js] - Zeile Gelöscht : user_pref("browser.search.searchengine.iconURL", "hxxp://istart.webssearches.com/favicon.ico");
[1pd4fa4x.default-1420750732713\prefs.js] - Zeile Gelöscht : user_pref("browser.search.searchengine.name", "webssearches");
[1pd4fa4x.default-1420750732713\prefs.js] - Zeile Gelöscht : user_pref("browser.search.searchengine.url", "hxxp://istart.webssearches.com/web/?type=ds&ts=1422584475&from=cvs1&uid=ST500LM012XHN-M500MBB_S2RSJ9CC837427&q={searchTerms}");
[1pd4fa4x.default-1420750732713\prefs.js] - Zeile Gelöscht : user_pref("browser.search.selectedEngine", "webssearches");
[1pd4fa4x.default-1420750732713\prefs.js] - Zeile Gelöscht : user_pref("extensions.quick_start.enable_search1", false);
[1pd4fa4x.default-1420750732713\prefs.js] - Zeile Gelöscht : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);

*************************

AdwCleaner[R1].txt - [6007 Bytes] - [01/03/2015 19:33:03]
AdwCleaner[R2].txt - [6076 Bytes] - [03/03/2015 23:18:54]
AdwCleaner[S1].txt - [4651 Bytes] - [03/03/2015 23:23:32]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [4710  Bytes] ##########
--- --- ---

JRT Logfile:
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.3 (03.01.2015:1)
OS: Windows 8.1 x64
Ran by - on 03.03.2015 at 23:30:50,99
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted the following from C:\Users\-\AppData\Roaming\mozilla\firefox\profiles\1pd4fa4x.default-1420750732713\prefs.js

user_pref("browser.search.searchengine.desc", "this is my first firefox searchEngine");
user_pref("browser.search.searchengine.ptid", "cvs1");
user_pref("browser.search.searchengine.uid", "ST500LM012XHN-M500MBB_S2RSJ9CC837427");



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 03.03.2015 at 23:35:53,27
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
--- --- ---


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-02-2015
Ran by - (administrator) on SUPERHUHN on 03-03-2015 23:37:40
Running from C:\Users\-\Desktop
Loaded Profiles: UpdatusUser & - (Available profiles: UpdatusUser & -)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
() C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Windows\SysWOW64\MPK\lsynchost.exe
() C:\Windows\SysWOW64\MPK\lsynchost.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
() C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
() C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Thisisu) C:\Users\-\Desktop\JRT.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
() C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2894152 2013-09-13] (ELAN Microelectronics Corp.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-13] (Intel Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-16] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126712 2015-01-19] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-09-25] ( (Atheros Communications))
HKU\S-1-5-21-3774421412-1007907057-219690849-1001\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2014-10-29] (Microsoft Corporation)
HKU\S-1-5-21-3774421412-1007907057-219690849-1001\...\MountPoints2: {6fe46d1d-3af4-11e3-bf0d-20689d529cf9} - "F:\HTC_Sync_Manager_PC.exe"
HKU\S-1-5-21-3774421412-1007907057-219690849-1001\...\MountPoints2: {f047934c-baa3-11e3-bf41-20689d529cf9} - "E:\Startme.exe"
HKU\S-1-5-21-3774421412-1007907057-219690849-1001\...\MountPoints2: {fcecff43-b157-11e3-bf3e-20689d529cf9} - "E:\setup.exe" -a
HKU\S-1-5-21-3774421412-1007907057-219690849-1002\...\MountPoints2: {094e4444-77ef-11e4-bfab-20689d529cf9} - "E:\.\Setup.exe" AUTORUN=1
HKU\S-1-5-21-3774421412-1007907057-219690849-1002\...\MountPoints2: {09753480-b22c-11e4-bfdf-20689d529cf9} - "E:\.\Setup.exe" AUTORUN=1
HKU\S-1-5-21-3774421412-1007907057-219690849-1002\...\MountPoints2: {0c04df42-5859-11e4-bf99-806e6f6e6963} - "E:\HTC_Sync_Manager_PC.exe"
HKU\S-1-5-21-3774421412-1007907057-219690849-1002\...\MountPoints2: {6fe46d1d-3af4-11e3-bf0d-20689d529cf9} - "F:\HTC_Sync_Manager_PC.exe"
HKU\S-1-5-21-3774421412-1007907057-219690849-1002\...\MountPoints2: {f047934c-baa3-11e3-bf41-20689d529cf9} - "E:\Startme.exe"
HKU\S-1-5-21-3774421412-1007907057-219690849-1002\...\MountPoints2: {fcecff43-b157-11e3-bf3e-20689d529cf9} - "E:\setup.exe" -a
AppInit_DLLs: C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll File Not Found
BootExecute: autocheck autochk * 

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-3774421412-1007907057-219690849-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung13.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3774421412-1007907057-219690849-1001 -> {0AD69A11-BE0B-4770-8FD4-BF91E4435485} URL =
SearchScopes: HKU\S-1-5-21-3774421412-1007907057-219690849-1002 -> {0AD69A11-BE0B-4770-8FD4-BF91E4435485} URL =
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\-\AppData\Roaming\Mozilla\Firefox\Profiles\1pd4fa4x.default-1420750732713
FF DefaultSearchEngine: LEO Eng-Deu
FF Homepage: hxxp://google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Multirow Bookmarks Toolbar Plus - C:\Users\-\AppData\Roaming\Mozilla\Firefox\Profiles\1pd4fa4x.default-1420750732713\Extensions\{4c7097f7-08f2-4ef2-9b9f-f95fa4cbb064}.xpi [2015-01-08]
FF Extension: NoScript - C:\Users\-\AppData\Roaming\Mozilla\Firefox\Profiles\1pd4fa4x.default-1420750732713\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-01-23]
FF Extension: Adblock Plus - C:\Users\-\AppData\Roaming\Mozilla\Firefox\Profiles\1pd4fa4x.default-1420750732713\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-01-08]
FF Extension: Tab Mix Plus - C:\Users\-\AppData\Roaming\Mozilla\Firefox\Profiles\1pd4fa4x.default-1420750732713\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2015-01-08]
FF Extension: Multirow Bookmarks Toolbar - C:\Users\-\AppData\Roaming\Mozilla\Firefox\Profiles\1pd4fa4x.default-1420750732713\Extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}.xpi [2015-01-08]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2013-07-22]
FF HKLM-x32\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] - C:\Program Files (x86)\congstar\Internet-Manager\Bin\addon
FF HKU\S-1-5-21-3774421412-1007907057-219690849-1002\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-11-14]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [piehhloihgjjiomhieeddiidpekaajio] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Chrome\ChromePicker.crx [2013-07-22]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ALDITALKVerbindungsassistent_Service; C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe [358968 2014-11-30] ()
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [993584 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-09-25] (Windows (R) Win 7 DDK provider) [File not signed]
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [182520 2015-01-19] (Avira Operations GmbH & Co. KG)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1593152 2014-01-29] (Samsung Electronics CO., LTD.)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [100104 2013-09-06] (ELAN Microelectronics Corp.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-16] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
S2 MainLSyncHost; c:\windows\syswow64\mpk\lsynchost.exe [1701176 2014-02-03] ()
S3 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1363160 2014-11-28] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [765144 2014-11-28] (Secunia)
S3 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3000664 2015-01-06] (Samsung Electronics CO., LTD.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-09-25] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-15] (Qualcomm Atheros Communications, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131608 2014-10-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-12-09] (Avira Operations GmbH & Co. KG)
U4 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43064 2014-10-17] (Avira Operations GmbH & Co. KG)
R3 BTATH_HID; C:\Windows\system32\DRIVERS\btath_hid.sys [223432 2013-09-25] (Qualcomm Atheros)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-25] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00B\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R3 ewusbnet; C:\Windows\system32\DRIVERS\ewusbnet.sys [138752 2014-11-29] (Huawei Technologies Co., Ltd.)
S3 ggsomc; C:\Windows\System32\drivers\ggsomc.sys [30424 2014-09-27] (Sony Mobile Communications)
R0 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20672 2014-05-21] (Glarysoft Ltd)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2014-11-28] (Secunia)
R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows (R) Win 7 DDK provider)
S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2012-09-14] (Windows (R) 2003 DDK 3790 provider)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
R3 WUDFWpdComp; C:\Windows\System32\drivers\WUDFRd.sys [226304 2014-10-29] (Microsoft Corporation)
S0 BMLoad; system32\drivers\BMLoad.sys [X]
S0 BootDefragDriver; System32\drivers\BootDefragDriver.sys [X]
S3 BTCFilterService; \SystemRoot\system32\DRIVERS\motfilt.sys [X]
S3 HSPADataCardusbmdm; \SystemRoot\system32\DRIVERS\HSPADataCardusbmdm.sys [X]
S3 HSPADataCardusbnmea; \SystemRoot\system32\DRIVERS\HSPADataCardusbnmea.sys [X]
S3 HSPADataCardusbser; \SystemRoot\system32\DRIVERS\HSPADataCardusbser.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 motccgp; \SystemRoot\System32\drivers\motccgp.sys [X]
S3 motccgpfl; \SystemRoot\System32\drivers\motccgpfl.sys [X]
S3 motmodem; \SystemRoot\system32\DRIVERS\motmodem.sys [X]
S3 MotoSwitchService; \SystemRoot\System32\drivers\motswch.sys [X]
S3 Motousbnet; \SystemRoot\system32\DRIVERS\Motousbnet.sys [X]
S3 motusbdevice; \SystemRoot\System32\drivers\motusbdevice.sys [X]
S1 tcpipBM; \??\C:\WINDOWS\system32\drivers\tcpipBM.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-03 23:35 - 2015-03-03 23:35 - 00000998 _____ () C:\Users\-\Desktop\JRT.txt
2015-03-03 23:30 - 2015-03-03 23:30 - 00065536 _____ () C:\WINDOWS\system32\Ikeext.etl
2015-03-03 23:27 - 2015-03-03 23:27 - 00004818 _____ () C:\Users\-\Desktop\AdwCleaner[S1].txt
2015-03-03 23:27 - 2015-03-03 23:27 - 00000000 ___RD () C:\Users\-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2015-03-03 23:17 - 2015-03-03 23:17 - 01388333 _____ (Thisisu) C:\Users\-\Desktop\JRT.exe
2015-03-03 23:16 - 2015-03-03 23:16 - 02126848 _____ () C:\Users\-\Desktop\AdwCleaner_4.111.exe
2015-03-03 23:04 - 2015-03-03 23:04 - 01338935 _____ () C:\Users\-\Desktop\mbam.txt
2015-03-03 21:06 - 2015-03-03 22:37 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-03-03 21:05 - 2015-03-03 21:05 - 00001114 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-03-03 21:04 - 2015-03-03 21:05 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-03-03 21:04 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-03-03 21:04 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-03-03 21:04 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-03-03 21:02 - 2015-03-03 21:03 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\-\Desktop\mbam-setup-2.0.4.1028.exe
2015-03-02 17:56 - 2015-03-02 17:56 - 00011720 _____ () C:\Users\-\Desktop\Ereignisse AviraAntivir.txt
2015-03-02 14:48 - 2015-03-02 14:50 - 00036171 _____ () C:\Users\-\Desktop\Addition.txt
2015-03-02 14:46 - 2015-03-03 23:37 - 00017912 _____ () C:\Users\-\Desktop\FRST.txt
2015-03-02 14:46 - 2015-03-03 23:37 - 00000000 ____D () C:\FRST
2015-03-02 14:44 - 2015-03-02 14:44 - 00000464 _____ () C:\Users\-\Desktop\defogger_disable.log
2015-03-02 14:44 - 2015-03-02 14:44 - 00000000 _____ () C:\Users\-\defogger_reenable
2015-03-02 14:42 - 2015-03-02 14:42 - 02092544 _____ (Farbar) C:\Users\-\Desktop\FRST64.exe
2015-03-02 14:42 - 2015-03-02 14:42 - 00380416 _____ () C:\Users\-\Desktop\Gmer-19357.exe
2015-03-02 14:15 - 2014-11-28 13:02 - 01983192 _____ (Secunia) C:\Users\-\Desktop\psi.exe
2015-03-02 13:05 - 2015-03-02 13:05 - 00050477 _____ () C:\Users\-\Desktop\Defogger.exe
2015-03-01 23:39 - 2015-03-01 23:39 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Aufgaben der Ereignisanzeige
2015-03-01 22:07 - 2015-03-01 22:07 - 00003114 _____ () C:\WINDOWS\System32\Tasks\{0170AE36-7A68-4E7A-80A3-C73135927424}
2015-03-01 20:15 - 2015-03-01 20:15 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-03-01 20:00 - 2015-03-01 20:25 - 00000691 _____ () C:\WINDOWS\SecuniaPackage.log
2015-03-01 19:20 - 2015-03-01 19:20 - 00000000 ____D () C:\Users\-\AppData\Local\Secunia PSI
2015-03-01 19:20 - 2015-03-01 19:20 - 00000000 ____D () C:\Program Files (x86)\Secunia
2015-03-01 16:55 - 2015-03-01 16:55 - 05490752 _____ (Secunia) C:\Users\-\Downloads\PSISetup10004.exe
2015-03-01 16:30 - 2015-03-01 16:30 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\-\Downloads\revosetup95.exe
2015-03-01 16:18 - 2015-03-01 16:18 - 02126848 _____ () C:\Users\-\Downloads\AdwCleaner_4.111.exe
2015-03-01 15:34 - 2015-03-01 15:36 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\-\Downloads\mbam-setup-2.0.4.1028.exe
2015-02-28 22:06 - 2015-02-28 22:06 - 00000000 ____D () C:\Users\-\Downloads\WindowsShortcutArrowEditor
2015-02-28 22:05 - 2015-02-28 22:05 - 00828938 _____ () C:\Users\-\Downloads\WindowsShortcutArrowEditor.zip
2015-02-25 12:01 - 2014-12-13 22:28 - 00513488 _____ () C:\WINDOWS\SysWOW64\locale.nls
2015-02-25 12:01 - 2014-12-13 22:28 - 00513488 _____ () C:\WINDOWS\system32\locale.nls
2015-02-22 17:59 - 2014-04-16 00:35 - 00028352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll
2015-02-22 17:59 - 2014-04-16 00:34 - 00029888 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
2015-02-22 03:10 - 2015-02-22 03:10 - 00000000 ____D () C:\Users\-\AppData\Local\PDF24
2015-02-22 03:09 - 2015-02-22 03:10 - 00000000 ____D () C:\Program Files (x86)\PDF24
2015-02-22 03:09 - 2015-02-22 03:09 - 00001091 _____ () C:\Users\Public\Desktop\PDF24 Creator.lnk
2015-02-21 20:25 - 2015-02-21 20:26 - 16342352 _____ (Geek Software GmbH ) C:\Users\-\Downloads\pdf24-creator-6.9.2.exe
2015-02-21 17:38 - 2015-02-21 17:44 - 27721680 _____ (pdfforge ) C:\Users\-\Downloads\PDFCreator-2_0_2-setup.exe
2015-02-21 06:52 - 2015-02-21 06:52 - 00000000 ____D () C:\Users\-\AppData\Roaming\Avira
2015-02-20 05:07 - 2015-02-20 05:07 - 00001389 _____ () C:\Users\-\Desktop\mom schicken.txt
2015-02-19 18:51 - 2015-03-01 20:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-02-13 23:43 - 2015-03-03 22:51 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-02-13 23:43 - 2015-02-13 23:43 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-02-13 14:26 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-02-13 14:26 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-02-12 02:51 - 2015-01-15 23:43 - 00563504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-02-12 02:51 - 2015-01-15 23:43 - 00177984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-02-12 02:51 - 2015-01-14 05:22 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-02-12 02:51 - 2015-01-14 04:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-02-12 02:51 - 2015-01-13 23:11 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-02-12 02:51 - 2015-01-13 23:04 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-02-12 02:51 - 2015-01-10 10:10 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-02-12 02:51 - 2015-01-10 10:10 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-02-12 02:51 - 2015-01-10 09:28 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-02-12 02:51 - 2015-01-10 08:00 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-02-12 02:51 - 2015-01-10 07:38 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-02-12 02:51 - 2014-12-09 04:45 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll
2015-02-12 02:51 - 2014-12-09 02:56 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2015-02-12 02:50 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-02-12 02:50 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-02-12 02:50 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-02-12 02:50 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-02-12 02:50 - 2015-01-12 03:34 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-02-12 02:50 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-02-12 02:50 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-02-12 02:50 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-02-12 02:50 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-02-12 02:50 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-02-12 02:50 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-02-12 02:50 - 2015-01-12 02:58 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-02-12 02:50 - 2015-01-12 02:55 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-02-12 02:50 - 2015-01-12 02:51 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-02-12 02:50 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-02-12 02:50 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-02-12 02:50 - 2015-01-12 02:48 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-02-12 02:50 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-02-12 02:50 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2015-02-12 02:50 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-02-12 02:50 - 2015-01-12 02:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-02-12 02:50 - 2015-01-12 02:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-02-12 02:50 - 2015-01-12 02:27 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-02-12 02:50 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-02-12 02:50 - 2015-01-12 02:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-02-12 02:50 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-02-12 02:50 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-02-12 02:50 - 2015-01-12 02:23 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-02-12 02:50 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-02-12 02:50 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-02-12 02:50 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-02-12 02:50 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-02-12 02:50 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-02-12 02:50 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-02-12 02:50 - 2014-12-19 09:57 - 00788680 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2015-02-12 02:50 - 2014-12-19 09:25 - 00602776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2015-02-12 02:50 - 2014-12-09 00:12 - 00391526 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-02-12 02:49 - 2015-01-19 19:42 - 01487976 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-02-12 02:49 - 2015-01-10 09:22 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-03 23:26 - 2015-01-26 14:00 - 01376670 _____ () C:\WINDOWS\WindowsUpdate.log
2015-03-03 23:26 - 2014-05-21 06:50 - 00000344 _____ () C:\WINDOWS\Tasks\GlaryInitialize 5.job
2015-03-03 23:26 - 2014-01-31 12:45 - 00000000 __RDO () C:\Users\-\SkyDrive
2015-03-03 23:24 - 2015-01-26 14:27 - 00008883 _____ () C:\WINDOWS\setupact.log
2015-03-03 23:24 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-03-03 23:24 - 2013-08-22 14:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-03-03 23:23 - 2014-07-12 13:59 - 00000000 ____D () C:\AdwCleaner
2015-03-03 23:17 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\tracing
2015-03-03 23:17 - 2012-11-07 16:31 - 00000000 ____D () C:\Users\-\AppData\Local\CrashDumps
2015-03-03 23:12 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-03-03 23:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-03-03 22:31 - 2015-01-26 20:24 - 00006968 _____ () C:\WINDOWS\PFRO.log
2015-03-03 22:30 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2015-03-03 21:54 - 2012-10-31 16:39 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3774421412-1007907057-219690849-1002
2015-03-02 22:49 - 2013-09-30 05:14 - 01780340 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-03-02 22:49 - 2013-09-30 04:56 - 00766620 _____ () C:\WINDOWS\system32\perfh007.dat
2015-03-02 22:49 - 2013-09-30 04:56 - 00159902 _____ () C:\WINDOWS\system32\perfc007.dat
2015-03-02 14:44 - 2013-11-30 17:29 - 00000000 ____D () C:\Users\-
2015-03-02 14:43 - 2014-05-11 13:43 - 00000000 ____D () C:\Users\-\Desktop\ipodfotos
2015-03-02 14:36 - 2012-10-31 18:26 - 00000000 ____D () C:\Users\-\Desktop\start
2015-03-02 14:07 - 2013-01-21 18:03 - 00000000 ____D () C:\Users\-\AppData\Roaming\Skype
2015-03-02 13:24 - 2013-07-22 10:34 - 00000000 ____D () C:\Users\-\Documents\Citavi 4
2015-03-02 12:42 - 2014-11-29 18:48 - 00000000 ____D () C:\Users\-\AppData\Roaming\ALDITALKVerbindungsassistent
2015-03-02 12:42 - 2013-07-15 11:38 - 00000000 ___RD () C:\Users\-\Dropbox
2015-03-02 12:35 - 2013-01-24 19:32 - 00000000 ____D () C:\Users\-\Documents\CyberLink
2015-03-02 12:33 - 2012-10-31 16:34 - 00000000 ____D () C:\Users\-\Documents\Bluetooth Folder
2015-03-02 12:31 - 2014-12-31 21:48 - 00000000 ____D () C:\Users\-\Desktop\schatzi ordner#
2015-03-01 23:45 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-03-01 22:13 - 2012-08-23 04:34 - 00000000 ____D () C:\Program Files (x86)\Samsung
2015-03-01 22:01 - 2012-10-31 16:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-01 21:58 - 2012-08-05 23:44 - 00000000 ____D () C:\WINDOWS\Sec
2015-03-01 21:58 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\LiveKernelReports
2015-03-01 20:52 - 2012-08-23 04:32 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-03-01 20:51 - 2012-08-23 05:35 - 00000000 ____D () C:\Program Files (x86)\CyberLink
2015-03-01 20:48 - 2012-10-31 21:21 - 00000000 ____D () C:\Program Files (x86)\Ashampoo
2015-03-01 03:06 - 2012-10-31 20:52 - 00000000 ____D () C:\Users\-\AppData\Roaming\vlc
2015-02-27 17:26 - 2012-08-23 04:34 - 00003040 _____ () C:\WINDOWS\System32\Tasks\SAgent
2015-02-27 16:58 - 2014-05-21 06:50 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities 5
2015-02-25 17:04 - 2012-10-31 18:22 - 00000000 ____D () C:\Program Files (x86)\Audiograbber
2015-02-24 14:09 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-02-18 14:37 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-02-14 04:23 - 2012-10-31 18:54 - 00000000 ____D () C:\Users\-\AppData\Roaming\Spotify
2015-02-14 03:24 - 2013-05-17 19:12 - 00000000 ____D () C:\Users\-\AppData\Roaming\Spotydl
2015-02-14 03:19 - 2012-10-31 19:04 - 00000000 ____D () C:\Users\-\AppData\Local\Spotify
2015-02-13 23:44 - 2012-10-31 20:58 - 00000000 ____D () C:\Users\-\AppData\Local\Adobe
2015-02-12 10:34 - 2013-12-17 16:09 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-02-12 10:27 - 2013-08-22 15:44 - 00362760 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-02-12 03:44 - 2013-08-21 12:27 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-02-12 03:35 - 2012-12-14 16:42 - 116773704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-02-11 21:29 - 2015-01-24 18:20 - 00000000 ____D () C:\Users\-\AppData\Roaming\Atheros
2015-02-03 20:31 - 2014-05-17 08:26 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-02-03 20:31 - 2014-05-17 08:26 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-01 21:54 - 2012-10-31 16:30 - 00000000 ____D () C:\Users\-\AppData\Local\VirtualStore

==================== Files in the root of some directories =======

2012-11-01 12:21 - 2015-01-09 00:00 - 0007597 _____ () C:\Users\-\AppData\Local\resmon.resmoncfg
2014-07-19 21:21 - 2014-07-19 21:21 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2012-08-23 05:42 - 2012-08-08 05:07 - 2258432 _____ (Samsung Electronics) C:\ProgramData\MakeMarkerFile.exe
2012-08-23 05:42 - 2012-08-07 11:11 - 0003196 _____ () C:\ProgramData\MakeMarkerFile.xml

Some content of TEMP:
====================
C:\Users\-\AppData\Local\Temp\Quarantine.exe
C:\Users\-\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-01 22:29

==================== End Of Log ============================
--- --- ---
--- --- ---

schrauber 04.03.2015 09:01

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

L3n0r3 05.03.2015 01:24
Code:
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=9a1b1be036b4ac43886ac52ce29ae12c
# engine=22755
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-03-05 12:07:32
# local_time=2015-03-05 01:07:32 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 12771 38932214 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 9442052 39389948 0 0
# scanned=294059
# found=25
# cleaned=0
# scan_time=10734
sh=534999ED85CB0AE3C21385B37B538044EA2AB339 ft=1 fh=28e16a9d033375cd vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-3774421412-1007907057-219690849-1002\$RPH3TEU.exe"
sh=E23B4F525376AABA667BCF69A173D1D983A735EE ft=1 fh=f831e0d1679ba3c1 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-3774421412-1007907057-219690849-1002\$RQJMHMB.exe"
sh=1DC26BBEAFBAF69A274CAFE534156EACE3A49A8D ft=1 fh=07386e4897eae14b vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\-\Downloads\PDFCreator-2_0_2-setup.exe"
sh=4D1973A3CD9EBD81A67068EFF029B74071D7E071 ft=1 fh=7453b3f74a7f8a36 vn="Win32/Somoto.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\-\Downloads\spotydl_setup.exe"
sh=ECBBFC4A2A1C39C91E887CE505E8335F58FCBA53 ft=1 fh=a9017e075e619bcc vn="Variante von Win32/KeyLogger.Refog.D Anwendung" ac=I fn="C:\Windows\System32\MPK\lsynchost.exe"
sh=B70DA6E3F7AF5310002A96778AC4C38798FF70CB ft=1 fh=e952b942dbec37e7 vn="Variante von Win32/KeyLogger.Refog.D Anwendung" ac=I fn="C:\Windows\System32\MPK\Mpk.dll"
sh=2BE333112861BF6DCA5249479003BF1FDCD9C4C7 ft=1 fh=cfea4eb513a0554d vn="Variante von Win32/KeyLogger.Refog.D Anwendung" ac=I fn="C:\Windows\System32\MPK\MPK.exe"
sh=B7E6E904F06D97F850F6E97CD55C08B980695EAA ft=1 fh=e5481da1f987ae49 vn="Variante von Win32/KeyLogger.Refog.D Anwendung" ac=I fn="C:\Windows\System32\MPK\Mpk64.dll"
sh=5C4C12C1EDD8EE30CC652E546B673682203D1806 ft=1 fh=a1c276b1c923eb68 vn="Variante von Win32/KeyLogger.Refog.D Anwendung" ac=I fn="C:\Windows\System32\MPK\MpkHCA.dll"
sh=51E33CF4E00C592BDEF329A6B178F0B48C95655C ft=1 fh=343886920e0038c6 vn="Variante von Win32/KeyLogger.Refog.D Anwendung" ac=I fn="C:\Windows\System32\MPK\MpkHCQ12.dll"
sh=38E69BBC6DA2040322CB1840171E9A40F021B213 ft=1 fh=60167018b5ccc609 vn="Variante von Win32/KeyLogger.Refog.D Anwendung" ac=I fn="C:\Windows\System32\MPK\MPKInst.exe"
sh=58AFE180DCEE91AC4AFF15D39F56E95DD2E6B89A ft=1 fh=e17afbdbc524d570 vn="Variante von Win32/KeyLogger.Refog.D Anwendung" ac=I fn="C:\Windows\System32\MPK\MpkL64.exe"
sh=E99A7BD7961692BA1C7BE0B7581FCD7B8E510476 ft=1 fh=8a8e1652dbdfc9d5 vn="Variante von Win32/KeyLogger.Refog.D Anwendung" ac=I fn="C:\Windows\System32\MPK\MPKView.exe"
sh=00CF1149ABC383782207A59FB36FF26D029DE407 ft=1 fh=f7e4f8173af118ab vn="Variante von Win32/KeyLogger.Refog.D Anwendung" ac=I fn="C:\Windows\System32\MPK\unins000.exe"
sh=ECBBFC4A2A1C39C91E887CE505E8335F58FCBA53 ft=1 fh=a9017e075e619bcc vn="Variante von Win32/KeyLogger.Refog.D Anwendung" ac=I fn="C:\Windows\SysWOW64\MPK\lsynchost.exe"
sh=B70DA6E3F7AF5310002A96778AC4C38798FF70CB ft=1 fh=e952b942dbec37e7 vn="Variante von Win32/KeyLogger.Refog.D Anwendung" ac=I fn="C:\Windows\SysWOW64\MPK\Mpk.dll"
sh=2BE333112861BF6DCA5249479003BF1FDCD9C4C7 ft=1 fh=cfea4eb513a0554d vn="Variante von Win32/KeyLogger.Refog.D Anwendung" ac=I fn="C:\Windows\SysWOW64\MPK\MPK.exe"
sh=B7E6E904F06D97F850F6E97CD55C08B980695EAA ft=1 fh=e5481da1f987ae49 vn="Variante von Win32/KeyLogger.Refog.D Anwendung" ac=I fn="C:\Windows\SysWOW64\MPK\Mpk64.dll"
sh=5C4C12C1EDD8EE30CC652E546B673682203D1806 ft=1 fh=a1c276b1c923eb68 vn="Variante von Win32/KeyLogger.Refog.D Anwendung" ac=I fn="C:\Windows\SysWOW64\MPK\MpkHCA.dll"
sh=51E33CF4E00C592BDEF329A6B178F0B48C95655C ft=1 fh=343886920e0038c6 vn="Variante von Win32/KeyLogger.Refog.D Anwendung" ac=I fn="C:\Windows\SysWOW64\MPK\MpkHCQ12.dll"
sh=38E69BBC6DA2040322CB1840171E9A40F021B213 ft=1 fh=60167018b5ccc609 vn="Variante von Win32/KeyLogger.Refog.D Anwendung" ac=I fn="C:\Windows\SysWOW64\MPK\MPKInst.exe"
sh=58AFE180DCEE91AC4AFF15D39F56E95DD2E6B89A ft=1 fh=e17afbdbc524d570 vn="Variante von Win32/KeyLogger.Refog.D Anwendung" ac=I fn="C:\Windows\SysWOW64\MPK\MpkL64.exe"
sh=E99A7BD7961692BA1C7BE0B7581FCD7B8E510476 ft=1 fh=8a8e1652dbdfc9d5 vn="Variante von Win32/KeyLogger.Refog.D Anwendung" ac=I fn="C:\Windows\SysWOW64\MPK\MPKView.exe"
sh=00CF1149ABC383782207A59FB36FF26D029DE407 ft=1 fh=f7e4f8173af118ab vn="Variante von Win32/KeyLogger.Refog.D Anwendung" ac=I fn="C:\Windows\SysWOW64\MPK\unins000.exe"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="Variante von Win32/KeyLogger.Refog.D Anwendung" ac=I fn="${Memory}"
Code:
Results of screen317's Security Check version 0.99.96 
  x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop 
 Antivirus up to date!  (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
 Secunia PSI (3.0.0.10004) 
  Java 64-bit 8 Update 31 
 Adobe Flash Player    16.0.0.305 
 Adobe Reader XI 
 Mozilla Firefox (35.0.1)
 Mozilla Thunderbird (31.5.0)
````````Process Check: objlist.exe by Laurent```````` 
 Avira Antivir avguard.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````
FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-02-2015
Ran by - (administrator) on SUPERHUHN on 05-03-2015 01:20:44
Running from C:\Users\-\Desktop
Loaded Profiles: UpdatusUser & - (Available profiles: UpdatusUser & -)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-

recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file

will not be moved.)

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop

\sched.exe
() C:\Program Files (x86)\ALDITALKVerbindungsassistent

\ALDITALKVerbindungsassistent_Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop

\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support

\AppleMobileDeviceService.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite

\AdminService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings

\CmdServer\EasyLauncher.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Windows\SysWOW64\MPK\lsynchost.exe
() C:\Windows\SysWOW64\MPK\lsynchost.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira

\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop

\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop

\avwebg7.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology

\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine

Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine

Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine

Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update

Core\daemonu.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
() C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
() C:\Windows\SysWOW64\MPK\MPK.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings

\sSettings.exe
() C:\Windows\SysWOW64\MPK\MpkL64.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files (x86)\ALDITALKVerbindungsassistent

\ALDITALKVerbindungsassistent_Launcher.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira

\Avira.OE.Systray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology

\IAStorIcon.exe
() C:\Program Files (x86)\ALDITALKVerbindungsassistent

\ALDITALKVerbindungsassistent.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to

default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2894152 2013-

09-13] (ELAN Microelectronics Corp.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage

Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel

\IntelAppStore\bin\ismagent.exe [155488 2012-07-13] (Intel Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop

\avgnt.exe [702768 2014-12-16] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira

\Avira.OE.Systray.exe [126712 2015-01-19] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth

Suite\BtvStack.exe [132736 2013-09-25] ( (Atheros Communications))
HKU\S-1-5-21-3774421412-1007907057-219690849-1001\...\RunOnce: [WAB Migrate] =>

C:\Program Files\Windows Mail\wab.exe [516608 2014-10-29] (Microsoft

Corporation)
HKU\S-1-5-21-3774421412-1007907057-219690849-1001\...\MountPoints2: {6fe46d1d-

3af4-11e3-bf0d-20689d529cf9} - "F:\HTC_Sync_Manager_PC.exe"
HKU\S-1-5-21-3774421412-1007907057-219690849-1001\...\MountPoints2: {f047934c-

baa3-11e3-bf41-20689d529cf9} - "E:\Startme.exe"
HKU\S-1-5-21-3774421412-1007907057-219690849-1001\...\MountPoints2: {fcecff43-

b157-11e3-bf3e-20689d529cf9} - "E:\setup.exe" -a
HKU\S-1-5-21-3774421412-1007907057-219690849-1002\...\MountPoints2: {094e4444-

77ef-11e4-bfab-20689d529cf9} - "E:\.\Setup.exe" AUTORUN=1
HKU\S-1-5-21-3774421412-1007907057-219690849-1002\...\MountPoints2: {09753480-

b22c-11e4-bfdf-20689d529cf9} - "E:\.\Setup.exe" AUTORUN=1
HKU\S-1-5-21-3774421412-1007907057-219690849-1002\...\MountPoints2: {0c04df42-

5859-11e4-bf99-806e6f6e6963} - "E:\HTC_Sync_Manager_PC.exe"
HKU\S-1-5-21-3774421412-1007907057-219690849-1002\...\MountPoints2: {6fe46d1d-

3af4-11e3-bf0d-20689d529cf9} - "F:\HTC_Sync_Manager_PC.exe"
HKU\S-1-5-21-3774421412-1007907057-219690849-1002\...\MountPoints2: {f047934c-

baa3-11e3-bf41-20689d529cf9} - "E:\Startme.exe"
HKU\S-1-5-21-3774421412-1007907057-219690849-1002\...\MountPoints2: {fcecff43-

b157-11e3-bf3e-20689d529cf9} - "E:\setup.exe" -a
AppInit_DLLs: C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll

File Not Found
BootExecute: autocheck autochk * 

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be

removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =

hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =

hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =

hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =

hxxp://www.google.com
HKU\S-1-5-21-3774421412-1007907057-219690849-1001\Software\Microsoft\Internet

Explorer\Main,Default_Page_URL = hxxp://samsung13.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-

E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-

E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-

E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3774421412-1007907057-219690849-1001 -> {0AD69A11-

BE0B-4770-8FD4-BF91E4435485} URL =
SearchScopes: HKU\S-1-5-21-3774421412-1007907057-219690849-1002 -> {0AD69A11-

BE0B-4770-8FD4-BF91E4435485} URL =
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program

Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\..\Interfaces\{0DDABD22-DCE1-45B8-9D0E-3B336F1B2E80}: [NameServer]

212.23.103.8 212.23.103.9

FireFox:
========
FF ProfilePath: C:\Users\-\AppData\Roaming\Mozilla\Firefox\Profiles

\1pd4fa4x.default-1420750732713
FF DefaultSearchEngine: LEO Eng-Deu
FF Homepage: hxxp://google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash

\NPSWF64_16_0_0_305.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash

\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes

\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden

\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:

\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT

\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files

(x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll

(Intel Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files

(x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files

(x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files

(x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader

\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Multirow Bookmarks Toolbar Plus - C:\Users\-\AppData\Roaming

\Mozilla\Firefox\Profiles\1pd4fa4x.default-1420750732713\Extensions\{4c7097f7-

08f2-4ef2-9b9f-f95fa4cbb064}.xpi [2015-01-08]
FF Extension: NoScript - C:\Users\-\AppData\Roaming\Mozilla\Firefox\Profiles

\1pd4fa4x.default-1420750732713\Extensions\{73a6fe31-595d-460b-a920-

fcc0f8843232}.xpi [2015-01-23]
FF Extension: Adblock Plus - C:\Users\-\AppData\Roaming\Mozilla\Firefox

\Profiles\1pd4fa4x.default-1420750732713\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-

2b9879e08c5d}.xpi [2015-01-08]
FF Extension: Tab Mix Plus - C:\Users\-\AppData\Roaming\Mozilla\Firefox

\Profiles\1pd4fa4x.default-1420750732713\Extensions\{dc572301-7619-498c-a57d-

39143191b318}.xpi [2015-01-08]
FF Extension: Multirow Bookmarks Toolbar - C:\Users\-\AppData\Roaming\Mozilla

\Firefox\Profiles\1pd4fa4x.default-1420750732713\Extensions\{FBF6D7FB-F305-4445

-BB3D-FEF66579A033}.xpi [2015-01-08]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST

Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] -

C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi

Picker\Firefox [2013-07-22]
FF HKLM-x32\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] - C:\Program Files

(x86)\congstar\Internet-Manager\Bin\addon
FF HKU\S-1-5-21-3774421412-1007907057-219690849-1002\...\Firefox\Extensions:

[{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files

\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files

(x86)\Common Files\DVDVideoSoft\plugins\ff [2014-11-14]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] -

https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [piehhloihgjjiomhieeddiidpekaajio] - C:

\ProgramData\Swiss Academic Software\Citavi Picker\Chrome\ChromePicker.crx

[2013-07-22]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the

registry. The file will not be moved unless listed separately.)

R2 ALDITALKVerbindungsassistent_Service; C:\Program Files

(x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe

[358968 2014-11-30] ()
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop

\sched.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

[431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe

[993584 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448

2013-09-25] (Windows (R) Win 7 DDK provider) [File not signed]
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira

\Avira.OE.ServiceHost.exe [182520 2015-01-19] (Avira Operations GmbH & Co. KG)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft

Corporation)
R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer

\EasyLauncher.exe [1593152 2014-01-29] (Samsung Electronics CO., LTD.)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [100104 2013-09-06]

(ELAN Microelectronics Corp.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology

\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS

Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not

signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files

\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R)

Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine

Components\FWService\IntelMeFWService.exe [131544 2013-09-16] (Intel

Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe

[174368 2014-02-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine

Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
S2 MainLSyncHost; c:\windows\syswow64\mpk\lsynchost.exe [1701176 2014-02-03] ()
S3 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1363160 2014

-11-28] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [765144

2014-11-28] (Secunia)
S3 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe

[3000664 2015-01-06] (Samsung Electronics CO., LTD.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22]

(Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22]

(Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite

\Ath_CoexAgent.exe [323584 2013-09-25] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the

registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-15] (Qualcomm

Atheros Communications, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-17] (Avira

Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131608 2014-10-17] (Avira

Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-12-09] (Avira

Operations GmbH & Co. KG)
U4 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43064 2014-10-17] (Avira

Operations GmbH & Co. KG)
R3 BTATH_HID; C:\Windows\system32\DRIVERS\btath_hid.sys [223432 2013-09-25]

(Qualcomm Atheros)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-25]

(Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04]

(Microsoft Corporation)
R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00B\ccSetx64.sys

[168608 2012-05-26] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-

06-25] (CyberLink)
R3 ewusbnet; C:\Windows\system32\DRIVERS\ewusbnet.sys [138752 2014-11-29]

(Huawei Technologies Co., Ltd.)
S3 ggsomc; C:\Windows\System32\drivers\ggsomc.sys [30424 2014-09-27] (Sony

Mobile Communications)
R0 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20672 2014-05-

21] (Glarysoft Ltd)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16]

(Intel Corporation)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2014-11-28]

(Secunia)
R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27]

(Windows (R) Win 7 DDK provider)
S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2012-09-14] (Windows

(R) 2003 DDK 3790 provider)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22]

(Microsoft Corporation)
R3 WUDFWpdComp; C:\Windows\System32\drivers\WUDFRd.sys [226304 2014-10-29]

(Microsoft Corporation)
S0 BMLoad; system32\drivers\BMLoad.sys [X]
S0 BootDefragDriver; System32\drivers\BootDefragDriver.sys [X]
S3 BTCFilterService; \SystemRoot\system32\DRIVERS\motfilt.sys [X]
S3 HSPADataCardusbmdm; \SystemRoot\system32\DRIVERS\HSPADataCardusbmdm.sys [X]
S3 HSPADataCardusbnmea; \SystemRoot\system32\DRIVERS\HSPADataCardusbnmea.sys [X]
S3 HSPADataCardusbser; \SystemRoot\system32\DRIVERS\HSPADataCardusbser.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 motccgp; \SystemRoot\System32\drivers\motccgp.sys [X]
S3 motccgpfl; \SystemRoot\System32\drivers\motccgpfl.sys [X]
S3 motmodem; \SystemRoot\system32\DRIVERS\motmodem.sys [X]
S3 MotoSwitchService; \SystemRoot\System32\drivers\motswch.sys [X]
S3 Motousbnet; \SystemRoot\system32\DRIVERS\Motousbnet.sys [X]
S3 motusbdevice; \SystemRoot\System32\drivers\motusbdevice.sys [X]
S1 tcpipBM; \??\C:\WINDOWS\system32\drivers\tcpipBM.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry.

Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-05 01:20 - 2015-03-05 01:20 - 00000812 _____ () C:\Users\-\Desktop

\checkup.txt
2015-03-04 21:56 - 2015-03-04 21:56 - 00852594 _____ () C:\Users\-\Desktop

\SecurityCheck.exe
2015-03-04 21:47 - 2015-03-04 21:47 - 02347384 _____ (ESET) C:\Users\-\Desktop

\esetsmartinstaller_deu.exe
2015-03-04 21:26 - 2015-03-04 21:26 - 00000000 ___RD () C:\Users\-\AppData

\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2015-03-03 23:35 - 2015-03-03 23:35 - 00000998 _____ () C:\Users\-\Desktop

\JRT.txt
2015-03-03 23:30 - 2015-03-03 23:30 - 00065536 _____ () C:\WINDOWS

\system32\Ikeext.etl
2015-03-03 23:27 - 2015-03-03 23:27 - 00004818 _____ () C:\Users\-\Desktop

\AdwCleaner[S1].txt
2015-03-03 23:17 - 2015-03-03 23:17 - 01388333 _____ (Thisisu) C:\Users\-

\Desktop\JRT.exe
2015-03-03 23:16 - 2015-03-03 23:16 - 02126848 _____ () C:\Users\-\Desktop

\AdwCleaner_4.111.exe
2015-03-03 23:04 - 2015-03-03 23:04 - 01338935 _____ () C:\Users\-\Desktop

\mbam.txt
2015-03-03 21:06 - 2015-03-03 22:37 - 00129752 _____ (Malwarebytes Corporation)

C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-03-03 21:05 - 2015-03-03 21:05 - 00001114 _____ () C:\Users\Public\Desktop

\Malwarebytes Anti-Malware.lnk
2015-03-03 21:04 - 2015-03-03 21:05 - 00000000 ____D () C:\Program Files

(x86)\Malwarebytes Anti-Malware
2015-03-03 21:04 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation)

C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-03-03 21:04 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation)

C:\WINDOWS\system32\Drivers\mwac.sys
2015-03-03 21:04 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation)

C:\WINDOWS\system32\Drivers\mbam.sys
2015-03-03 21:02 - 2015-03-03 21:03 - 20447072 _____ (Malwarebytes Corporation )

C:\Users\-\Desktop\mbam-setup-2.0.4.1028.exe
2015-03-02 14:48 - 2015-03-02 14:50 - 00036171 _____ () C:\Users\-\Desktop

\Addition.txt
2015-03-02 14:46 - 2015-03-05 01:20 - 00018017 _____ () C:\Users\-\Desktop

\FRST.txt
2015-03-02 14:46 - 2015-03-05 01:20 - 00000000 ____D () C:\FRST
2015-03-02 14:44 - 2015-03-02 14:44 - 00000000 _____ () C:\Users\-

\defogger_reenable
2015-03-02 14:42 - 2015-03-02 14:42 - 02092544 _____ (Farbar) C:\Users\-

\Desktop\FRST64.exe
2015-03-02 14:42 - 2015-03-02 14:42 - 00380416 _____ () C:\Users\-\Desktop

\Gmer-19357.exe
2015-03-02 14:15 - 2014-11-28 13:02 - 01983192 _____ (Secunia) C:\Users\-

\Desktop\psi.exe
2015-03-02 13:05 - 2015-03-02 13:05 - 00050477 _____ () C:\Users\-\Desktop

\Defogger.exe
2015-03-01 23:39 - 2015-03-01 23:39 - 00000000 ____D () C:\WINDOWS

\System32\Tasks\Aufgaben der Ereignisanzeige
2015-03-01 22:07 - 2015-03-01 22:07 - 00003114 _____ () C:\WINDOWS

\System32\Tasks\{0170AE36-7A68-4E7A-80A3-C73135927424}
2015-03-01 20:15 - 2015-03-01 20:15 - 00000000 ____D () C:\Program Files

(x86)\VS Revo Group
2015-03-01 20:00 - 2015-03-01 20:25 - 00000691 _____ () C:\WINDOWS

\SecuniaPackage.log
2015-03-01 19:20 - 2015-03-01 19:20 - 00000000 ____D () C:\Users\-\AppData

\Local\Secunia PSI
2015-03-01 19:20 - 2015-03-01 19:20 - 00000000 ____D () C:\Program Files

(x86)\Secunia
2015-03-01 16:55 - 2015-03-01 16:55 - 05490752 _____ (Secunia) C:\Users\-

\Downloads\PSISetup10004.exe
2015-03-01 16:30 - 2015-03-01 16:30 - 02623656 _____ (VS Revo Group Ltd.) C:

\Users\-\Downloads\revosetup95.exe
2015-03-01 16:18 - 2015-03-01 16:18 - 02126848 _____ () C:\Users\-\Downloads

\AdwCleaner_4.111.exe
2015-03-01 15:34 - 2015-03-01 15:36 - 20447072 _____ (Malwarebytes Corporation )

C:\Users\-\Downloads\mbam-setup-2.0.4.1028.exe
2015-02-28 22:06 - 2015-02-28 22:06 - 00000000 ____D () C:\Users\-\Downloads

\WindowsShortcutArrowEditor
2015-02-28 22:05 - 2015-02-28 22:05 - 00828938 _____ () C:\Users\-\Downloads

\WindowsShortcutArrowEditor.zip
2015-02-25 12:01 - 2014-12-13 22:28 - 00513488 _____ () C:\WINDOWS

\SysWOW64\locale.nls
2015-02-25 12:01 - 2014-12-13 22:28 - 00513488 _____ () C:\WINDOWS

\system32\locale.nls
2015-02-22 17:59 - 2014-04-16 00:35 - 00028352 _____ (Microsoft Corporation) C:

\WINDOWS\SysWOW64\aspnet_counters.dll
2015-02-22 17:59 - 2014-04-16 00:34 - 00029888 _____ (Microsoft Corporation) C:

\WINDOWS\system32\aspnet_counters.dll
2015-02-22 03:10 - 2015-02-22 03:10 - 00000000 ____D () C:\Users\-\AppData

\Local\PDF24
2015-02-22 03:09 - 2015-02-22 03:10 - 00000000 ____D () C:\Program Files

(x86)\PDF24
2015-02-22 03:09 - 2015-02-22 03:09 - 00001091 _____ () C:\Users\Public\Desktop

\PDF24 Creator.lnk
2015-02-21 20:25 - 2015-02-21 20:26 - 16342352 _____ (Geek Software GmbH ) C:

\Users\-\Downloads\pdf24-creator-6.9.2.exe
2015-02-21 17:38 - 2015-02-21 17:44 - 27721680 _____ (pdfforge ) C:\Users\-

\Downloads\PDFCreator-2_0_2-setup.exe
2015-02-21 06:52 - 2015-02-21 06:52 - 00000000 ____D () C:\Users\-\AppData

\Roaming\Avira
2015-02-20 05:07 - 2015-02-20 05:07 - 00001389 _____ () C:\Users\-\Desktop\mom

schicken.txt
2015-02-19 18:51 - 2015-03-01 20:24 - 00000000 ____D () C:\Program Files

(x86)\Mozilla Thunderbird
2015-02-13 23:43 - 2015-03-05 00:51 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe

Flash Player Updater.job
2015-02-13 23:43 - 2015-02-13 23:43 - 00003772 _____ () C:\WINDOWS

\System32\Tasks\Adobe Flash Player Updater
2015-02-13 14:26 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:

\WINDOWS\system32\jscript9.dll
2015-02-13 14:26 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:

\WINDOWS\SysWOW64\jscript9.dll
2015-02-12 02:51 - 2015-01-15 23:43 - 00563504 _____ (Microsoft Corporation) C:

\WINDOWS\system32\Drivers\cng.sys
2015-02-12 02:51 - 2015-01-15 23:43 - 00177984 _____ (Microsoft Corporation) C:

\WINDOWS\system32\Drivers\ksecpkg.sys
2015-02-12 02:51 - 2015-01-14 05:22 - 00445440 _____ (Microsoft Corporation) C:

\WINDOWS\system32\certcli.dll
2015-02-12 02:51 - 2015-01-14 04:53 - 00324096 _____ (Microsoft Corporation) C:

\WINDOWS\SysWOW64\certcli.dll
2015-02-12 02:51 - 2015-01-13 23:11 - 01762840 _____ (Microsoft Corporation) C:

\WINDOWS\system32\WindowsCodecs.dll
2015-02-12 02:51 - 2015-01-13 23:04 - 01489072 _____ (Microsoft Corporation) C:

\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-02-12 02:51 - 2015-01-10 10:10 - 07472960 _____ (Microsoft Corporation) C:

\WINDOWS\system32\ntoskrnl.exe
2015-02-12 02:51 - 2015-01-10 10:10 - 01733440 _____ (Microsoft Corporation) C:

\WINDOWS\system32\ntdll.dll
2015-02-12 02:51 - 2015-01-10 09:28 - 01498360 _____ (Microsoft Corporation) C:

\WINDOWS\SysWOW64\ntdll.dll
2015-02-12 02:51 - 2015-01-10 08:00 - 00430080 _____ (Microsoft Corporation) C:

\WINDOWS\system32\schannel.dll
2015-02-12 02:51 - 2015-01-10 07:38 - 00359424 _____ (Microsoft Corporation) C:

\WINDOWS\SysWOW64\schannel.dll
2015-02-12 02:51 - 2014-12-09 04:45 - 00393728 _____ (Microsoft Corporation) C:

\WINDOWS\SysWOW64\scesrv.dll
2015-02-12 02:51 - 2014-12-09 02:56 - 00538624 _____ (Microsoft Corporation) C:

\WINDOWS\system32\scesrv.dll
2015-02-12 02:50 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:

\WINDOWS\system32\mshtml.dll
2015-02-12 02:50 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:

\WINDOWS\system32\iertutil.dll
2015-02-12 02:50 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:

\WINDOWS\system32\vbscript.dll
2015-02-12 02:50 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:

\WINDOWS\system32\MshtmlDac.dll
2015-02-12 02:50 - 2015-01-12 03:34 - 00816128 _____ (Microsoft Corporation) C:

\WINDOWS\system32\jscript.dll
2015-02-12 02:50 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:

\WINDOWS\SysWOW64\mshtml.dll
2015-02-12 02:50 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:

\WINDOWS\system32\dxtmsft.dll
2015-02-12 02:50 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:

\WINDOWS\SysWOW64\vbscript.dll
2015-02-12 02:50 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:

\WINDOWS\system32\mshtmled.dll
2015-02-12 02:50 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:

\WINDOWS\SysWOW64\MshtmlDac.dll
2015-02-12 02:50 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:

\WINDOWS\SysWOW64\iertutil.dll
2015-02-12 02:50 - 2015-01-12 02:58 - 01032704 _____ (Microsoft Corporation) C:

\WINDOWS\system32\inetcomm.dll
2015-02-12 02:50 - 2015-01-12 02:55 - 00664064 _____ (Microsoft Corporation) C:

\WINDOWS\SysWOW64\jscript.dll
2015-02-12 02:50 - 2015-01-12 02:51 - 00262144 _____ (Microsoft Corporation) C:

\WINDOWS\system32\webcheck.dll
2015-02-12 02:50 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:

\WINDOWS\system32\msfeeds.dll
2015-02-12 02:50 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:

\WINDOWS\system32\ie4uinit.exe
2015-02-12 02:50 - 2015-01-12 02:48 - 00374272 _____ (Microsoft Corporation) C:

\WINDOWS\system32\iedkcs32.dll
2015-02-12 02:50 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:

\WINDOWS\system32\inetcpl.cpl
2015-02-12 02:50 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:

\WINDOWS\SysWOW64\dxtmsft.dll
2015-02-12 02:50 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:

\WINDOWS\system32\ieframe.dll
2015-02-12 02:50 - 2015-01-12 02:34 - 00128000 _____ (Microsoft Corporation) C:

\WINDOWS\SysWOW64\iepeers.dll
2015-02-12 02:50 - 2015-01-12 02:30 - 00880128 _____ (Microsoft Corporation) C:

\WINDOWS\SysWOW64\inetcomm.dll
2015-02-12 02:50 - 2015-01-12 02:27 - 02865152 _____ (Microsoft Corporation) C:

\WINDOWS\system32\actxprxy.dll
2015-02-12 02:50 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:

\WINDOWS\system32\wininet.dll
2015-02-12 02:50 - 2015-01-12 02:25 - 00230400 _____ (Microsoft Corporation) C:

\WINDOWS\SysWOW64\webcheck.dll
2015-02-12 02:50 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:

\WINDOWS\SysWOW64\inetcpl.cpl
2015-02-12 02:50 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:

\WINDOWS\SysWOW64\msfeeds.dll
2015-02-12 02:50 - 2015-01-12 02:23 - 00327168 _____ (Microsoft Corporation) C:

\WINDOWS\SysWOW64\iedkcs32.dll
2015-02-12 02:50 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:

\WINDOWS\SysWOW64\ieframe.dll
2015-02-12 02:50 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:

\WINDOWS\system32\urlmon.dll
2015-02-12 02:50 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:

\WINDOWS\system32\ieapfltr.dll
2015-02-12 02:50 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:

\WINDOWS\SysWOW64\wininet.dll
2015-02-12 02:50 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:

\WINDOWS\SysWOW64\urlmon.dll
2015-02-12 02:50 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:

\WINDOWS\SysWOW64\ieapfltr.dll
2015-02-12 02:50 - 2014-12-19 09:57 - 00788680 _____ (Microsoft Corporation) C:

\WINDOWS\system32\oleaut32.dll
2015-02-12 02:50 - 2014-12-19 09:25 - 00602776 _____ (Microsoft Corporation) C:

\WINDOWS\SysWOW64\oleaut32.dll
2015-02-12 02:50 - 2014-12-09 00:12 - 00391526 _____ () C:\WINDOWS

\system32\ApnDatabase.xml
2015-02-12 02:49 - 2015-01-19 19:42 - 01487976 _____ (Microsoft Corporation) C:

\WINDOWS\system32\sppobjs.dll
2015-02-12 02:49 - 2015-01-10 09:22 - 04175872 _____ (Microsoft Corporation) C:

\WINDOWS\system32\win32k.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-05 01:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-03-05 00:59 - 2015-01-26 14:00 - 01454221 _____ () C:\WINDOWS

\WindowsUpdate.log
2015-03-04 21:51 - 2013-09-30 05:14 - 01780340 _____ () C:\WINDOWS

\system32\PerfStringBackup.INI
2015-03-04 21:51 - 2013-09-30 04:56 - 00766620 _____ () C:\WINDOWS

\system32\perfh007.dat
2015-03-04 21:51 - 2013-09-30 04:56 - 00159902 _____ () C:\WINDOWS

\system32\perfc007.dat
2015-03-04 21:49 - 2015-01-26 14:27 - 00009678 _____ () C:\WINDOWS\setupact.log
2015-03-04 21:34 - 2014-01-31 12:45 - 00000000 ___DO () C:\Users\-\SkyDrive
2015-03-04 21:25 - 2014-05-21 06:50 - 00000344 _____ () C:\WINDOWS\Tasks

\GlaryInitialize 5.job
2015-03-03 23:24 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-03-03 23:24 - 2013-08-22 14:25 - 00524288 ___SH () C:\WINDOWS

\system32\config\BBI
2015-03-03 23:23 - 2014-07-12 13:59 - 00000000 ____D () C:\AdwCleaner
2015-03-03 23:17 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\tracing
2015-03-03 23:17 - 2012-11-07 16:31 - 00000000 ____D () C:\Users\-\AppData

\Local\CrashDumps
2015-03-03 23:12 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-03-03 22:31 - 2015-01-26 20:24 - 00006968 _____ () C:\WINDOWS\PFRO.log
2015-03-03 22:30 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS

\PolicyDefinitions
2015-03-03 21:54 - 2012-10-31 16:39 - 00003598 _____ () C:\WINDOWS

\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3774421412-1007907057-

219690849-1002
2015-03-02 14:44 - 2013-11-30 17:29 - 00000000 ____D () C:\Users\-
2015-03-02 14:43 - 2014-05-11 13:43 - 00000000 ____D () C:\Users\-\Desktop

\ipodfotos
2015-03-02 14:36 - 2012-10-31 18:26 - 00000000 ____D () C:\Users\-\Desktop\start
2015-03-02 14:07 - 2013-01-21 18:03 - 00000000 ____D () C:\Users\-\AppData

\Roaming\Skype
2015-03-02 13:24 - 2013-07-22 10:34 - 00000000 ____D () C:\Users\-\Documents

\Citavi 4
2015-03-02 12:42 - 2014-11-29 18:48 - 00000000 ____D () C:\Users\-\AppData

\Roaming\ALDITALKVerbindungsassistent
2015-03-02 12:42 - 2013-07-15 11:38 - 00000000 ___RD () C:\Users\-\Dropbox
2015-03-02 12:35 - 2013-01-24 19:32 - 00000000 ____D () C:\Users\-\Documents

\CyberLink
2015-03-02 12:33 - 2012-10-31 16:34 - 00000000 ____D () C:\Users\-\Documents

\Bluetooth Folder
2015-03-02 12:31 - 2014-12-31 21:48 - 00000000 ____D () C:\Users\-\Desktop

\schatzi ordner#
2015-03-01 23:45 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-03-01 22:13 - 2012-08-23 04:34 - 00000000 ____D () C:\Program Files

(x86)\Samsung
2015-03-01 22:01 - 2012-10-31 16:43 - 00000000 ____D () C:\Program Files

(x86)\Mozilla Maintenance Service
2015-03-01 21:58 - 2012-08-05 23:44 - 00000000 ____D () C:\WINDOWS\Sec
2015-03-01 21:58 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS

\LiveKernelReports
2015-03-01 20:52 - 2012-08-23 04:32 - 00000000 ___HD () C:\Program Files

(x86)\InstallShield Installation Information
2015-03-01 20:51 - 2012-08-23 05:35 - 00000000 ____D () C:\Program Files

(x86)\CyberLink
2015-03-01 20:48 - 2012-10-31 21:21 - 00000000 ____D () C:\Program Files

(x86)\Ashampoo
2015-03-01 03:06 - 2012-10-31 20:52 - 00000000 ____D () C:\Users\-\AppData

\Roaming\vlc
2015-02-27 17:26 - 2012-08-23 04:34 - 00003040 _____ () C:\WINDOWS

\System32\Tasks\SAgent
2015-02-27 16:58 - 2014-05-21 06:50 - 00000000 ____D () C:\Program Files

(x86)\Glary Utilities 5
2015-02-25 17:04 - 2012-10-31 18:22 - 00000000 ____D () C:\Program Files

(x86)\Audiograbber
2015-02-24 14:09 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-02-18 14:37 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-02-14 04:23 - 2012-10-31 18:54 - 00000000 ____D () C:\Users\-\AppData

\Roaming\Spotify
2015-02-14 03:24 - 2013-05-17 19:12 - 00000000 ____D () C:\Users\-\AppData

\Roaming\Spotydl
2015-02-14 03:19 - 2012-10-31 19:04 - 00000000 ____D () C:\Users\-\AppData

\Local\Spotify
2015-02-13 23:44 - 2012-10-31 20:58 - 00000000 ____D () C:\Users\-\AppData

\Local\Adobe
2015-02-12 10:34 - 2013-12-17 16:09 - 00000000 ____D () C:\Program Files

(x86)\Avira
2015-02-12 10:27 - 2013-08-22 15:44 - 00362760 _____ () C:\WINDOWS

\system32\FNTCACHE.DAT
2015-02-12 03:44 - 2013-08-21 12:27 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-02-12 03:35 - 2012-12-14 16:42 - 116773704 _____ (Microsoft Corporation)

C:\WINDOWS\system32\MRT.exe
2015-02-11 21:29 - 2015-01-24 18:20 - 00000000 ____D () C:\Users\-\AppData

\Roaming\Atheros
2015-02-03 20:31 - 2014-05-17 08:26 - 00714720 _____ (Adobe Systems

Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-02-03 20:31 - 2014-05-17 08:26 - 00106976 _____ (Adobe Systems

Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2012-11-01 12:21 - 2015-01-09 00:00 - 0007597 _____ () C:\Users\-\AppData\Local

\resmon.resmoncfg
2014-07-19 21:21 - 2014-07-19 21:21 - 0000000 ____H () C:\ProgramData

\DP45977C.lfl
2012-08-23 05:42 - 2012-08-08 05:07 - 2258432 _____ (Samsung Electronics) C:

\ProgramData\MakeMarkerFile.exe
2012-08-23 05:42 - 2012-08-07 11:11 - 0003196 _____ () C:\ProgramData

\MakeMarkerFile.xml

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-05 01:08

==================== End Of Log ============================
--- --- ---
--- --- ---

schrauber 05.03.2015 09:15
Bitte WordWrap im Editor abschalten und FRST log nochmal posten, das kann ja kein Mensch lesen :)

L3n0r3 05.03.2015 22:31
woah, sorry...sieht für mich alles gleich kryptisch aus :wtf:

Hier also nochmal in "leserlich" (hoffe, du meintest auch das von gestern...)


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-02-2015
Ran by - (administrator) on SUPERHUHN on 05-03-2015 01:20:44
Running from C:\Users\-\Desktop
Loaded Profiles: UpdatusUser & - (Available profiles: UpdatusUser & -)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
() C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Windows\SysWOW64\MPK\lsynchost.exe
() C:\Windows\SysWOW64\MPK\lsynchost.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
() C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
() C:\Windows\SysWOW64\MPK\MPK.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe
() C:\Windows\SysWOW64\MPK\MpkL64.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
() C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2894152 2013-09-13] (ELAN Microelectronics Corp.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-13] (Intel Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-16] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126712 2015-01-19] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-09-25] ( (Atheros Communications))
HKU\S-1-5-21-3774421412-1007907057-219690849-1001\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2014-10-29] (Microsoft Corporation)
HKU\S-1-5-21-3774421412-1007907057-219690849-1001\...\MountPoints2: {6fe46d1d-3af4-11e3-bf0d-20689d529cf9} - "F:\HTC_Sync_Manager_PC.exe"
HKU\S-1-5-21-3774421412-1007907057-219690849-1001\...\MountPoints2: {f047934c-baa3-11e3-bf41-20689d529cf9} - "E:\Startme.exe"
HKU\S-1-5-21-3774421412-1007907057-219690849-1001\...\MountPoints2: {fcecff43-b157-11e3-bf3e-20689d529cf9} - "E:\setup.exe" -a
HKU\S-1-5-21-3774421412-1007907057-219690849-1002\...\MountPoints2: {094e4444-77ef-11e4-bfab-20689d529cf9} - "E:\.\Setup.exe" AUTORUN=1
HKU\S-1-5-21-3774421412-1007907057-219690849-1002\...\MountPoints2: {09753480-b22c-11e4-bfdf-20689d529cf9} - "E:\.\Setup.exe" AUTORUN=1
HKU\S-1-5-21-3774421412-1007907057-219690849-1002\...\MountPoints2: {0c04df42-5859-11e4-bf99-806e6f6e6963} - "E:\HTC_Sync_Manager_PC.exe"
HKU\S-1-5-21-3774421412-1007907057-219690849-1002\...\MountPoints2: {6fe46d1d-3af4-11e3-bf0d-20689d529cf9} - "F:\HTC_Sync_Manager_PC.exe"
HKU\S-1-5-21-3774421412-1007907057-219690849-1002\...\MountPoints2: {f047934c-baa3-11e3-bf41-20689d529cf9} - "E:\Startme.exe"
HKU\S-1-5-21-3774421412-1007907057-219690849-1002\...\MountPoints2: {fcecff43-b157-11e3-bf3e-20689d529cf9} - "E:\setup.exe" -a
AppInit_DLLs: C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll File Not Found
BootExecute: autocheck autochk * 

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-3774421412-1007907057-219690849-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung13.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3774421412-1007907057-219690849-1001 -> {0AD69A11-BE0B-4770-8FD4-BF91E4435485} URL =
SearchScopes: HKU\S-1-5-21-3774421412-1007907057-219690849-1002 -> {0AD69A11-BE0B-4770-8FD4-BF91E4435485} URL =
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\..\Interfaces\{0DDABD22-DCE1-45B8-9D0E-3B336F1B2E80}: [NameServer] 212.23.103.8 212.23.103.9

FireFox:
========
FF ProfilePath: C:\Users\-\AppData\Roaming\Mozilla\Firefox\Profiles\1pd4fa4x.default-1420750732713
FF DefaultSearchEngine: LEO Eng-Deu
FF Homepage: hxxp://google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Multirow Bookmarks Toolbar Plus - C:\Users\-\AppData\Roaming\Mozilla\Firefox\Profiles\1pd4fa4x.default-1420750732713\Extensions\{4c7097f7-08f2-4ef2-9b9f-f95fa4cbb064}.xpi [2015-01-08]
FF Extension: NoScript - C:\Users\-\AppData\Roaming\Mozilla\Firefox\Profiles\1pd4fa4x.default-1420750732713\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-01-23]
FF Extension: Adblock Plus - C:\Users\-\AppData\Roaming\Mozilla\Firefox\Profiles\1pd4fa4x.default-1420750732713\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-01-08]
FF Extension: Tab Mix Plus - C:\Users\-\AppData\Roaming\Mozilla\Firefox\Profiles\1pd4fa4x.default-1420750732713\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2015-01-08]
FF Extension: Multirow Bookmarks Toolbar - C:\Users\-\AppData\Roaming\Mozilla\Firefox\Profiles\1pd4fa4x.default-1420750732713\Extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}.xpi [2015-01-08]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2013-07-22]
FF HKLM-x32\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] - C:\Program Files (x86)\congstar\Internet-Manager\Bin\addon
FF HKU\S-1-5-21-3774421412-1007907057-219690849-1002\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-11-14]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [piehhloihgjjiomhieeddiidpekaajio] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Chrome\ChromePicker.crx [2013-07-22]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ALDITALKVerbindungsassistent_Service; C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe [358968 2014-11-30] ()
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [993584 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-09-25] (Windows (R) Win 7 DDK provider) [File not signed]
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [182520 2015-01-19] (Avira Operations GmbH & Co. KG)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1593152 2014-01-29] (Samsung Electronics CO., LTD.)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [100104 2013-09-06] (ELAN Microelectronics Corp.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-16] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
S2 MainLSyncHost; c:\windows\syswow64\mpk\lsynchost.exe [1701176 2014-02-03] ()
S3 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1363160 2014-11-28] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [765144 2014-11-28] (Secunia)
S3 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3000664 2015-01-06] (Samsung Electronics CO., LTD.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-09-25] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-15] (Qualcomm Atheros Communications, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131608 2014-10-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-12-09] (Avira Operations GmbH & Co. KG)
U4 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43064 2014-10-17] (Avira Operations GmbH & Co. KG)
R3 BTATH_HID; C:\Windows\system32\DRIVERS\btath_hid.sys [223432 2013-09-25] (Qualcomm Atheros)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-25] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00B\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R3 ewusbnet; C:\Windows\system32\DRIVERS\ewusbnet.sys [138752 2014-11-29] (Huawei Technologies Co., Ltd.)
S3 ggsomc; C:\Windows\System32\drivers\ggsomc.sys [30424 2014-09-27] (Sony Mobile Communications)
R0 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20672 2014-05-21] (Glarysoft Ltd)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2014-11-28] (Secunia)
R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows (R) Win 7 DDK provider)
S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2012-09-14] (Windows (R) 2003 DDK 3790 provider)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
R3 WUDFWpdComp; C:\Windows\System32\drivers\WUDFRd.sys [226304 2014-10-29] (Microsoft Corporation)
S0 BMLoad; system32\drivers\BMLoad.sys [X]
S0 BootDefragDriver; System32\drivers\BootDefragDriver.sys [X]
S3 BTCFilterService; \SystemRoot\system32\DRIVERS\motfilt.sys [X]
S3 HSPADataCardusbmdm; \SystemRoot\system32\DRIVERS\HSPADataCardusbmdm.sys [X]
S3 HSPADataCardusbnmea; \SystemRoot\system32\DRIVERS\HSPADataCardusbnmea.sys [X]
S3 HSPADataCardusbser; \SystemRoot\system32\DRIVERS\HSPADataCardusbser.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 motccgp; \SystemRoot\System32\drivers\motccgp.sys [X]
S3 motccgpfl; \SystemRoot\System32\drivers\motccgpfl.sys [X]
S3 motmodem; \SystemRoot\system32\DRIVERS\motmodem.sys [X]
S3 MotoSwitchService; \SystemRoot\System32\drivers\motswch.sys [X]
S3 Motousbnet; \SystemRoot\system32\DRIVERS\Motousbnet.sys [X]
S3 motusbdevice; \SystemRoot\System32\drivers\motusbdevice.sys [X]
S1 tcpipBM; \??\C:\WINDOWS\system32\drivers\tcpipBM.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-05 01:20 - 2015-03-05 01:20 - 00000812 _____ () C:\Users\-\Desktop\checkup.txt
2015-03-04 21:56 - 2015-03-04 21:56 - 00852594 _____ () C:\Users\-\Desktop\SecurityCheck.exe
2015-03-04 21:47 - 2015-03-04 21:47 - 02347384 _____ (ESET) C:\Users\-\Desktop\esetsmartinstaller_deu.exe
2015-03-04 21:26 - 2015-03-04 21:26 - 00000000 ___RD () C:\Users\-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2015-03-03 23:35 - 2015-03-03 23:35 - 00000998 _____ () C:\Users\-\Desktop\JRT.txt
2015-03-03 23:30 - 2015-03-03 23:30 - 00065536 _____ () C:\WINDOWS\system32\Ikeext.etl
2015-03-03 23:27 - 2015-03-03 23:27 - 00004818 _____ () C:\Users\-\Desktop\AdwCleaner[S1].txt
2015-03-03 23:17 - 2015-03-03 23:17 - 01388333 _____ (Thisisu) C:\Users\-\Desktop\JRT.exe
2015-03-03 23:16 - 2015-03-03 23:16 - 02126848 _____ () C:\Users\-\Desktop\AdwCleaner_4.111.exe
2015-03-03 23:04 - 2015-03-03 23:04 - 01338935 _____ () C:\Users\-\Desktop\mbam.txt
2015-03-03 21:06 - 2015-03-03 22:37 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-03-03 21:05 - 2015-03-03 21:05 - 00001114 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-03-03 21:04 - 2015-03-03 21:05 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-03-03 21:04 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-03-03 21:04 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-03-03 21:04 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-03-03 21:02 - 2015-03-03 21:03 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\-\Desktop\mbam-setup-2.0.4.1028.exe
2015-03-02 14:48 - 2015-03-02 14:50 - 00036171 _____ () C:\Users\-\Desktop\Addition.txt
2015-03-02 14:46 - 2015-03-05 01:20 - 00018017 _____ () C:\Users\-\Desktop\FRST.txt
2015-03-02 14:46 - 2015-03-05 01:20 - 00000000 ____D () C:\FRST
2015-03-02 14:44 - 2015-03-02 14:44 - 00000000 _____ () C:\Users\-\defogger_reenable
2015-03-02 14:42 - 2015-03-02 14:42 - 02092544 _____ (Farbar) C:\Users\-\Desktop\FRST64.exe
2015-03-02 14:42 - 2015-03-02 14:42 - 00380416 _____ () C:\Users\-\Desktop\Gmer-19357.exe
2015-03-02 14:15 - 2014-11-28 13:02 - 01983192 _____ (Secunia) C:\Users\-\Desktop\psi.exe
2015-03-02 13:05 - 2015-03-02 13:05 - 00050477 _____ () C:\Users\-\Desktop\Defogger.exe
2015-03-01 23:39 - 2015-03-01 23:39 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Aufgaben der Ereignisanzeige
2015-03-01 22:07 - 2015-03-01 22:07 - 00003114 _____ () C:\WINDOWS\System32\Tasks\{0170AE36-7A68-4E7A-80A3-C73135927424}
2015-03-01 20:15 - 2015-03-01 20:15 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-03-01 20:00 - 2015-03-01 20:25 - 00000691 _____ () C:\WINDOWS\SecuniaPackage.log
2015-03-01 19:20 - 2015-03-01 19:20 - 00000000 ____D () C:\Users\-\AppData\Local\Secunia PSI
2015-03-01 19:20 - 2015-03-01 19:20 - 00000000 ____D () C:\Program Files (x86)\Secunia
2015-03-01 16:55 - 2015-03-01 16:55 - 05490752 _____ (Secunia) C:\Users\-\Downloads\PSISetup10004.exe
2015-03-01 16:30 - 2015-03-01 16:30 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\-\Downloads\revosetup95.exe
2015-03-01 16:18 - 2015-03-01 16:18 - 02126848 _____ () C:\Users\-\Downloads\AdwCleaner_4.111.exe
2015-03-01 15:34 - 2015-03-01 15:36 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\-\Downloads\mbam-setup-2.0.4.1028.exe
2015-02-28 22:06 - 2015-02-28 22:06 - 00000000 ____D () C:\Users\-\Downloads\WindowsShortcutArrowEditor
2015-02-28 22:05 - 2015-02-28 22:05 - 00828938 _____ () C:\Users\-\Downloads\WindowsShortcutArrowEditor.zip
2015-02-25 12:01 - 2014-12-13 22:28 - 00513488 _____ () C:\WINDOWS\SysWOW64\locale.nls
2015-02-25 12:01 - 2014-12-13 22:28 - 00513488 _____ () C:\WINDOWS\system32\locale.nls
2015-02-22 17:59 - 2014-04-16 00:35 - 00028352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll
2015-02-22 17:59 - 2014-04-16 00:34 - 00029888 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
2015-02-22 03:10 - 2015-02-22 03:10 - 00000000 ____D () C:\Users\-\AppData\Local\PDF24
2015-02-22 03:09 - 2015-02-22 03:10 - 00000000 ____D () C:\Program Files (x86)\PDF24
2015-02-22 03:09 - 2015-02-22 03:09 - 00001091 _____ () C:\Users\Public\Desktop\PDF24 Creator.lnk
2015-02-21 20:25 - 2015-02-21 20:26 - 16342352 _____ (Geek Software GmbH ) C:\Users\-\Downloads\pdf24-creator-6.9.2.exe
2015-02-21 17:38 - 2015-02-21 17:44 - 27721680 _____ (pdfforge ) C:\Users\-\Downloads\PDFCreator-2_0_2-setup.exe
2015-02-21 06:52 - 2015-02-21 06:52 - 00000000 ____D () C:\Users\-\AppData\Roaming\Avira
2015-02-20 05:07 - 2015-02-20 05:07 - 00001389 _____ () C:\Users\-\Desktop\mom schicken.txt
2015-02-19 18:51 - 2015-03-01 20:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-02-13 23:43 - 2015-03-05 00:51 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-02-13 23:43 - 2015-02-13 23:43 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-02-13 14:26 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-02-13 14:26 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-02-12 02:51 - 2015-01-15 23:43 - 00563504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-02-12 02:51 - 2015-01-15 23:43 - 00177984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-02-12 02:51 - 2015-01-14 05:22 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-02-12 02:51 - 2015-01-14 04:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-02-12 02:51 - 2015-01-13 23:11 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-02-12 02:51 - 2015-01-13 23:04 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-02-12 02:51 - 2015-01-10 10:10 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-02-12 02:51 - 2015-01-10 10:10 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-02-12 02:51 - 2015-01-10 09:28 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-02-12 02:51 - 2015-01-10 08:00 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-02-12 02:51 - 2015-01-10 07:38 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-02-12 02:51 - 2014-12-09 04:45 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll
2015-02-12 02:51 - 2014-12-09 02:56 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2015-02-12 02:50 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-02-12 02:50 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-02-12 02:50 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-02-12 02:50 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-02-12 02:50 - 2015-01-12 03:34 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-02-12 02:50 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-02-12 02:50 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-02-12 02:50 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-02-12 02:50 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-02-12 02:50 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-02-12 02:50 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-02-12 02:50 - 2015-01-12 02:58 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-02-12 02:50 - 2015-01-12 02:55 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-02-12 02:50 - 2015-01-12 02:51 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-02-12 02:50 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-02-12 02:50 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-02-12 02:50 - 2015-01-12 02:48 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-02-12 02:50 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-02-12 02:50 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2015-02-12 02:50 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-02-12 02:50 - 2015-01-12 02:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-02-12 02:50 - 2015-01-12 02:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-02-12 02:50 - 2015-01-12 02:27 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-02-12 02:50 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-02-12 02:50 - 2015-01-12 02:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-02-12 02:50 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-02-12 02:50 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-02-12 02:50 - 2015-01-12 02:23 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-02-12 02:50 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-02-12 02:50 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-02-12 02:50 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-02-12 02:50 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-02-12 02:50 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-02-12 02:50 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-02-12 02:50 - 2014-12-19 09:57 - 00788680 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2015-02-12 02:50 - 2014-12-19 09:25 - 00602776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2015-02-12 02:50 - 2014-12-09 00:12 - 00391526 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-02-12 02:49 - 2015-01-19 19:42 - 01487976 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-02-12 02:49 - 2015-01-10 09:22 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-05 01:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-03-05 00:59 - 2015-01-26 14:00 - 01454221 _____ () C:\WINDOWS\WindowsUpdate.log
2015-03-04 21:51 - 2013-09-30 05:14 - 01780340 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-03-04 21:51 - 2013-09-30 04:56 - 00766620 _____ () C:\WINDOWS\system32\perfh007.dat
2015-03-04 21:51 - 2013-09-30 04:56 - 00159902 _____ () C:\WINDOWS\system32\perfc007.dat
2015-03-04 21:49 - 2015-01-26 14:27 - 00009678 _____ () C:\WINDOWS\setupact.log
2015-03-04 21:34 - 2014-01-31 12:45 - 00000000 ___DO () C:\Users\-\SkyDrive
2015-03-04 21:25 - 2014-05-21 06:50 - 00000344 _____ () C:\WINDOWS\Tasks\GlaryInitialize 5.job
2015-03-03 23:24 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-03-03 23:24 - 2013-08-22 14:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-03-03 23:23 - 2014-07-12 13:59 - 00000000 ____D () C:\AdwCleaner
2015-03-03 23:17 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\tracing
2015-03-03 23:17 - 2012-11-07 16:31 - 00000000 ____D () C:\Users\-\AppData\Local\CrashDumps
2015-03-03 23:12 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-03-03 22:31 - 2015-01-26 20:24 - 00006968 _____ () C:\WINDOWS\PFRO.log
2015-03-03 22:30 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2015-03-03 21:54 - 2012-10-31 16:39 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3774421412-1007907057-219690849-1002
2015-03-02 14:44 - 2013-11-30 17:29 - 00000000 ____D () C:\Users\-
2015-03-02 14:43 - 2014-05-11 13:43 - 00000000 ____D () C:\Users\-\Desktop\ipodfotos
2015-03-02 14:36 - 2012-10-31 18:26 - 00000000 ____D () C:\Users\-\Desktop\start
2015-03-02 14:07 - 2013-01-21 18:03 - 00000000 ____D () C:\Users\-\AppData\Roaming\Skype
2015-03-02 13:24 - 2013-07-22 10:34 - 00000000 ____D () C:\Users\-\Documents\Citavi 4
2015-03-02 12:42 - 2014-11-29 18:48 - 00000000 ____D () C:\Users\-\AppData\Roaming\ALDITALKVerbindungsassistent
2015-03-02 12:42 - 2013-07-15 11:38 - 00000000 ___RD () C:\Users\-\Dropbox
2015-03-02 12:35 - 2013-01-24 19:32 - 00000000 ____D () C:\Users\-\Documents\CyberLink
2015-03-02 12:33 - 2012-10-31 16:34 - 00000000 ____D () C:\Users\-\Documents\Bluetooth Folder
2015-03-02 12:31 - 2014-12-31 21:48 - 00000000 ____D () C:\Users\-\Desktop\schatzi ordner#
2015-03-01 23:45 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-03-01 22:13 - 2012-08-23 04:34 - 00000000 ____D () C:\Program Files (x86)\Samsung
2015-03-01 22:01 - 2012-10-31 16:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-01 21:58 - 2012-08-05 23:44 - 00000000 ____D () C:\WINDOWS\Sec
2015-03-01 21:58 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\LiveKernelReports
2015-03-01 20:52 - 2012-08-23 04:32 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-03-01 20:51 - 2012-08-23 05:35 - 00000000 ____D () C:\Program Files (x86)\CyberLink
2015-03-01 20:48 - 2012-10-31 21:21 - 00000000 ____D () C:\Program Files (x86)\Ashampoo
2015-03-01 03:06 - 2012-10-31 20:52 - 00000000 ____D () C:\Users\-\AppData\Roaming\vlc
2015-02-27 17:26 - 2012-08-23 04:34 - 00003040 _____ () C:\WINDOWS\System32\Tasks\SAgent
2015-02-27 16:58 - 2014-05-21 06:50 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities 5
2015-02-25 17:04 - 2012-10-31 18:22 - 00000000 ____D () C:\Program Files (x86)\Audiograbber
2015-02-24 14:09 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-02-18 14:37 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-02-14 04:23 - 2012-10-31 18:54 - 00000000 ____D () C:\Users\-\AppData\Roaming\Spotify
2015-02-14 03:24 - 2013-05-17 19:12 - 00000000 ____D () C:\Users\-\AppData\Roaming\Spotydl
2015-02-14 03:19 - 2012-10-31 19:04 - 00000000 ____D () C:\Users\-\AppData\Local\Spotify
2015-02-13 23:44 - 2012-10-31 20:58 - 00000000 ____D () C:\Users\-\AppData\Local\Adobe
2015-02-12 10:34 - 2013-12-17 16:09 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-02-12 10:27 - 2013-08-22 15:44 - 00362760 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-02-12 03:44 - 2013-08-21 12:27 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-02-12 03:35 - 2012-12-14 16:42 - 116773704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-02-11 21:29 - 2015-01-24 18:20 - 00000000 ____D () C:\Users\-\AppData\Roaming\Atheros
2015-02-03 20:31 - 2014-05-17 08:26 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-02-03 20:31 - 2014-05-17 08:26 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2012-11-01 12:21 - 2015-01-09 00:00 - 0007597 _____ () C:\Users\-\AppData\Local\resmon.resmoncfg
2014-07-19 21:21 - 2014-07-19 21:21 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2012-08-23 05:42 - 2012-08-08 05:07 - 2258432 _____ (Samsung Electronics) C:\ProgramData\MakeMarkerFile.exe
2012-08-23 05:42 - 2012-08-07 11:11 - 0003196 _____ () C:\ProgramData\MakeMarkerFile.xml

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-05 01:08

==================== End Of Log ============================
--- --- ---
--- --- ---

schrauber 06.03.2015 12:11
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

C:\$Recycle.Bin\S-1-5-21-3774421412-1007907057-219690849-1002\$RPH3TEU.exe

C:\$Recycle.Bin\S-1-5-21-3774421412-1007907057-219690849-1002\$RQJMHMB.exe

C:\Users\-\Downloads\PDFCreator-2_0_2-setup.exe

C:\Users\-\Downloads\spotydl_setup.exe

C:\Windows\System32\MPK

C:\Windows\SysWOW64\MPK
Emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.





Noch Probleme?

L3n0r3 06.03.2015 12:54
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 29-02-2015
Ran by - at 2015-03-06 12:39:55 Run:1
Running from C:\Users\-\Desktop
Loaded Profiles: UpdatusUser & - (Available profiles: UpdatusUser & -)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\$Recycle.Bin\S-1-5-21-3774421412-1007907057-219690849-1002\$RPH3TEU.exe

C:\$Recycle.Bin\S-1-5-21-3774421412-1007907057-219690849-1002\$RQJMHMB.exe

C:\Users\-\Downloads\PDFCreator-2_0_2-setup.exe

C:\Users\-\Downloads\spotydl_setup.exe

C:\Windows\System32\MPK

C:\Windows\SysWOW64\MPK
Emptytemp:
       
*****************

"C:\$Recycle.Bin\S-1-5-21-3774421412-1007907057-219690849-1002\$RPH3TEU.exe" => File/Directory not found.
"C:\$Recycle.Bin\S-1-5-21-3774421412-1007907057-219690849-1002\$RQJMHMB.exe" => File/Directory not found.
C:\Users\-\Downloads\PDFCreator-2_0_2-setup.exe => Moved successfully.
C:\Users\-\Downloads\spotydl_setup.exe => Moved successfully.
"C:\Windows\System32\MPK" => File/Directory not found.
C:\Windows\SysWOW64\MPK => Moved successfully.
EmptyTemp: => Removed 1.4 GB temporary data.


The system needed a reboot.

==== End of Fixlog 12:42:38 ====

schrauber 06.03.2015 16:34
meine Frage?

L3n0r3 06.03.2015 19:57
Grad Laptop neu gestartet. Secunia hat das Herunterfahren des Systems verlangsamt (20832ms), booten dauert auch (Ereignisanzeige: 107471ms), beim Aufrufen der Ereignisanzeige erscheint eine Meldung zwex Snap-in Problemen, außerdem: "starke "Ressourcenauslastung" und "starke Herabsetzung der Antwortzeit des Desktopfenster-Managers wurde festgestellt" (geöffnet waren 1-2 OpenOffice-Dokumente und Firefox mit 6 Tabs)...dazu die üblichen "Adobe Flash Player 16.0 r0 funktioniert nicht mehr" - Meldungen und Hänger beim Programme öffnen...

Zwecks Messe-Action konnte ich den Laptop die letzten Tage nicht unter Normalgebrauch / -anforderung testen und kann grad nur von den Meldungen und minimaler Nutzung ausgehen. Zumindest gab's bisher keine "Keine Rückmeldung", "Keine Internetverbindung"- Meldungen und kein Einfrieren mehr :)

Danke für die Geduld!!!
Kann man eigentlich sagen, was da genau (alles) los war und in Zukunft vermieden werden sollte?

schrauber 07.03.2015 13:09
Adware war schon drauf. Ansonsten eigentlich nix wildes.

L3n0r3 07.03.2015 16:48
Danke dir :)

schrauber 08.03.2015 08:42
http://deeprybka.trojaner-board.de/b...cleanupneu.png
Cleanup:
(Die Reihenfolge ist hier entscheidend)

Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken.

Falls Combofix verwendet wurde:
http://deeprybka.trojaner-board.de/b.../combofix2.pngCombofix deinstallieren
  • Wichtig: Bitte Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.
  • Drücke bitte die http://deeprybka.trojaner-board.de/b...ne/revo/w7.png + R Taste und schreibe Combofix /Uninstall in das Ausführen-Fenster.
  • Klicke auf OK.
    Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert.
  • Nun die eben deaktivierten Programme wieder aktivieren.

Alle Logs gepostet? Dann lade Dir bitte http://filepony.de/icon/tiny/delfix.pngDelFix herunter.
  • Schließe alle offenen Programme.
  • Starte die delfix.exe mit einem Doppelklick.
  • Setze vor jede Funktion ein Häkchen.
  • Klicke auf Start.

Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...:dankeschoen:und/oder das Forum mit einer kleinen Spende http://www.trojaner-board.de/extra/spende.png unterstützen. :applaus:

http://deeprybka.trojaner-board.de/b...ast/schild.png
Absicherung:
Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen:

Browser
Java
 Flash-Player
PDF-Reader

Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.
Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen.

Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.

Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank.
Meine Empfehlung:
http://filepony.de/icon/emsisoft_anti_malware.png
Emsisoft

Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen.

Optional:
http://filepony.de/icon/noscript.png NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen.
http://filepony.de/icon/malwarebytes_anti_exploit.pngMalwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.


Lade Software von einem sauberen Portal wie http://filepony.de/images/microbanner.gif.
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner .


Abschließend noch ein paar grundsätzliche Bemerkungen:
Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems.
Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.

L3n0r3 09.03.2015 00:03
Habe mich wohl zu früh gefreut... :(
Mit dem langsamen booten / shutdown könnte ich ja leben, aber wenn OpenOffice, Thunderbird, Firefox u.a. Standard-Progs nur "ruckelnd" funktionieren, oder Firefox allein mit lediglich 5-6 offenen Tabs läuft (sonst nüscht offen, außer die Autostart-Dohlen: Avira, etc) und plötzlich gar nichts mehr geht, außer lange genug den on/off Schalter zu drücken... :killpc:
Der "Desktopfenster-Manager" ermittelt ständig eine "starke Ressourcenauslastung", weshalb die Antwortzeit "heruntergesetzt wurde"...
Wäre es eine Option, den Laptop komplett platt zu machen und Windows 8 bzw. 8.1 neu aufzuspielen (wie auch immer das genau funktioniert...)???

schrauber 09.03.2015 13:13
Klar ist das ne ALternative, aber schauen wir erst mal:


ProcessExplorer als Ersatz für den Windows Taskmanager installieren

Lade Dir den Process Explorer als Ersatz für den Taskmanager herunter und installiere ihn, hier findest Du eine Anleitung. Das ist ein wesentlich leistungsfähigerer Ersatz für den Windows-Taskmanager. Im Menü unter "Options" kannst Du den ProcessExplorer dauerhaft als Ersatz für den Taskmanager einrichten (Replace Taskmanager). Das ist sehr empfehlenswert, weil der ProcessExplorer erheblich mehr Funktionen als der Taskmanager hat. Wenn Du diese Einstellung gemacht hast, öffnet sich mit der Tastenkombination STRG + ALT + Entf. nicht mehr der Taskmanager, sondern der ProcessExplorer. Das kann jederzeit durch Abhaken dieser Einstellung wieder rückgängig gemacht werden.

Was wir jetzt konkret brauchen: In jeder Zeile steht ein Prozess, ein paar der Zeilen sind keine richtigen Prozesse, sondern nur Pseudoprozesse für die Tätigkeit des Windos-Kernels. Im Menü View => Select Columns wird ein Dialog geöffnet, in dem Du auswählen kannst, welche Spalten mit Informationen zu den Prozessen angezeigt werden sollen. In dem gehe in das Register "Process Performance" und stelle sicher, dass dort "CPU Usage" angehakt ist, "CPU History" wäre ebenfalls sinnvoll. Unter "CPU Usage" wird der aktuelle Wert der Prozessorauslastung für jeden Prozess angezeigt (im Tabellentitel steht nur kurz "CPU"), "CPU History" blendet für jeden Prozess ein Diagramm ein, das eine Kurve mit der Prozessorauslastung für die letzte Zeit anzeigt.

Damit sollte es Dir möglich sein, zu identifizieren, welcher Prozess Deine CPU in Trab hält. Mache einen Doppelklick auf den Prozess. Du kannst von dem ganzen auch einen Screenshot machen und ihn als Anhang mit Deiner Antwort hochladen (auf "Erweitert" unter dem Textfeld klicken und über "Anhänge verwalten" auf Deinem Rechner suchen lassen und über "Hochladen" anhängen).

L3n0r3 10.03.2015 00:48
Liste der Anhänge anzeigen (Anzahl: 2)
Hier nun mal die Screenshots vom Überblick...wobei sich das ja im Sekundentakt verändert...(Laptop hängt und hängt oder lädt ewig seit dem booten)

Welche 'Properties' brauchst du da genauer?

schrauber 10.03.2015 19:40
Klick mal auf den Reiter CPU, damit die von oben nach unten, viel Verbrauchn nach Wenig, sortiert sind.

Aber ich meine Adobe Reader zu sehen mit viel Saft.

L3n0r3 11.03.2015 07:19
Liste der Anhänge anzeigen (Anzahl: 2)
Die Anzeige ist ja ständig in Bewegung....gute ABM, sich da für nen Screenshotmoment zu entscheiden :P

schrauber 11.03.2015 18:09
Die beiden letzten Screens sind sauber. Auf den oberen war der Adobe Reader schuld an der Last.

L3n0r3 11.03.2015 20:39
und nu? hängt mittlerweile schon bei wenig geöffneten Programmen ...

schrauber 12.03.2015 09:50
Lass den Process explorer offen. Es ist wichtig zu wissen ob es eine CPU Last gibt wenn er hängt. Wenn nicht müssen wir RAM und HDD checken.

L3n0r3 18.03.2015 00:46
Liste der Anhänge anzeigen (Anzahl: 7)
Sorry,...kein Internet die Tage = das Verderben... Ich poste dir nu einfach mal die sporadischen Process Explorer - Screenshots der letzten ca. 20 Minuten. Vielleicht wirst wenigstens du drauß schlau :confused: Habe die Aktualisierungsrate mal auf 5 Sekunden reduziert, um nicht noch verwirrter zu werden :-/ Hänger hatte der Laptop immer wieder beim Fenterwechsel oder, wenn ich schreiben will....

Here we go:

L3n0r3 18.03.2015 01:05
Liste der Anhänge anzeigen (Anzahl: 4)
...und falls das noch was bringen könnte, hier ein paar Meldungen der verrückten "Ereignisanzeige"...

schrauber 18.03.2015 17:09
Auf alle Fälle zieht Firefox ohne Ende.


Revo Uninstaller - Download - Filepony
damit Firefox deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren.

Dann:
https://support.mozilla.org/de/kb/fi...einfach-loesen

L3n0r3 20.03.2015 23:32
Erledigt....bin nu eh erstmal am Rechner beschäftigt und hoffe, dass alles läuft

:dankeschoen:

Fühl mich mittlerweile schon voll schlecht, weil sich das so zieht ...kann man irgendwie n
sagen, was ich da für Mist gebaut hab? Igrnedwas muss ja verspackt worden sein...
Kann ich nu mein firefox wieder einstellen, wie ich es gern hätte? (und vor allem multirow toolbar wieder runterladen?...bin ein "1000+ tab-öffner" und letztendlich landet "vieles" in den bookmarks...)

schrauber 21.03.2015 11:29
Ja mach mal, und dann teste den REchner ausgiebig.


Alle Zeitangaben in WEZ +1. Es ist jetzt 08:05 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131