Hallo,

bei der Suche nach Hilfe bin ich auf das Trojaner Board gestoßen und hoffe, dass Ihr euch dem Problem annehmen könnt.

Seit geraumer Zeit habe ich Probleme mit der Leistung meines PCs (Acer 3820TG). Hier die Symptome:

- der Computer arbeitet ständig und der Lüfter dreht immer auf höchster stufe
- der Computer stürzt regelmäßig ab und rebootet
- mindestens einmal täglich öffnen sich Browserfenster "von alleine" und weisen auf Werbe-Webseiten ("speed up windows 8" oder so)

Nach einer ersten Recherche gehe ich davon aus das mein System von Malware oder einem Virus befallen ist. Ich würde mich über Hilfe bei der Bereinigung freuen!

Angehängt habe ich die Log-Dateien FRST.txt und ADDITION.txt von FRST64, sowie gmer.log von Gmer-19357.

Gruß
cartonneex

Mein Name ist Sandra und ich werde Dir bei Deinem Problem behilflich sein.

• Bitte arbeite alle Schritte der Reihe nach ab.
• Lese die Anleitungen sorgfältig durch bevor Du beginnst. Wenn es Probleme gibt oder Du etwas nicht verstehst, dann stoppe mit Deiner Ausführung und beschreibe mir das Problem
• Führe bitte nur Scans durch zu denen Du von mir aufgefordert wirst.
• Bitte kein Crossposting ( posten in mehreren Foren).
• Installiere oder deinstalliere während der Bereinigung keine Software, ausser Du wurdest dazu aufgefordert.
• Poste die Logfiles direkt in deinen Thread in Code-Tags.
• Bedenke, dass wir hier alle während unserer Freizeit tätig sind, wenn du innerhalb von 2 Tagen nichts von mir hörst, dann schreibe mir bitte eine PM.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der schnellere und bei einem Befall durch Malware immer der sicherste Weg. Adware lässt sich in den allermeisten Fällen problemlos entfernen.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Dir jemand vom Team sagt, dass Du clean bist.

Posten in Code Tags
Bitte füge die Logs immer in Code-Tags ein. Wenn Du das nicht machst, erschwert es mir sehr das Auswerten. Danke.
Dazu:

• Klicke über dem Antwortfenster auf die Raute #, dann steht dort in eckigen Klammern [] CODE /CODE.
• Zwischen den beiden code-Bausteinen fügst Du dann deine Logfiles ein. Also CODE Logfile /CODE
• Wenn die Logs zu lang sein sollten, dann teile sie bitte auf und poste sie dann hier in Deinem Thread, notfalls in mehreren Antworten.

Schritt 1
Bitte poste alle Logs in Code Tags, danke.

FRST.txt

Code: Alles auswählenAufklappen

ATTFilter

(AMD) C:\Windows\System32\atiesrxx.exe
(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\38.0.2125.9\remoting_host.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\38.0.2125.9\remoting_host.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
() C:\Program Files\ShrewSoft\VPN Client\iked.exe
() C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start8\Start8_64.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbwe\LiveComm.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Arcoid) C:\Program Files (x86)\Advanced Touchpad Server\AdvancedTouchpadServer.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [325120 2009-10-22] (Alps Electric Co., Ltd.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1212560 2012-06-13] (Realtek Semiconductor)
HKLM\...\Run: [IgfxTray] => C:\WINDOWS\system32\igfxtray.exe
HKLM\...\Run: [HotKeysCmds] => C:\WINDOWS\system32\hkcmd.exe
HKLM\...\Run: [Persistence] => C:\WINDOWS\system32\igfxpers.exe
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1273448 2012-04-03] (CANON INC.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-01] (Intel Corporation)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [468112 2011-07-25] (CANON INC.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1289296 2010-02-25] (Dritek System Inc.)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41336 2014-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840568 2014-05-08] (Adobe Systems Inc.)
HKLM-x32\...\Run: [AdvancedTouchpadServer] => C:\Program Files (x86)\Advanced Touchpad Server\AdvancedTouchpadServer.exe [679936 2012-04-26] (Arcoid)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-03-12] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-3070650811-9642294-4145187345-1000\...\Run: [3F39F816CD7BDDEEE521D84DB3B9E481A1B62B66._service_run] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [856904 2014-11-14] (Google Inc.)
HKU\S-1-5-21-3070650811-9642294-4145187345-1000\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIHTU.EXE [239488 2011-04-24] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3070650811-9642294-4145187345-1000\...\Run: [Spotify Web Helper] => C:\Users\Alexander\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1199576 2012-12-11] (Spotify Ltd)
HKU\S-1-5-21-3070650811-9642294-4145187345-1000\...\Run: [Google+ Auto Backup] => "C:\Users\Alexander\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe" /autostart
Startup: C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk
ShortcutTarget: PdaNet Desktop.lnk -> C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe ()
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3070650811-9642294-4145187345-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKU\S-1-5-21-3070650811-9642294-4145187345-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKU\S-1-5-21-3070650811-9642294-4145187345-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x95B9DB66C4A4CD01
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{3B147E7E-B71B-445B-A893-A45C3A4702E2}: [NameServer] 8.8.8.4,8.8.4.4

FireFox:
========
FF ProfilePath: C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\glywutcp.default
FF NetworkProxy: "autoconfig_url", "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(shExpMatch(url%2C%20'http%3A%2F%2Fwww.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fext.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.daisuki.net*')%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('youtube.com%2Fvideoplayback')%20!%3D%20-1%20%26%26%20url.indexOf('%26gcr%3Dus')%20!%3D%20-1%20%26%26%20url.indexOf('%26ptchn')%20!%3D%20-1)%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fpiki.fm*')%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fnew.songza.com*')%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fdsc.discovery.com%2F*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.rdio.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fhtml5.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Flisten.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpreview.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Faccount.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.beatsmusic.com*'))%20%7B%20return%20'PROXY%20us04.sq.proxmate.me%3A8000%3B%20PROXY%20us09.sq.proxmate.me%3A8000%3B%20PROXY%20us11.sq.proxmate.me%3A8000%3B%20PROXY%20us06.sq.proxmate.me%3A8000%3B%20PROXY%20us08.sq.proxmate.me%3A8000%3B%20PROXY%20us02.sq.proxmate.me%3A8000%3B%20PROXY%20us01.sq.proxmate.me%3A8000%3B%20PROXY%20us03.sq.proxmate.me%3A8000%3B%20PROXY%20us07.sq.proxmate.me%3A8000%3B%20PROXY%20us10.sq.proxmate.me%3A8000%3B%20PROXY%20us05.sq.proxmate.me%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D"
FF NetworkProxy: "type", 2
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF Plugin HKU\S-1-5-21-3070650811-9642294-4145187345-1000: @phonostar.de/phonostar -> C:\Program Files (x86)\phonostar-Player\npphonostarDetectNP.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Extension: DSL Soforthilfe - C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\glywutcp.default\Extensions\{} [2014-05-09]
FF Extension: ProxMate - Proxy on steroids! - C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\glywutcp.default\Extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi [2013-06-19]
FF Extension: Adblock Plus - C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\glywutcp.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-06-19]
FF Extension: Disable Anti-Adblock - C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\glywutcp.default\Extensions\{d49a148e-817e-4025-bee3-5d541376de3b}.xpi [2013-06-19]
FF Extension: Adblock Edge - C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\glywutcp.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2013-10-06]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012-09-19]

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR Profile: C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Send using Gmail™ (no button)) - C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahldefgplekckalfcolhhnljbbgaiboc [2013-11-12]
CHR Extension: (Google Docs) - C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-07-16]
CHR Extension: (Google Drive) - C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-16]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-28]
CHR Extension: (YouTube) - C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-16]
CHR Extension: (Anti Anti Adblock) - C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdhdgbmpjfehpkmbgnonnaclejpcepjm [2013-11-12]
CHR Extension: (Webpage Screenshot) - C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckibcdccnfeookdmbahgiakhnjcddpki [2013-11-12]
CHR Extension: (Google Search) - C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-16]
CHR Extension: (Hola Better Internet) - C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\epbfmioobedknooiakdehepogalbgkng [2014-07-19]
CHR Extension: (ZenMate) - C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2014-07-19]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2014-07-31]
CHR Extension: (FoxyProxy Standard) - C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcknhkkoolaabfmlnjonogaaifnjlfnp [2013-11-12]
CHR Extension: (AdBlock) - C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-11-12]
CHR Extension: (Download Helper) - C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnbkeigkjcncjkbmkiibjgbhbnbanmfi [2013-11-12]
CHR Extension: (BugMeNot Lite) - C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\lackfehpdclhclidcbbfcemcpolgdgnb [2013-11-12]
CHR Extension: (Premiumize.me) - C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\lojbjecfjcnaledoelddkcjlifhhfebm [2013-11-12]
CHR Extension: (Save to Pocket) - C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2013-12-02]
CHR Extension: (FreshStart - Cross Browser Session Manager) - C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmidkjogcjnnlfimjcedenagjfacpobb [2013-11-12]
CHR Extension: (Google Wallet) - C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Gmail) - C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-16]
CHR Extension: (Google Similar Pages) - C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjnfggphgdjblhfjaphkjhfpiiekbbej [2013-11-12]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [312448 2013-09-07] (Windows (R) Win 7 DDK provider)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [331776 2012-07-26] (Microsoft Corporation)
S4 CGVPNCliSrvc; C:\Program Files\CyberGhost VPN\CGVPNCliService.exe [2438696 2012-04-26] (mobile concepts GmbH)
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\38.0.2125.9\remoting_host.exe [51016 2014-08-21] (Google Inc.)
R2 ePowerSvc; C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [819232 2010-01-20] (Acer Incorporated)
R2 iked; C:\Program Files\ShrewSoft\VPN Client\iked.exe [1059712 2012-11-08] ()
R2 ipsecd; C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe [800128 2012-11-08] ()
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-01-18] (Hewlett-Packard) [File not signed]
R2 nlsX86cc; C:\Windows\SysWOW64\nlssrv32.exe [66560 2010-12-10] (Nalpeiron Ltd.) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-01-18] (Hewlett-Packard) [File not signed]
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2012-12-06] ()
S3 PrintNotify; C:\Windows\system32\spool\DRIVERS\W32X86\3\PrintConfig.dll [2207232 2013-07-27] (Microsoft Corporation)
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [977088 2014-03-02] () [File not signed]
R2 Spooler; C:\Windows\SysWOW64\spoolsv.exe [496640 2014-06-22] (Microsoft Corporation) [File not signed]
R2 Start8; C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe [142960 2013-03-19] (Stardock Software, Inc)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [32768 2010-04-29] (Google Inc)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [215040 2013-12-19] (Advanced Micro Devices)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-07] (Qualcomm Atheros)
S3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [117632 2013-06-01] (Microsoft Corporation)
S3 BthHFAud; C:\Windows\System32\drivers\BthHfAud.sys [30720 2013-02-02] (Microsoft Corporation)
S3 hwusbfake; C:\Windows\System32\DRIVERS\ewusbfake.sys [113792 2009-07-23] (Huawei Technologies Co., Ltd.) [File not signed]
S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [92888 2014-06-22] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [128728 2014-06-22] (Malwarebytes Corporation)
S3 PcaSp50; C:\Windows\System32\Drivers\PcaSp50.sys [45624 2009-08-24] (Printing Communications Assoc., Inc. (PCAUSA))
S3 Rockusb; C:\Windows\System32\drivers\rockusb.sys [67408 2013-03-06] (Fuzhou Rockchip Electronics Co,Ltd.)
S3 tapoas; C:\Windows\system32\DRIVERS\tapoas.sys [30720 2010-08-03] (The OpenVPN Project)
S3 andnetadb; \SystemRoot\System32\Drivers\lgandnetadb.sys [X]
S3 AndNetDiag; \SystemRoot\system32\DRIVERS\lgandnetdiag64.sys [X]
S3 ANDNetModem; \SystemRoot\system32\DRIVERS\lgandnetmodem64.sys [X]
U3 idsvc; No ImagePath
S3 igfx; \SystemRoot\system32\DRIVERS\igdkmd64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-18 20:22 - 2014-11-18 20:24 - 00049966 _____ () C:\Users\Alexander\Desktop\Addition.txt
2014-11-18 20:20 - 2014-11-18 20:25 - 00030631 _____ () C:\Users\Alexander\Desktop\FRST.txt
2014-11-18 20:19 - 2014-11-18 20:25 - 00000000 ____D () C:\FRST
2014-11-18 20:18 - 2014-11-18 20:18 - 02117120 _____ (Farbar) C:\Users\Alexander\Desktop\FRST64.exe
2014-11-18 14:48 - 2014-11-18 14:48 - 00302011 _____ () C:\Users\Alexander\Desktop\WindowsUpdateDiagnostic.diagcab
2014-11-18 14:38 - 2014-11-18 14:39 - 00278976 _____ () C:\WINDOWS\Minidump\111814-36125-01.dmp
2014-11-18 13:40 - 2014-09-02 20:32 - 00705480 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-11-18 13:40 - 2014-09-02 20:32 - 00104904 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-18 13:29 - 2014-11-18 13:29 - 05061080 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-11-18 13:14 - 2014-11-18 13:14 - 00278976 _____ () C:\WINDOWS\Minidump\111814-48578-01.dmp
2014-11-17 21:36 - 2014-11-17 21:37 - 00278976 _____ () C:\WINDOWS\Minidump\111714-51906-01.dmp
2014-11-11 19:23 - 2014-11-11 19:24 - 00278976 _____ () C:\WINDOWS\Minidump\111114-26046-01.dmp
2014-11-06 03:47 - 2014-11-06 03:47 - 00278976 _____ () C:\WINDOWS\Minidump\110614-70843-01.dmp
2014-11-05 01:17 - 2014-11-05 01:18 - 00278976 _____ () C:\WINDOWS\Minidump\110514-45312-01.dmp
2014-11-03 19:56 - 2014-11-03 20:14 - 00020613 _____ () C:\Users\Alexander\Desktop\Bewerbung_Wohnstätte Alex.odt
2014-11-03 18:45 - 2014-11-03 20:04 - 00016302 _____ () C:\Users\Alexander\Desktop\Lebenslauf_aktuellAlex.odt
2014-11-03 17:32 - 2014-11-03 17:32 - 00104255 _____ () C:\Users\Alexander\Desktop\Lebenslauf_aktuell.odt
2014-11-01 02:02 - 2014-11-01 02:03 - 00278976 _____ () C:\WINDOWS\Minidump\110114-38796-01.dmp
2014-10-29 23:47 - 2014-10-31 02:17 - 00000000 ____D () C:\WINDOWS\system32\AutoUpdateLicense
2014-10-29 18:22 - 2014-10-22 04:34 - 00010777 _____ () C:\WINDOWS\system32\AutoconfigV2.cab
2014-10-29 18:22 - 2014-10-22 04:33 - 00581016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AutoUpdate.exe
2014-10-29 18:22 - 2014-10-22 04:33 - 00462760 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationUI.exe
2014-10-29 18:22 - 2014-10-22 02:08 - 00568832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-10-29 18:22 - 2014-10-22 02:08 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-10-29 18:22 - 2014-10-22 02:01 - 00695808 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-10-29 18:22 - 2014-10-22 02:01 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2014-10-29 18:22 - 2014-10-22 02:01 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-10-29 18:22 - 2014-10-22 02:00 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2014-10-27 18:25 - 2014-10-27 18:28 - 01584509 _____ () C:\Users\Alexander\Desktop\bootanimation (1).zip
2014-10-27 18:24 - 2014-10-27 18:24 - 01529186 _____ () C:\Users\Alexander\Desktop\bootanimation.zip
2014-10-27 17:43 - 2014-10-27 17:43 - 02827570 _____ () C:\Users\Alexander\Desktop\RK31_kernel_3036_fatty2_bob104_icoo (1).7z
2014-10-27 17:43 - 2014-10-27 17:43 - 00000000 ____D () C:\Users\Alexander\Desktop\RK31_kernel_3036_fatty2_bob104_icoo (1)
2014-10-27 17:31 - 2014-10-27 17:31 - 02832931 _____ () C:\Users\Alexander\Desktop\RK31_kernel_3036_fatty2_bob111_icoo.7z
2014-10-27 17:11 - 2014-10-27 17:11 - 00000000 ____D () C:\Users\Alexander\Desktop\Oma_RK31_Chuwi_V88_KK_4.4.4_v2.4_gen1 loader
2014-10-27 16:55 - 2014-10-27 17:02 - 331204046 _____ () C:\Users\Alexander\Desktop\Oma_RK31_Chuwi_V88_KK_4.4.4_v2.4_gen1 loader.7z
2014-10-27 16:48 - 2014-10-27 16:48 - 02858277 _____ () C:\Users\Alexander\Desktop\RK31_kernel_3036_fatty2_icoo (1).7z
2014-10-27 16:48 - 2014-10-27 16:48 - 02827570 _____ () C:\Users\Alexander\Desktop\RK31_kernel_3036_fatty2_bob104_icoo.7z
2014-10-27 09:19 - 2014-10-27 09:20 - 00278976 _____ () C:\WINDOWS\Minidump\102714-33921-01.dmp
2014-10-26 23:30 - 2014-10-26 23:30 - 00278976 _____ () C:\WINDOWS\Minidump\102614-38296-01.dmp
2014-10-26 18:47 - 2014-10-26 18:47 - 00278976 _____ () C:\WINDOWS\Minidump\102614-24750-01.dmp
2014-10-26 13:12 - 2014-10-26 13:12 - 00278976 _____ () C:\WINDOWS\Minidump\102614-32234-01.dmp
2014-10-26 11:33 - 2014-10-26 11:34 - 00278976 _____ () C:\WINDOWS\Minidump\102614-42031-01.dmp
2014-10-26 06:17 - 2014-10-26 06:18 - 00278976 _____ () C:\WINDOWS\Minidump\102614-54843-01.dmp
2014-10-22 19:46 - 2014-10-22 19:46 - 00278976 _____ () C:\WINDOWS\Minidump\102214-28421-01.dmp
2014-10-21 19:07 - 2014-10-21 19:07 - 00278920 _____ () C:\WINDOWS\Minidump\102114-34390-01.dmp

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-18 20:02 - 2012-11-16 11:59 - 00001144 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-18 20:02 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-11-18 19:57 - 2013-07-16 09:25 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-11-18 19:53 - 2013-07-31 10:06 - 01761999 _____ () C:\WINDOWS\WindowsUpdate.log
2014-11-18 19:45 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-11-18 19:17 - 2014-01-13 18:40 - 00000092 _____ () C:\Users\Alexander\AppData\Roaming\WB.CFG
2014-11-18 19:10 - 2012-10-29 14:10 - 00003594 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3070650811-9642294-4145187345-1000
2014-11-18 18:44 - 2014-07-28 16:02 - 00005152 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for ALEXANDER-PC-Alexander Alexander-PC
2014-11-18 18:29 - 2012-11-16 11:59 - 00001140 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-18 18:27 - 2013-07-31 04:59 - 05039351 _____ () C:\WINDOWS\setupact.log
2014-11-18 15:16 - 2012-07-26 11:27 - 03927614 _____ () C:\WINDOWS\system32\perfh007.dat
2014-11-18 15:16 - 2012-07-26 11:27 - 01106744 _____ () C:\WINDOWS\system32\perfc007.dat
2014-11-18 15:16 - 2012-07-26 08:28 - 00005640 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-11-18 15:11 - 2012-07-26 08:22 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-11-18 15:09 - 2012-10-29 13:35 - 00000000 ____D () C:\Users\Alexander
2014-11-18 14:42 - 2014-09-01 22:15 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-11-18 14:38 - 2013-08-28 14:54 - 02339640 _____ () C:\WINDOWS\PFRO.log
2014-11-18 14:38 - 2013-08-04 19:20 - 657431103 _____ () C:\WINDOWS\MEMORY.DMP
2014-11-18 14:38 - 2012-11-06 01:05 - 00000000 ____D () C:\WINDOWS\Minidump
2014-11-18 14:17 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\rescache
2014-11-18 13:27 - 2012-07-26 09:12 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-11-18 13:27 - 2012-07-26 09:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-11-18 13:27 - 2012-07-26 09:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-11-18 13:27 - 2012-07-26 09:12 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-11-18 13:27 - 2012-07-26 09:12 - 00000000 ____D () C:\Program Files\Windows Defender
2014-11-18 13:27 - 2012-07-26 09:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-11-18 13:19 - 2012-07-26 06:26 - 00786432 ___SH () C:\WINDOWS\system32\config\BBI
2014-11-18 12:46 - 2011-10-28 14:21 - 00000000 ____D () C:\Users\Public\Documents\offizielle dokumente
2014-11-18 12:22 - 2014-06-15 02:27 - 00000000 ____D () C:\Users\Alexander\AppData\Local\Adobe
2014-11-17 01:41 - 2011-03-22 13:55 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-17 01:40 - 2013-08-28 08:03 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-11-17 01:39 - 2013-08-15 12:38 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-11-17 01:32 - 2011-03-22 12:17 - 103374192 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-11-13 19:03 - 2009-07-14 03:34 - 00000478 _____ () C:\WINDOWS\win.ini
2014-11-12 22:57 - 2012-11-16 11:59 - 00004116 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-12 22:57 - 2012-11-16 11:59 - 00003880 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-12 18:23 - 2014-08-14 05:19 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msihnd.dll
2014-11-12 18:22 - 2014-08-14 05:19 - 00393216 _____ (Microsoft Corporation) C:\WINDOWS\system32\msihnd.dll
2014-11-03 20:20 - 2011-03-23 11:09 - 00000000 ____D () C:\Users\Alexander\AppData\Local\CrashDumps
2014-11-03 19:56 - 2013-06-24 15:43 - 01739776 ___SH () C:\Users\Alexander\Desktop\Thumbs.db
2014-11-03 19:09 - 2011-03-22 13:55 - 00000000 ____D () C:\Users\Alexander\AppData\Local\Microsoft Help
2014-11-03 17:32 - 2012-10-29 14:02 - 00000000 ____D () C:\Users\Alexander\AppData\Local\Packages
2014-11-01 22:18 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-10-29 23:47 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\WinStore

Files to move or delete:
====================
C:\Users\Alexander\CTX.DAT


Some content of TEMP:
====================
C:\Users\Alexander\AppData\Local\Temp\npp.6.6.7.Installer.exe
C:\Users\Alexander\AppData\Local\Temp\proxy_vole6150075288897273867.dll
C:\Users\Alexander\AppData\Local\Temp\xmlUpdater.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-18 15:26

==================== End Of Log ============================
         

Addition.txt

Code: Alles auswählenAufklappen

ATTFilter

µTorrent (HKU\S-1-5-21-3070650811-9642294-4145187345-1000\...\uTorrent) (Version: 3.4.2.34309 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (Version: 7.2.4 - Hewlett-Packard) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Acer Crystal Eye webcam (HKLM-x32\...\{51F026FA-5146-4232-A8BA-1364740BD053}) (Version: 1.0.1.6 - Liteon)
Acer PowerSmart Manager (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.02.3000 - Acer Incorporated)
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.10 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.3.0.3670 - Adobe Systems Incorporated)
Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5.3 64-bit (HKLM\...\{2DD71ACB-552D-402C-9529-7906ACB95C30}) (Version: 5.3.1 - Adobe Systems Incorporated)
Adobe Pixel Bender Toolkit 2 (HKLM-x32\...\{D5CC77BE-BC5B-424E-8E45-DF60AFF7BE9C}) (Version: 2.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.8.638 - Adobe Systems, Inc.)
Adobe® Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 2.8.0 - Adobe Systems Incorporated)
Advanced Touchpad Server (HKLM-x32\...\Advanced Touchpad Server) (Version:  - )
Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{6030FCD7-8F1A-427D-AF05-8DD1A2EA2ABA}) (Version: 1.5.17.05094 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.5.17.05094 - Alcor Micro Corp.) Hidden
Alien Skin Image Doctor 2 (HKLM\...\Alien Skin Image Doctor 2) (Version:  - Alien Skin Software)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.105.2015.1107 - Alps Electric)
AMD Catalyst Install Manager (HKLM\...\{8F3C9854-8EB9-3D28-4AD7-E3ADD800C7E3}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 7.0 - Atheros)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.23 - Atheros Communications Inc.)
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
Boris Continuum Complete 7 Adobe CS5 (HKLM\...\{A31D5812-F0AA-4AFA-B584-C2C4AC141518}) (Version: 7.0.6 - Boris FX, Inc.)
BrettspielWelt (HKLM-x32\...\BSW) (Version:  - )
calibre 64bit (HKLM\...\{1BC00DD4-173E-4325-BDB7-48A076DFC1EF}) (Version: 1.29.0 - Kovid Goyal)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version:  - )
Canon MP Navigator 1.1 (HKLM-x32\...\MP Navigator 1.1) (Version:  - )
Canon MP Navigator EX 5.1 (HKLM-x32\...\MP Navigator EX 5.1) (Version:  - )
Canon MP110 (HKLM\...\{B3467C74-0678-459a-9180-722763E0AFDE}) (Version:  - )
Canon MX710 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX710_series) (Version:  - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.0.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.0.0 - Canon Inc.)
Canon ScanGear Starter (HKLM-x32\...\{18A5DFF2-8A95-49F3-873F-743CB5549F3D}) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 3.22 - Piriform)
Chrome Remote Desktop Host (HKLM-x32\...\{61F565EB-B101-4EBE-89BB-EF0AA3F2FFB8}) (Version: 38.0.2125.9 - Google Inc.)
Color Efex Pro 4 (HKLM-x32\...\Color Efex Pro 4) (Version: 4.0.0.5 - Nik Software, Inc.)
CyberGhost VPN (HKLM\...\CyberGhost VPN_is1) (Version:  - CyberGhost S.R.L.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dfine 2.0 (HKLM-x32\...\Dfine 2.0) (Version: 2.1.1.2 - Nik Software, Inc.)
DH Driver Cleaner Professional Edition (HKLM-x32\...\Driver Cleaner Pro) (Version: Version 1.5 - Ruud Ketelaars)
DivX-Setup (HKLM-x32\...\DivX Setup.divx.com) (Version: 1.0.5.13 - DivX, Inc. )
Driver Fusion (HKLM-x32\...\{100C8F3B-82D6-4B14-BB7A-5E8C3FF810C8}_is1) (Version: 1.7.0 - Treexy)
Driver Fusion (HKLM-x32\...\Driver Fusion) (Version: 2.0 - Treexy)
Dropbox (HKU\S-1-5-21-3070650811-9642294-4145187345-1000\...\Dropbox) (Version: 1.6.16 - Dropbox, Inc.)
eMule Plus 1.2e (HKLM-x32\...\eMule Plus_is1) (Version:  - eMule Plus Team)
EPSON BX535WD Series Printer Uninstall (HKLM\...\EPSON BX535WD Series) (Version:  - SEIKO EPSON Corporation)
Far Cry 3 (HKLM-x32\...\{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}) (Version: 1.02 - Ubisoft)
Flash Drive Tester v1.14 (HKLM-x32\...\{272C8DEE-F54F-406C-9AA6-B4DE2985A47C}) (Version: 1.14 - Virtual Console)
Fotogalerie (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Garmin BaseCamp (HKLM-x32\...\{74E69F8A-BCBB-4A0A-9361-32225755D8C3}) (Version: 3.2.2 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM-x32\...\{510D2239-6C2E-457B-9590-485EC552D94D}) (Version: 2.3.0.0 - Garmin Ltd or its subsidiaries)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.65 - Google Inc.)
Google SketchUp Pro 8 (HKLM-x32\...\{2C02693A-EF4F-42D1-9036-664B6C0D647E}) (Version: 3.0.3196 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Grand Theft Auto IV (HKLM-x32\...\{579BA58C-F33D-4970-9953-B94B43768AC3}) (Version: 1.00.0000 - Rockstar Games)
HDR Efex Pro 2 (HKLM-x32\...\HDR Efex Pro 2) (Version: 2.0.0.3 - Nik Software, Inc.)
HP Photosmart Prem C410 All-In-One Driver 14.0 Rel. 7 (HKLM\...\{C1164ED0-EF08-4B0B-8084-3BDAEAAEFD8D}) (Version: 14.0 - HP)
Image Resizer for Windows (64 bit) (HKLM\...\{B6EFF29D-7CAB-4CE0-9FFC-3D55D27E948D}) (Version: 3.0.4442.6002 - Brice Lambson)
Image Resizer for Windows (HKLM-x32\...\{14ebe571-096e-4cdd-8ee5-a2c0cc6b9b5e}) (Version: 3.0.4442.6002 - Brice Lambson)
Imagenomic Noiseware 5.0 Plug-in (build 5007) (HKLM\...\ImagenomicNoisewarePlugin) (Version:  - )
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.6.0.1030 - Intel Corporation)
Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.02.00.1002 - Intel Corporation)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle)
Java 7 Update 67 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417067FF}) (Version: 7.0.670 - Oracle)
Java SE Development Kit 7 Update 67 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170670}) (Version: 1.7.0.670 - Oracle)
Java(TM) 6 Update 26 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216024FF}) (Version: 6.0.260 - Oracle)
JDownloader 0.9 (HKLM-x32\...\1489-3350-5074-6281) (Version: 0.9 - AppWork GmbH)
JDownloader 2.0 (HKLM-x32\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
KMSpico v9.2.3 (HKLM\...\KMSpico_is1) (Version: 9.2.3 - )
Launch Manager (HKLM-x32\...\LManager) (Version: 4.0.5 - Acer Inc.)
LG On-Screen Phone (HKLM-x32\...\LG On-Screen Phone) (Version: 4.0.004.130823 - LG Electronics)
LG United Mobile Drivers (HKLM-x32\...\{55031CEF-CE75-4A5C-8DEA-60577820529B}) (Version: 3.10.1.0 - LG Electronics)
Magic Bullet Suite 64-bit (HKLM-x32\...\InstallShield_{3C09DE13-867C-4289-9F95-4510BB3A5F57}) (Version: 11.4.1 - Red Giant Software)
Magic Bullet Suite 64-bit (Version: 11.4.1 - Red Giant Software) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Max Payne 3 (HKLM-x32\...\{1AA94747-3BF6-4237-9E1A-7B3067738FE1}) (Version: 1.0.0.0 - Rockstar Games)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{59E4543A-D49D-4489-B445-473D763C79AF}) (Version: 2.0.672.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Research Mesh Virtual WIFI (HKLM-x32\...\{3F586E56-913B-4C6D-889B-F591485E069D}) (Version: 1.0.0 - Microsoft Corp)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-3070650811-9642294-4145187345-1000\...\SkyDriveSetup.exe) (Version: 16.4.6010.0727 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{4FFA2088-8317-3B14-93CD-4C699DB37843}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Mozilla Firefox 32.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 32.0.1 (x86 de)) (Version: 32.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mp3tag v2.49 (HKLM-x32\...\Mp3tag) (Version: v2.49 - Florian Heidenreich)
MSVCRT110_amd64 (Version: 16.4.1108.0727 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyTomTom 3.2.0.1116 (HKLM-x32\...\MyTomTom) (Version: 3.2.0.1116 - TomTom)
Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.7 - Notepad++ Team)
O&O SafeErase Professional (HKLM\...\{EBA0B3C0-C761-44A1-9C55-9BEC17F387F5}) (Version: 5.0.452 - O&O Software GmbH)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PdaNet+ for Android 4.01 (HKLM-x32\...\PdaNet_is1) (Version:  - June Fabrics Technology Inc)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Perfect Photo Suite 6.1 (HKLM-x32\...\{59679381-3F22-4A40-A7AD-890242D74DF4}) (Version: 6.1 - onOne Software)
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Photomatix Pro version 4.1.1 (HKLM\...\PhotomatixPro41x64_is1) (Version: 4.1.1 - HDRsoft Sarl)
PhotoTune 3 (HKLM-x32\...\{12DC97BF-4D60-4C97-9A10-762F8D710695}) (Version: 3.0.5 - onOne Software)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Portal (HKLM-x32\...\Portal) (Version:  - )
Portal 2 (HKLM-x32\...\Postal 2_is1) (Version:  - )
PS_AIO_07_C410_SW_Min (x32 Version: 140.0.273.000 - Hewlett-Packard) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.305 - Qualcomm Atheros Communications)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
Rockstar Games Social Club (HKLM-x32\...\{08B3869E-D282-424C-9AFC-870E04A4BA14}) (Version: 1.00.0000 - Rockstar Games)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.0.9.5 - Rockstar Games)
Rosetta Stone Version 3 (HKLM-x32\...\{80F7CA44-F3A5-4853-8BA6-DDF57CD4F078}) (Version: 3.4.7.0 - Rosetta Stone Ltd.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.33.0 - SAMSUNG Electronics Co., Ltd.)
Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden
Secure Download Manager (HKLM-x32\...\{7709C9B0-AD83-4F7C-A153-B956BC3C3B0A}) (Version: 3.1.10 - Kivuto Solutions Inc.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
Sharpener Pro 3.0 (HKLM-x32\...\Sharpener Pro 3.0) (Version: 3.0.1.0 - Nik Software, Inc.)
Shrew Soft VPN Client (HKLM\...\Shrew Soft VPN Client) (Version:  - )
Sigil 0.7.4 (HKLM-x32\...\Sigil_is1) (Version:  - John Schember)
Silver Efex Pro 2 (HKLM-x32\...\Silver Efex Pro 2) (Version: 2.0.0.6 - Nik Software, Inc.)
SixaxisPairTool 0.1 (HKLM\...\SixaxisPairTool_is1) (Version: 0.1 - )
SixaxisPairTool 0.2.3 (HKLM-x32\...\SixaxisPairTool_is1) (Version: 0.2.3 - Dancing Pixel Studios)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Sniper Elite 3 Limited Day One Edition MULTi2 1.0 (HKLM-x32\...\Sniper Elite 3 Limited Day One Edition MULTi2 1.0) (Version:  - )
Sonarca Sound Recorder XiFi 3.8.1 (HKLM-x32\...\FC08D902-7038-455B-B5CE-58C9C71B7439_is1) (Version:  - Accmeware Corporation)
Spotify (HKLM-x32\...\Spotify) (Version: 0.5.2 - )
Start8 (HKLM-x32\...\{F9FADF71-8E4E-4482-B95C-0F7A9F1B68AF}_is1) (Version: 1.16 - Stardock Corperation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
T4A Maps Traveller's Africa (HKLM-x32\...\T4A Maps Traveller's Africa) (Version:  - )
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
Trillian (HKLM-x32\...\Trillian) (Version:  - Cerulean Studios, LLC)
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
USB Data Cable Driver (HKLM-x32\...\{AB171825-B5E6-4F9A-8438-6E1D99EFCB58}) (Version: 1.2 - )
VC80CRTRedist - 8.0.50727.4053 (x32 Version: 1.1.0 - DivX, Inc) Hidden
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version:  - Elaborate Bytes)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
Viveza 2 (HKLM-x32\...\Viveza 2) (Version: 2.0.0.9 - Nik Software, Inc.)
VLC media player 2.1.1 (HKLM-x32\...\VLC media player) (Version: 2.1.1 - VideoLAN)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0) (HKLM\...\49CF605F02C7954F4E139D18828DE298CD59217C) (Version: 06/03/2009 2.3.0.0 - Garmin)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
Windows Mobile-Gerätecenter (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows Mobile-Gerätecenter: Treiberupdate (HKLM\...\{92DBCA36-9B41-4DD1-941A-AED149DD37F0}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows-Treiberpaket - Broadcom Corporation (bcbtums) Bluetooth  (03/16/2012 6.5.1.2600) (HKLM\...\6A044848DB955BAB41313E7878DE4E2C68715F24) (Version: 03/16/2012 6.5.1.2600 - Broadcom Corporation)
Windows-Treiberpaket - Broadcom Corporation Bluetooth  (03/16/2012 6.5.1.2600) (HKLM\...\524FB58AAB1C34915E5DAE6F9A7ABD1AA8C96614) (Version: 03/16/2012 6.5.1.2600 - Broadcom Corporation)
Windows-Treiberpaket - Broadcom Corporation Bluetooth  (03/16/2012 6.5.1.2600) (HKLM\...\73EBF284DDB186EC3E526FEE77E2325097703596) (Version: 03/16/2012 6.5.1.2600 - Broadcom Corporation)
Windows-Treiberpaket - Broadcom Corporation Bluetooth  (03/16/2012 6.5.1.2600) (HKLM\...\765E3A42F1EB7BB642F073A20918B588DC4D1193) (Version: 03/16/2012 6.5.1.2600 - Broadcom Corporation)
Windows-Treiberpaket - Broadcom HIDClass  (09/11/2009 6.3.0.1500) (HKLM\...\3366905E6EFF86120E12E2DB3F8F2EDC3B7F5003) (Version: 09/11/2009 6.3.0.1500 - Broadcom)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
XBMC (HKU\S-1-5-21-3070650811-9642294-4145187345-1000\...\XBMC) (Version:  - Team XBMC)
Yahoo! Detect (HKLM-x32\...\YTdetect) (Version:  - )
Zero Assumption Recovery Version 8.4 (HKLM-x32\...\Zero Assumption Recovery_is1) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3070650811-9642294-4145187345-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Alexander\AppData\Roaming\Dropbox\bin\Dropbox.exe ()
CustomCLSID: HKU\S-1-5-21-3070650811-9642294-4145187345-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Alexander\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3070650811-9642294-4145187345-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Alexander\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3070650811-9642294-4145187345-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Alexander\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3070650811-9642294-4145187345-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Alexander\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3070650811-9642294-4145187345-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3070650811-9642294-4145187345-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3070650811-9642294-4145187345-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3070650811-9642294-4145187345-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll (Dropbox, Inc.)

==================== Restore Points  =========================

03-11-2014 02:46:04 Windows Update
09-11-2014 20:13:33 Windows Update
12-11-2014 21:59:27 Windows Update
16-11-2014 23:26:00 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2014-03-26 14:07 - 00001028 ____R C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1                   activate.adobe.com
127.0.0.1                   practivate.adobe.com
127.0.0.1                   lmlicenses.wip4.adobe.com
127.0.0.1                   lm.licenses.adobe.com


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {00917444-8919-4032-82F4-BE78CA311038} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {028C2F07-3CDE-4454-8438-5EA7C10B0B9F} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-16] (Adobe Systems Incorporated)
Task: {12DAE85D-BF1B-42D7-BEE6-F4F43E31FC50} - System32\Tasks\Microsoft Office 15 Sync Maintenance for ALEXANDER-PC-Alexander Alexander-PC => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2014-07-27] (Microsoft Corporation)
Task: {1ED1252F-6045-44FA-A83E-CFEC96E685AA} - System32\Tasks\DealPly => C:\Users\Alexander\AppData\Roaming\DealPly\UpdateProc\UpdateTask.exe [2013-03-10] () <==== ATTENTION
Task: {27B5AA4B-AC34-483B-8B68-A8427413F57A} - System32\Tasks\AutoKMS => C:\WINDOWS\AutoKMS\AutoKMS.exe
Task: {316629FC-56C9-4CB8-ACC6-30A0A298C581} - System32\Tasks\AdobeAAMUpdater-1.0-Alexander-PC-Alexander => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-09-20] (Adobe Systems Incorporated)
Task: {44DA88DE-C848-4D02-AE07-0039200E7879} - System32\Tasks\{EA99DD81-9180-4E80-AFBC-F5DBDD665F22} => C:\Users\Alexander\Downloads\atheros_bluetooth_7.4.0.110_XP\WinXP\Bluetooth_Suite_XP.EXE
Task: {5DA91D57-039D-4B2A-B78E-2D0B12D53399} - System32\Tasks\{3EF368F5-43AF-4D94-A3E2-CD04A261CA11} => C:\Users\Alexander\Downloads\setupSiemens-DCA-140-540v1.0.7.exe
Task: {608142EA-84F8-4218-9F20-D54ADBDD4DA2} - System32\Tasks\{7FD67F37-7E0C-46E0-8BD6-A500CAA31882} => C:\Program Files (x86)\Valve\hl.exe [2003-12-12] (Valve)
Task: {69E21BF9-5EF4-477A-A11C-D106B44F4AC1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-08-22] (Piriform Ltd)
Task: {7592AAE6-1E38-464F-98D4-8F7461AB4BA8} - System32\Tasks\DealPlyUpdate => C:\Program Files (x86)\DealPly\DealPlyUpdate.exe <==== ATTENTION
Task: {7E4BE5FB-C117-4AA5-8C53-E82FA063126E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-16] (Google Inc.)
Task: {86F02D86-BDA3-4493-BA84-13719BB76419} - System32\Tasks\Red Giant Link => C:\Program Files (x86)\Red Giant Link\Red Giant Link.exe
Task: {887D9FB1-E053-41C8-B8AB-E0147E2072FC} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {890F48F2-9A60-4B88-B8CA-BE98A2DD3A60} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {B17E2CE5-FF3B-4537-A79A-2C63AA366DC4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-16] (Google Inc.)
Task: {BACAA378-E2D2-4F29-8AE6-16BB9990421C} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-lang.alexander@live.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-09-20] (Adobe Systems Incorporated)
Task: {CC4BB470-856A-429B-89A1-18D116B33ECC} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {D6DEE56D-79CE-4F23-ADF1-FED6BDB9DE4B} - System32\Tasks\Trigger KMS Activation => C:\Users\Alexander\Downloads\extracted\KMSnano.v19.1\TriggerKMS.exe
Task: {E01AFC3F-88E1-45CC-9DCF-A7916BE51C4D} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-11-17] (Microsoft Corporation)
Task: {E1BB16F8-CF88-4097-8754-A1B25018E66D} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [2014-03-02] ()
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-11-08 05:59 - 2012-11-08 05:59 - 01059712 _____ () C:\Program Files\ShrewSoft\VPN Client\iked.exe
2012-11-05 09:06 - 2012-11-05 09:06 - 00022016 _____ () C:\Program Files\ShrewSoft\VPN Client\libidb.dll
2012-11-05 09:06 - 2012-11-05 09:06 - 00115712 _____ () C:\Program Files\ShrewSoft\VPN Client\libip.dll
2012-11-05 09:06 - 2012-11-05 09:06 - 00013312 _____ () C:\Program Files\ShrewSoft\VPN Client\liblog.dll
2012-11-05 09:06 - 2012-11-05 09:06 - 00033280 _____ () C:\Program Files\ShrewSoft\VPN Client\libvflt.dll
2012-11-05 09:07 - 2012-11-05 09:07 - 00017920 _____ () C:\Program Files\ShrewSoft\VPN Client\libdtp.dll
2012-11-05 09:06 - 2012-11-05 09:06 - 00029184 _____ () C:\Program Files\ShrewSoft\VPN Client\libpfk.dll
2012-11-05 09:06 - 2012-11-05 09:06 - 00018432 _____ () C:\Program Files\ShrewSoft\VPN Client\libith.dll
2012-11-05 09:06 - 2012-11-05 09:06 - 00037888 _____ () C:\Program Files\ShrewSoft\VPN Client\libvnet.dll
2012-11-05 09:07 - 2012-11-05 09:07 - 00621056 _____ () C:\Program Files\ShrewSoft\VPN Client\libike.dll
2012-11-08 05:59 - 2012-11-08 05:59 - 00800128 _____ () C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe
2012-12-06 17:05 - 2012-12-06 17:05 - 00076888 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe
2011-03-23 12:17 - 2009-05-20 14:02 - 00072200 _____ () C:\Program Files (x86)\Launch Manager\CdDirIo.dll
2014-11-18 19:29 - 2014-11-14 22:15 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.65\libglesv2.dll
2014-11-18 19:29 - 2014-11-14 22:15 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.65\libegl.dll
2014-11-18 19:29 - 2014-11-14 22:15 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.65\pdf.dll
2014-11-18 19:29 - 2014-11-14 22:15 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.65\ffmpegsumo.dll
2014-11-18 19:29 - 2014-11-14 22:15 - 14910280 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.65\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\Users\Alexander\Cookies:5z1gTGlbL0VpsgCzk2p5MO
AlternateDataStreams: C:\ProgramData\TEMP:B42C512A
AlternateDataStreams: C:\ProgramData\TEMP:C895616B

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: CGVPNCliSrvc => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\startupfolder: C:^Users^Alexander^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: Acer ePower Management => C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS5ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: AmIcoSinglun64 => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: Connectify => C:\Program Files (x86)\Connectify\Connectify.exe
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: Google Update => "C:\Users\Alexander\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: MobileBroadband => C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe /silent
MSCONFIG\startupreg: MobileConnect => %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent
MSCONFIG\startupreg: RGSC => C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MSCONFIG\startupreg: VirtualCloneDrive => "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
MSCONFIG\startupreg: Windows Mobile-based device management => %windir%\WindowsMobile\wmdcBase.exe
HKLM\...\StartupApproved\Run: => "Windows Mobile Device Center"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "CanonQuickMenu"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "Adobe Acrobat Speed Launcher"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "SDTray"
HKCU\...\StartupApproved\StartupFolder: => "PdaNet Desktop.lnk"
HKCU\...\StartupApproved\Run: => "EPLTarget\P0000000000000000"
HKCU\...\StartupApproved\Run: => "Spotify Web Helper"
HKCU\...\StartupApproved\Run: => "Google+ Auto Backup"

========================= Accounts: ==========================

Administrator (S-1-5-21-3070650811-9642294-4145187345-500 - Administrator - Disabled)
Alexander (S-1-5-21-3070650811-9642294-4145187345-1000 - Administrator - Enabled) => C:\Users\Alexander
Gast (S-1-5-21-3070650811-9642294-4145187345-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3070650811-9642294-4145187345-1004 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: Shrew Soft Virtual Adapter
Description: Shrew Soft Virtual Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Shrew Soft
Service: vnet
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/18/2014 07:50:14 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ALEXANDER-PC)
Description: Bei der Aktivierung der App „Cheezburger.Cheezburger_a2ma4xw3wqp06!App“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (11/18/2014 06:29:42 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:
hr=0xC004F074
Befehlszeilenargumente:
RuleId=dca14e37-0c5c-444f-9b35-1e2f161f5ac3;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a00018a3-f20f-4632-bf7c-8daa5351c914;NotificationInterval=1440;Trigger=UserLogon;SessionId=3

Error: (11/18/2014 06:27:45 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:
hr=0xC004F074
Befehlszeilenargumente:
RuleId=dca14e37-0c5c-444f-9b35-1e2f161f5ac3;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a00018a3-f20f-4632-bf7c-8daa5351c914;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (11/18/2014 03:38:11 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:
hr=0xC004F074
Befehlszeilenargumente:
RuleId=dca14e37-0c5c-444f-9b35-1e2f161f5ac3;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a00018a3-f20f-4632-bf7c-8daa5351c914;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (11/18/2014 03:16:14 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.

Error: (11/18/2014 03:16:14 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (11/18/2014 03:16:13 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (11/18/2014 03:12:24 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:
hr=0xC004F074
Befehlszeilenargumente:
RuleId=dca14e37-0c5c-444f-9b35-1e2f161f5ac3;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a00018a3-f20f-4632-bf7c-8daa5351c914;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (11/18/2014 03:11:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Service_KMS.exe, Version: 13.1.0.0, Zeitstempel: 0x5313ef48
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0x00000000
Fehleroffset: 0x000007fc3de10368
ID des fehlerhaften Prozesses: 0x950
Startzeit der fehlerhaften Anwendung: 0xService_KMS.exe0
Pfad der fehlerhaften Anwendung: Service_KMS.exe1
Pfad des fehlerhaften Moduls: Service_KMS.exe2
Berichtskennung: Service_KMS.exe3
Vollständiger Name des fehlerhaften Pakets: Service_KMS.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Service_KMS.exe5

Error: (11/18/2014 02:46:06 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.


System errors:
=============
Error: (11/18/2014 07:50:14 PM) (Source: DCOM) (EventID: 10010) (User: ALEXANDER-PC)
Description: App.AppXjtkr1ahdjty2gz1eentpxbcpshkyn9ht.wwa

Error: (11/18/2014 06:27:11 PM) (Source: BTHUSB) (EventID: 17) (User: )
Description: Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen und wird nicht verwendet. Der Treiber wurde entladen.

Error: (11/18/2014 04:18:44 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 5

Error: (11/18/2014 04:18:01 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst WMPNetworkSvc erreicht.

Error: (11/18/2014 04:17:31 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst NlaSvc erreicht.

Error: (11/18/2014 03:12:01 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Service KMSELDI" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (11/18/2014 03:09:28 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80246010 fehlgeschlagen: Sicherheitsupdate für Microsoft .NET Framework 3.5 unter Windows 8 und Windows Server 2012 für x64-basierte Systeme (KB2968295)

Error: (11/18/2014 03:09:28 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80246010 fehlgeschlagen: Sicherheitsupdate für Windows 8 für x64-basierte Systeme (KB2977292)

Error: (11/18/2014 03:09:28 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80246010 fehlgeschlagen: Update für Windows 8 für x64-Systeme (KB3003663)

Error: (11/18/2014 03:09:28 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070002 fehlgeschlagen: Advanced Micro Devices, Inc. driver update for ATI Mobility Radeon HD 5000 Series (Engineering Sample - WDDM v1.20)


Microsoft Office Sessions:
=========================
Error: (11/18/2014 07:50:14 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ALEXANDER-PC)
Description: Cheezburger.Cheezburger_a2ma4xw3wqp06!App-2144927141

Error: (11/18/2014 06:29:42 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0xC004F074RuleId=dca14e37-0c5c-444f-9b35-1e2f161f5ac3;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a00018a3-f20f-4632-bf7c-8daa5351c914;NotificationInterval=1440;Trigger=UserLogon;SessionId=3

Error: (11/18/2014 06:27:45 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0xC004F074RuleId=dca14e37-0c5c-444f-9b35-1e2f161f5ac3;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a00018a3-f20f-4632-bf7c-8daa5351c914;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (11/18/2014 03:38:11 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0xC004F074RuleId=dca14e37-0c5c-444f-9b35-1e2f161f5ac3;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a00018a3-f20f-4632-bf7c-8daa5351c914;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (11/18/2014 03:16:14 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: WmiApRplWmiApRpl8F2030000E5050000

Error: (11/18/2014 03:16:14 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance163707000000000000000000008F020000

Error: (11/18/2014 03:16:13 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance163707000000000000000000008F020000

Error: (11/18/2014 03:12:24 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0xC004F074RuleId=dca14e37-0c5c-444f-9b35-1e2f161f5ac3;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a00018a3-f20f-4632-bf7c-8daa5351c914;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (11/18/2014 03:11:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Service_KMS.exe13.1.0.05313ef48unknown0.0.0.00000000000000000000007fc3de1036895001d003398e725bf7C:\Program Files\KMSpico\Service_KMS.exeunknownd952367e-6f2c-11e4-8037-18f46a945b67

Error: (11/18/2014 02:46:06 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: WmiApRplWmiApRpl8F2030000E5050000


CodeIntegrity Errors:
===================================
  Date: 2014-11-18 15:28:31.330
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.stdformat.dll with signing level Unsigned while the system requires signing level Microsoft or better to load.

  Date: 2014-11-18 15:28:31.049
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll with signing level Unsigned while the system requires signing level Microsoft or better to load.

  Date: 2014-11-18 15:28:30.892
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\msdatasrc.dll with signing level Unsigned while the system requires signing level Microsoft or better to load.

  Date: 2014-11-18 15:28:30.580
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.stdformat.dll with signing level Unsigned while the system requires signing level Microsoft or better to load.

  Date: 2014-11-18 15:28:30.267
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll with signing level Unsigned while the system requires signing level Microsoft or better to load.

  Date: 2014-11-18 15:28:29.986
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\msdatasrc.dll with signing level Unsigned while the system requires signing level Microsoft or better to load.

  Date: 2014-11-18 15:28:24.423
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll with signing level Unsigned while the system requires signing level Microsoft or better to load.

  Date: 2014-11-18 15:28:20.423
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll with signing level Unsigned while the system requires signing level Microsoft or better to load.

  Date: 2014-11-18 13:52:30.030
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.stdformat.dll with signing level Unsigned while the system requires signing level Microsoft or better to load.

  Date: 2014-11-18 13:52:29.889
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll with signing level Unsigned while the system requires signing level Microsoft or better to load.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5 CPU M 480 @ 2.67GHz
Percentage of memory in use: 77%
Total physical RAM: 3956.5 MB
Available physical RAM: 879.81 MB
Total Pagefile: 9076.5 MB
Available Pagefile: 3899.04 MB
Total Virtual: 8192 MB
Available Virtual: 8191.78 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:698.54 GB) (Free:116.69 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 08C408C4)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=698.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         

gmer.log

Code: Alles auswählenAufklappen

ATTFilter

GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-11-18 21:00:19
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\0000003e TOSHIBA_MK7559GSXP rev.GN003J 698,64GB
Running: Gmer-19357.exe; Driver: C:\Users\ALEXAN~1\AppData\Local\Temp\uxliauog.sys


---- Kernel code sections - GMER 2.1 ----

.text   C:\WINDOWS\System32\win32k.sys!W32pServiceTable                                                                                 fffff9600023ee00 7 bytes [00, 23, 80, 01, 00, 1B, F2]
.text   C:\WINDOWS\System32\win32k.sys!W32pServiceTable + 8                                                                             fffff9600023ee08 7 bytes [01, 7C, BF, FF, 00, 8E, DA]

---- User code sections - GMER 2.1 ----

.text   C:\WINDOWS\system32\atiesrxx.exe[976] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                              000007fca813177a 4 bytes [13, A8, FC, 07]
.text   C:\WINDOWS\system32\atiesrxx.exe[976] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                              000007fca8131782 4 bytes [13, A8, FC, 07]
.text   C:\WINDOWS\System32\spoolsv.exe[1748] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                              000007fca813177a 4 bytes [13, A8, FC, 07]
.text   C:\WINDOWS\System32\spoolsv.exe[1748] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                              000007fca8131782 4 bytes [13, A8, FC, 07]
.text   C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe[1964] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306  000007fca813177a 4 bytes [13, A8, FC, 07]
.text   C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe[1964] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314  000007fca8131782 4 bytes [13, A8, FC, 07]
.text   C:\WINDOWS\system32\atieclxx.exe[2156] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                             000007fca813177a 4 bytes [13, A8, FC, 07]
.text   C:\WINDOWS\system32\atieclxx.exe[2156] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                             000007fca8131782 4 bytes [13, A8, FC, 07]
.text   C:\Program Files\Apoint2K\Apoint.exe[3104] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                         000007fca813177a 4 bytes [13, A8, FC, 07]
.text   C:\Program Files\Apoint2K\Apoint.exe[3104] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                         000007fca8131782 4 bytes [13, A8, FC, 07]
.text   C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[368] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690                         000007fca3f31532 4 bytes [F3, A3, FC, 07]
.text   C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[368] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698                         000007fca3f3153a 4 bytes [F3, A3, FC, 07]
.text   C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[368] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                       000007fca3f3165a 4 bytes [F3, A3, FC, 07]
.text   C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5420] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690                         000007fca3f31532 4 bytes [F3, A3, FC, 07]
.text   C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5420] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698                         000007fca3f3153a 4 bytes [F3, A3, FC, 07]
.text   C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5420] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                       000007fca3f3165a 4 bytes [F3, A3, FC, 07]
.text   C:\Program Files\Apoint2K\ApMsgFwd.exe[7128] C:\WINDOWS\system32\PSAPI.dll!GetProcessImageFileNameA + 306                       000007fca813177a 4 bytes [13, A8, FC, 07]
.text   C:\Program Files\Apoint2K\ApMsgFwd.exe[7128] C:\WINDOWS\system32\PSAPI.dll!GetProcessImageFileNameA + 314                       000007fca8131782 4 bytes [13, A8, FC, 07]

---- Threads - GMER 2.1 ----

Thread  C:\WINDOWS\system32\csrss.exe [6072:3520]                                                                                       fffff960008d65e8

---- Registry - GMER 2.1 ----

Reg     HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed                                               -1536592479
Reg     HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\18f46a945b67                                                     
Reg     HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\18f46a945b67@38ece489a1d3                                        0x03 0xBF 0x8E 0x4D ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\18f46a945b67@00210d060fe9                                        0xA0 0x7A 0x7B 0x01 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\18f46a945b67@001167000072                                        0x5D 0x96 0xD4 0x63 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\18f46a945b67@7c1e52a8803c                                        0x47 0x14 0xD2 0xF1 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings                                                       
Reg     HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0000                                                  
Reg     HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0000@BackupContext                                    0x02 0x00 0x00 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0000@COD Type                                         3
Reg     HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0000@Identity                                         0x7B 0x00 0x44 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0000@NodeID                                           0xA2 0x70 0x43 0xD6 ...

---- EOF - GMER 2.1 ----
         

Hallo,

leider hast du da nicht legal erworbene Adobeprodukte auf dem Rechner.

Ist das Windows original?

Die Logfiles deuten stark darauf hin, dass du nicht legal erworbene Software einsetzt. Zudem sind Cracks und Patches aus dubioser Quelle sehr oft mit Schädlingen versehen, womit man sich also fast vorsätzlich infiziert.

Wir haben uns hier auf dem Board darauf geeinigt, dass wir an dieser Stelle solange nicht weiter bereinigen, bis die Software entfernt wurde. Hinzu kommt, dass wir dich in unserer Anleitung und auch in diesem Wichtig-Thema unmissverständlich darauf hingewiesen haben, wie wir damit umgehen werden. Saubere, gute Software hat seinen Preis und die Softwarefirmen leben von diesen Einnahmen.

Bitte entscheide Dich also, wie Du weiter vorgehen möchtest und teile mir dieses hier in Deinem Thread mit.
Unsere Hilfe beschränkt sich, wenn Du diese Software nicht entfernst, nur auf das Neuaufsetzen und Absichern deines Systems.
Fragen dazu beantworten wir dir aber weiterhin gerne und zwar in unserem Forum.


Falls du weiter machen möchtest, poste bitte die FRST.txt und auch die addition.txt komplett, danke.