Runtime Error 50003

OTL logfile created on: 20.01.2014 18:15:06 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Giankarlo\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16750)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

5,00 Gb Total Physical Memory | 3,38 Gb Available Physical Memory | 67,65% Memory free
10,00 Gb Paging File | 7,69 Gb Available in Paging File | 76,91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 121,61 Gb Total Space | 21,02 Gb Free Space | 17,29% Space Free | Partition Type: NTFS
Drive F: | 20,08 Gb Total Space | 16,03 Gb Free Space | 79,86% Space Free | Partition Type: NTFS
Drive I: | 931,42 Gb Total Space | 260,82 Gb Free Space | 28,00% Space Free | Partition Type: NTFS
Drive J: | 111,26 Gb Total Space | 2,51 Gb Free Space | 2,26% Space Free | Partition Type: NTFS
Drive L: | 7,44 Gb Total Space | 2,74 Gb Free Space | 36,87% Space Free | Partition Type: NTFS
Drive Z: | 69,29 Gb Total Space | 32,65 Gb Free Space | 47,12% Space Free | Partition Type: NTFS

Computer Name: GIANKARLO-PC | User Name: Giankarlo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Giankarlo\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe (ArcSoft, Inc.)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.exe (CANON INC.)
PRC - C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE (CANON INC.)
PRC - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE ()
PRC - C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe (CyberLink)
PRC - C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe (CyberLink)
PRC - C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe ()
PRC - C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe ()
PRC - C:\Program Files (x86)\ASUS\AASP\1.00.80\aaCenter.exe ()
PRC - C:\Program Files (x86)\ASUS\EPU-6 Engine\SixEngine.exe ()
PRC - C:\Program Files (x86)\ASUS\AI Direct Link\AsShare.exe (ASUS)
PRC - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\Program Files (x86)\ASUS\AI Direct Link\AsCmd.exe ()
PRC - C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe ()
PRC - C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe (Portrait Displays, Inc.)
PRC - C:\Program Files (x86)\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
PRC - C:\Program Files (x86)\Portrait Displays\Pivot Software\floater.exe ()
PRC - C:\Program Files (x86)\Portrait Displays\Pivot Software\wpCtrl.exe ()


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Locale\de_DE\acrotray.deu ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\464a76a3fdc9ee7456cb4baaea3e503a\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\e40d894a772b2cff5ffd5a84ef20d2d4\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b5b66869081b909d238fdea083cf3179\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\71d887ce964fb69b7f03c4fe7a3f28ff\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\dac1208781fdd0b960afc12efff42944\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\0b37b2bafc33ef52282b9d7b217cabaf\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\8927b576eb15c4a8f4bb04f05e7cc51e\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\4d277a8481c203a35c58bd277a2e71df\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\228b114c79c5d9024bdb4cc580e32c09\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\3a3fc0216674bdea0be809b305517c98\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\884bcbd22130ebeb1211bc7bcc3910c9\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\de853615c8224ba5d9aa9b76276c6d98\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\cf58670896c5313b9b52f026f4455a5d\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\ASUS\AASP\1.00.80\aaCenter.exe ()
MOD - C:\Program Files (x86)\ASUS\EPU-6 Engine\SixEngine.exe ()
MOD - C:\Program Files (x86)\ASUS\AI Direct Link\AsCmd.exe ()
MOD - C:\Program Files (x86)\ASUS\EPU-6 Engine\AsSpindownTimeout.dll ()
MOD - C:\Program Files (x86)\ASUS\AASP\1.00.80\cpuutil.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Direct Link\AsNetlib.dll ()
MOD - C:\Program Files (x86)\Portrait Displays\Pivot Software\floater.exe ()
MOD - C:\Program Files (x86)\Portrait Displays\Pivot Software\wpCtrl.exe ()
MOD - C:\Program Files (x86)\Portrait Displays\Pivot Software\winphook.dll ()
MOD - C:\Windows\SysWOW64\AsIO.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Direct Link\AsMultiLang.dll ()
MOD - C:\Program Files (x86)\ASUS\AASP\1.00.80\PowerDll.dll ()
MOD - C:\Program Files (x86)\ASUS\EPU-6 Engine\pngio.dll ()


========== Services (SafeList) ==========

SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (ADExchange) -- C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe (ArcSoft, Inc.)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (IJPLMSVC) -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE ()
SRV - (CyberLink PowerDVD 11.0 Service) -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe (CyberLink)
SRV - (CyberLink PowerDVD 11.0 Monitor Service) -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe (CyberLink)
SRV - (CLHNServiceForPowerDVD) -- C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe ()
SRV - (OS Selector) -- C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (DTSRVC) -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe ()
SRV - (PdiService) -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe (Portrait Displays, Inc.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (snapman) -- C:\Windows\SysNative\drivers\snapman.sys (Acronis)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Rovi Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (tsusbhub) -- C:\Windows\SysNative\drivers\tsusbhub.sys (Microsoft Corporation)
DRV:64bit: - (Synth3dVsc) -- C:\Windows\SysNative\drivers\Synth3dVsc.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (terminpt) -- C:\Windows\SysNative\drivers\terminpt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (SCDEmu) -- C:\Windows\SysNative\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (L1E) -- C:\Windows\SysNative\drivers\L1E60x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (PdiPorts) -- C:\Windows\SysNative\drivers\PdiPorts.sys (Portrait Displays, Inc.)
DRV:64bit: - (Pnp680r) -- C:\Windows\SysNative\drivers\PnP680r.sys (Silicon Image, Inc)
DRV:64bit: - (cmuda3) -- C:\Windows\SysNative\drivers\cmudax3.sys (C-Media Inc)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV:64bit: - (MarvinBus) -- C:\Windows\SysNative\drivers\MarvinBus64.sys (Pinnacle Systems GmbH)
DRV - ({329F96B6-DF1E-4328-BFDA-39EA953C1312}) -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl (CyberLink Corp.)
DRV - (ntk_PowerDVD) -- C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys (Cyberlink Corp.)
DRV - (ISODrive) -- C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys (EZB Systems, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 

IE - HKU\S-1-5-21-1211304840-1541439233-3964124013-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
IE - HKU\S-1-5-21-1211304840-1541439233-3964124013-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
IE - HKU\S-1-5-21-1211304840-1541439233-3964124013-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYBTU&co=DE&userid=44796972-bc0a-ef49-6d65-d878d12c05ac&searchtype=ds&q={searchTerms}&installDate={installDate}
IE - HKU\S-1-5-21-1211304840-1541439233-3964124013-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYBTU&co=DE&userid=44796972-bc0a-ef49-6d65-d878d12c05ac&searchtype=ds&q={searchTerms}&installDate={installDate}
IE - HKU\S-1-5-21-1211304840-1541439233-3964124013-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYBTU&co=DE&userid=44796972-bc0a-ef49-6d65-d878d12c05ac&searchtype=hp&installDate={installDate}
IE - HKU\S-1-5-21-1211304840-1541439233-3964124013-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1211304840-1541439233-3964124013-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-1211304840-1541439233-3964124013-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9E 72 CC D0 26 38 CD 01 [binary data]
IE - HKU\S-1-5-21-1211304840-1541439233-3964124013-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYBTU&co=DE&userid=44796972-bc0a-ef49-6d65-d878d12c05ac&searchtype=ds&q={searchTerms}&installDate={installDate}
IE - HKU\S-1-5-21-1211304840-1541439233-3964124013-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYBTU&co=DE&userid=44796972-bc0a-ef49-6d65-d878d12c05ac&searchtype=ds&q={searchTerms}&installDate={installDate}
IE - HKU\S-1-5-21-1211304840-1541439233-3964124013-1000\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKU\S-1-5-21-1211304840-1541439233-3964124013-1000\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYBTU&co=DE&userid=44796972-bc0a-ef49-6d65-d878d12c05ac&searchtype=ds&q={searchTerms}&installDate={installDate}
IE - HKU\S-1-5-21-1211304840-1541439233-3964124013-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.selectedEngine: "Web Search"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "hxxp://www.gmx.de/"
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.21
FF - prefs.js..extensions.enabledAddons: web2pdfextension%40web2pdf.adobedotcom:1.2
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - prefs.js..keyword.URL: "hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYBTU&co=DE&userid=44796972-bc0a-ef49-6d65-d878d12c05ac&searchtype=ds&installDate={installDate}&q="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.8: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2014.01.17 17:33:38 | 000,000,000 | ---D | M]

[2012.04.08 22:24:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Giankarlo\AppData\Roaming\mozilla\Extensions
[2014.01.17 19:27:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Giankarlo\AppData\Roaming\mozilla\Firefox\Profiles\vqw2mu45.default\extensions
[2013.09.10 16:24:23 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Giankarlo\AppData\Roaming\mozilla\Firefox\Profiles\vqw2mu45.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2014.01.13 13:37:32 | 000,002,604 | ---- | M] () -- C:\Users\Giankarlo\AppData\Roaming\mozilla\firefox\profiles\vqw2mu45.default\searchplugins\Web Search.xml
[2013.09.09 02:30:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2014.01.09 17:38:02 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014.01.17 17:33:38 | 000,000,000 | ---D | M] (Adobe Acrobat - Create PDF) -- C:\PROGRAM FILES (X86)\ADOBE\ACROBAT 10.0\ACROBAT\BROWSER\WCFIREFOXEXTN

O1 HOSTS File: ([2013.05.10 15:17:36 | 000,005,801 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com 
O1 - Hosts: 127.0.0.1 192.150.14.69 
O1 - Hosts: 127.0.0.1 192.150.18.101 
O1 - Hosts: 127.0.0.1 192.150.18.108 
O1 - Hosts: 127.0.0.1 192.150.22.40 
O1 - Hosts: 127.0.0.1 192.150.8.100 
O1 - Hosts: 127.0.0.1 192.150.8.118 
O1 - Hosts: 127.0.0.1 209-34-83-73.ood.opsource.net 
O1 - Hosts: 127.0.0.1 3dns-1.adobe.com 
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com 
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com 
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com 
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com 
O1 - Hosts: 127.0.0.1 3dns-4.adobe.com 
O1 - Hosts: 127.0.0.1 3dns.adobe.com 
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com 
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com 
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com 
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com 
O1 - Hosts: 127.0.0.1 activate.adobe.com 
O1 - Hosts: 127.0.0.1 activate.adobe.com 
O1 - Hosts: 127.0.0.1 activate.wip.adobe.com 
O1 - Hosts: 127.0.0.1 activate.wip1.adobe.com 
O1 - Hosts: 127.0.0.1 activate.wip2.adobe.com 
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com 
O1 - Hosts: 41 more lines...
O2:64bit: - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexbho.dll (CANON INC.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll File not found
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKU\S-1-5-21-1211304840-1541439233-3964124013-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [CmPCIaudio] C:\Windows\Syswow64\cmicnfg3.cpl (C-Media Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CanonQuickMenu] C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [DT ACR] C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe ()
O4 - HKLM..\Run: [PivotSoftware] C:\Program Files (x86)\Portrait Displays\Pivot Software\wpctrl.exe ()
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [RemoteControl11] C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6D1EB7F3-2203-45E6-B0AC-B0CEEE9B50FC}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - Unable to obtain root file information for disk L:\
O32 - AutoRun File - [2010.05.05 15:09:04 | 000,000,000 | ---- | M] () - Z:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014.01.20 18:05:04 | 000,000,000 | ---D | C] -- C:\ProgramData\CDB
[2014.01.18 22:28:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2014.01.18 22:27:34 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2014.01.18 20:24:59 | 000,000,000 | ---D | C] -- C:\Users\Giankarlo\Desktop\Helicon Focus Pro
[2014.01.15 13:17:21 | 000,000,000 | ---D | C] -- C:\Users\Giankarlo\Desktop\Neuer Ordner (3)
[2014.01.15 12:26:00 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014.01.15 12:26:00 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014.01.15 12:25:59 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2014.01.15 12:25:59 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2014.01.15 12:25:59 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2014.01.15 12:25:59 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2014.01.15 12:25:59 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014.01.15 12:25:59 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014.01.15 12:25:59 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014.01.15 12:25:59 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014.01.15 12:25:59 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014.01.15 12:25:58 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2014.01.15 12:25:58 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2014.01.15 12:25:58 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014.01.15 12:25:57 | 003,959,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014.01.15 12:22:50 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2014.01.15 12:22:50 | 000,007,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2014.01.15 12:22:38 | 000,376,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2014.01.13 15:11:08 | 000,000,000 | ---D | C] -- C:\Users\Giankarlo\AppData\Local\Avg2014
[2014.01.13 13:36:40 | 000,000,000 | ---D | C] -- C:\Users\Giankarlo\AppData\Roaming\TuneUp Software
[2014.01.13 13:35:50 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2014.01.13 13:35:47 | 000,000,000 | -HSD | C] -- C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
[2014.01.13 13:35:46 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2014.01.13 13:35:15 | 000,000,000 | ---D | C] -- C:\Users\Giankarlo\AppData\Roaming\OpenCandy
[2014.01.12 08:42:52 | 000,000,000 | ---D | C] -- C:\ProgramData\APN
[2014.01.12 08:42:50 | 000,000,000 | ---D | C] -- C:\Users\Giankarlo\AppData\Roaming\Avira
[2014.01.12 08:42:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2014.01.12 08:42:00 | 000,131,576 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2014.01.12 08:42:00 | 000,108,440 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2014.01.12 08:42:00 | 000,084,720 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avnetflt.sys
[2014.01.12 08:42:00 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2014.01.12 08:41:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2014.01.12 08:41:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2014.01.12 07:59:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014.01.12 07:59:24 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014.01.12 07:59:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2014.01.12 07:48:05 | 000,000,000 | ---D | C] -- C:\Users\Giankarlo\.appwork
[2014.01.12 07:11:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Logs
[2014.01.12 07:07:15 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014.01.11 23:03:32 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2014.01.11 23:03:31 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2014.01.11 23:03:31 | 011,410,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2014.01.11 23:03:30 | 014,631,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2014.01.11 22:58:32 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\portcls.sys
[2014.01.11 22:58:32 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\drmk.sys
[2014.01.11 22:58:29 | 000,404,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gdi32.dll
[2014.01.11 22:58:12 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2014.01.11 22:58:05 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2014.01.11 22:58:05 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2014.01.11 22:58:05 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\credui.dll
[2014.01.11 22:58:05 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SmartcardCredentialProvider.dll
[2014.01.11 22:58:05 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SmartcardCredentialProvider.dll
[2014.01.11 22:57:50 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scrrun.dll
[2014.01.11 22:57:50 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scrrun.dll
[2014.01.11 22:57:50 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cscript.exe
[2014.01.11 22:57:50 | 000,150,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wshom.ocx
[2014.01.11 22:57:50 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cscript.exe
[2014.01.11 22:57:50 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wshom.ocx
[2014.01.11 22:57:49 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2014.01.11 22:57:49 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2014.01.11 22:57:47 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2014.01.11 22:57:47 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2014.01.11 22:57:47 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2014.01.11 22:57:47 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2014.01.11 22:57:47 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2014.01.11 22:57:42 | 001,474,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2014.01.11 22:57:26 | 000,335,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msieftp.dll
[2014.01.11 22:57:26 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msieftp.dll
[2014.01.11 22:57:03 | 000,000,000 | ---D | C] -- C:\Users\Giankarlo\AppData\Local\JDownloader v2.0
[2014.01.11 22:56:13 | 000,830,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\nshwfp.dll
[2014.01.11 22:56:13 | 000,656,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nshwfp.dll
[2014.01.11 22:56:13 | 000,324,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FWPUCLNT.DLL
[2014.01.11 22:56:13 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\FWPUCLNT.DLL
[2014.01.06 17:18:08 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonIJ
[2014.01.05 18:57:29 | 000,000,000 | ---D | C] -- C:\Users\Giankarlo\Desktop\I K A
[2014.01.02 04:03:14 | 000,000,000 | ---D | C] -- C:\Users\Giankarlo\Desktop\F O F O C O M Gepostet
[2013.12.30 02:32:13 | 000,000,000 | ---D | C] -- C:\Users\Giankarlo\AppData\Roaming\ArcSoft
[2013.12.30 02:28:24 | 000,000,000 | ---D | C] -- C:\ProgramData\ArcSoft
[2013.12.30 02:28:22 | 000,000,000 | ---D | C] -- C:\Users\Giankarlo\AppData\Local\ArcSoft
[2013.12.30 02:28:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ArcSoft
[2013.12.30 02:28:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ArcSoft
[2013.12.30 01:57:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Portrait Professional Studio 10
[2013.12.30 01:56:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Portrait Professional Studio 10
[2013.12.28 13:26:56 | 000,000,000 | ---D | C] -- C:\Users\Giankarlo\AppData\Local\Helicon
[2013.12.28 13:26:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Helicon Software
[2013.12.28 13:26:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nikon
[2013.12.28 13:26:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Helicon Software
[2013.12.23 10:39:36 | 000,000,000 | ---D | C] -- C:\Users\Giankarlo\Desktop\GIA PROBOLI FOFOCOM

========== Files - Modified Within 30 Days ==========

[2014.01.20 18:07:53 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014.01.20 18:07:53 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014.01.20 18:05:43 | 000,000,163 | ---- | M] () -- C:\Windows\Reimage.ini
[2014.01.20 18:03:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014.01.20 17:58:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014.01.20 17:58:36 | 4025,835,520 | -HS- | M] () -- C:\hiberfil.sys
[2014.01.20 17:47:33 | 000,001,122 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2014.01.19 21:24:21 | 003,897,781 | ---- | M] () -- C:\Users\Giankarlo\Desktop\Imitlerim.mp3
[2014.01.19 21:04:44 | 004,242,948 | ---- | M] () -- C:\Users\Giankarlo\Desktop\Pappous.mp3
[2014.01.19 04:20:37 | 000,001,277 | ---- | M] () -- C:\Users\Giankarlo\Desktop\Helicon 3D Viewer.lnk
[2014.01.19 04:20:37 | 000,001,262 | ---- | M] () -- C:\Users\Giankarlo\Desktop\Helicon Focus.lnk
[2014.01.18 20:11:45 | 000,001,517 | ---- | M] () -- C:\Users\Giankarlo\Desktop\2014_01_16 - BLUMEN MAKROS - Verknüpfung.lnk
[2014.01.18 17:04:36 | 000,001,456 | ---- | M] () -- C:\Users\Giankarlo\AppData\Local\Adobe Für Web speichern 13.0 Prefs
[2014.01.17 17:33:43 | 000,002,035 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
[2014.01.15 19:36:42 | 005,100,288 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014.01.13 06:28:27 | 008,224,183 | ---- | M] () -- C:\Users\Giankarlo\Desktop\IMG_0038.jpg
[2014.01.11 17:44:27 | 000,001,559 | ---- | M] () -- C:\Users\Giankarlo\Desktop\2014_01_10 - U P S Fotoshooting - Verknüpfung.lnk
[2014.01.05 19:12:18 | 000,002,028 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013.12.28 13:26:31 | 000,001,288 | ---- | M] () -- C:\Users\Giankarlo\Desktop\Helicon Filter 5.lnk
[2013.12.23 13:11:26 | 001,439,176 | ---- | M] () -- C:\Users\Giankarlo\IMG_036.jpg

========== Files Created - No Company Name ==========

[2014.01.20 18:03:57 | 000,000,163 | ---- | C] () -- C:\Windows\Reimage.ini
[2014.01.20 17:47:33 | 000,001,122 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2014.01.19 21:24:13 | 003,897,781 | ---- | C] () -- C:\Users\Giankarlo\Desktop\Imitlerim.mp3
[2014.01.19 21:04:35 | 004,242,948 | ---- | C] () -- C:\Users\Giankarlo\Desktop\Pappous.mp3
[2014.01.19 04:20:37 | 000,001,277 | ---- | C] () -- C:\Users\Giankarlo\Desktop\Helicon 3D Viewer.lnk
[2014.01.19 04:20:37 | 000,001,262 | ---- | C] () -- C:\Users\Giankarlo\Desktop\Helicon Focus.lnk
[2014.01.18 20:11:45 | 000,001,517 | ---- | C] () -- C:\Users\Giankarlo\Desktop\2014_01_16 - BLUMEN MAKROS - Verknüpfung.lnk
[2014.01.13 06:28:36 | 008,224,183 | ---- | C] () -- C:\Users\Giankarlo\Desktop\IMG_0038.jpg
[2014.01.11 17:44:27 | 000,001,559 | ---- | C] () -- C:\Users\Giankarlo\Desktop\2014_01_10 - U P S Fotoshooting - Verknüpfung.lnk
[2014.01.05 19:12:18 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2014.01.05 19:12:18 | 000,002,028 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013.12.28 13:26:31 | 000,001,288 | ---- | C] () -- C:\Users\Giankarlo\Desktop\Helicon Filter 5.lnk
[2013.12.23 13:11:19 | 001,439,176 | ---- | C] () -- C:\Users\Giankarlo\IMG_036.jpg
[2013.09.19 12:20:08 | 000,000,206 | ---- | C] () -- C:\Users\Giankarlo\AppData\Roaming\.ptbt0
[2013.09.01 14:02:24 | 000,001,456 | ---- | C] () -- C:\Users\Giankarlo\AppData\Local\Adobe Für Web speichern 13.0 Prefs
[2013.08.31 17:15:27 | 000,000,132 | ---- | C] () -- C:\Users\Giankarlo\AppData\Roaming\Adobe CS6-AIFF-Format - Voreinstellungen
[2013.07.12 13:01:34 | 000,786,504 | ---- | C] () -- C:\Windows\SysWow64\CNQ9602N.DAT
[2013.07.12 13:01:34 | 000,296,064 | ---- | C] () -- C:\Windows\SysWow64\CNQ9602W.DAT
[2013.06.11 13:25:57 | 000,006,144 | ---- | C] () -- C:\Users\Giankarlo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.05.06 02:32:06 | 000,000,244 | ---- | C] () -- C:\Users\Giankarlo\AppData\Roaming\default.rss
[2013.05.05 18:44:35 | 000,002,304 | ---- | C] () -- C:\Windows\SysWow64\Machnm32.sys
[2012.04.08 22:15:24 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.04.08 22:05:12 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2012.04.08 22:05:12 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2012.04.08 21:41:41 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2012.04.08 21:41:41 | 000,014,392 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2012.04.08 21:27:10 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\VMix.dll
[2012.04.08 21:27:04 | 000,000,501 | ---- | C] () -- C:\Windows\Cmicnfg3.ini.imi

========== ZeroAccess Check ==========

[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.07.26 03:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.07.26 02:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013.11.17 15:54:04 | 000,000,000 | ---D | M] -- C:\Users\Giankarlo\AppData\Roaming\Anthropics
[2013.11.01 08:26:27 | 000,000,000 | ---D | M] -- C:\Users\Giankarlo\AppData\Roaming\AVAST Software
[2013.06.09 01:33:09 | 000,000,000 | ---D | M] -- C:\Users\Giankarlo\AppData\Roaming\Azureus
[2013.12.16 16:10:26 | 000,000,000 | ---D | M] -- C:\Users\Giankarlo\AppData\Roaming\Canon
[2013.05.05 19:00:54 | 000,000,000 | ---D | M] -- C:\Users\Giankarlo\AppData\Roaming\DisplayTune
[2013.12.09 12:45:47 | 000,000,000 | ---D | M] -- C:\Users\Giankarlo\AppData\Roaming\elsterformular
[2013.05.09 12:34:20 | 000,000,000 | ---D | M] -- C:\Users\Giankarlo\AppData\Roaming\HDRsoft
[2013.06.14 04:06:26 | 000,000,000 | ---D | M] -- C:\Users\Giankarlo\AppData\Roaming\KW
[2014.01.13 13:35:15 | 000,000,000 | ---D | M] -- C:\Users\Giankarlo\AppData\Roaming\OpenCandy
[2013.10.13 18:46:57 | 000,000,000 | ---D | M] -- C:\Users\Giankarlo\AppData\Roaming\PACE Anti-Piracy
[2013.05.10 17:52:43 | 000,000,000 | ---D | M] -- C:\Users\Giankarlo\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2014.01.13 13:36:40 | 000,000,000 | ---D | M] -- C:\Users\Giankarlo\AppData\Roaming\TuneUp Software
[2012.04.11 04:35:56 | 000,000,000 | ---D | M] -- C:\Users\Giankarlo\AppData\Roaming\Xilisoft

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 400 bytes -> C:\Users\Giankarlo\AppData\Local\desktop.ini:07a19238af92db80fe9045ca73c7a84e

< End of report >