Startup Repair schlägt fehl

ärztefan186 · 13.12.2014, 17:49

Hallo,

nachdem ich auf meinem Windows7-Rechner (Medion, vor drei Jahren bei Aldi gekauft) einfach mal wieder nach längerer Zeit mit Malewarebytes einen Suchlauf gestartet habe und die gefundenen Dateien danach in Quarantäne geschoben habe, startet der PC nicht mehr richtig. Startup Repair startet automatisch, egal, ob ich mit oder ohne sie starten möchte, findet aber nichts und kann das Problem nicht lösen. Ich komme also nichteinmal mehr zum Anmeldebildschirm, der abgesicherte Modus geht ebenfalls nicht.

SFC \scannow findet nichts und chkdsk auch nichts.

Anbei einmal die Logdatei von Malewarebytes mit dem letzten Suchlauf sowie die Fehlermeldung von Startup Repair.

Ich würde nur ungern Windows neu installieren.

Für Hilfe, wie ich meinen Rechner wieder normal nutzen kann, wäre ich sehr dankbar!

Beste Grüße

schrauber · 13.12.2014, 19:11

Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.
Ich kann auf Arbeit keine Anhänge öffnen, danke.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

ärztefan186 · 14.12.2014, 12:44

Alles klar.

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 03.12.2014
Suchlauf-Zeit: 16:34:01
Logdatei: Log 13.12.2014.txt
Administrator: Ja

Version: 2.00.3.1025
Malware Datenbank: v2014.12.03.08
Rootkit Datenbank: v2014.12.02.02
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: ****

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 387965
Verstrichene Zeit: 17 Min, 48 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Warnen
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 1
PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\WOW6432NODE\SEARCHPROTECT, In Quarantäne, [95df65f93d3fe551fd2189d84bb8cb35], 

Registrierungswerte: 1
PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\WOW6432NODE\SEARCHPROTECT|InstallDir, C:\PROGRA~2\SearchProtect, In Quarantäne, [95df65f93d3fe551fd2189d84bb8cb35]

Registrierungsdaten: 1
PUP.Optional.Trovi.A, HKU\S-1-5-21-1129197167-488084488-3586192003-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.trovi.com/?gd=&ctid=CT3330184&octid=EB_ORIGINAL_CTID&ISID=8760EB82-1416-4293-A3A0-2712DEED3F82&SearchSource=55&CUI=&UM=5&UP=SP7B061A1F-4B10-4BC2-A836-E63AF4E02CD1&SSPV=, Gut: (www.google.com), Schlecht: (hxxp://www.trovi.com/?gd=&ctid=CT3330184&octid=EB_ORIGINAL_CTID&ISID=8760EB82-1416-4293-A3A0-2712DEED3F82&SearchSource=55&CUI=&UM=5&UP=SP7B061A1F-4B10-4BC2-A836-E63AF4E02CD1&SSPV=),Ersetzt,[d89c203efb81da5ccccde76db94c8a76]

Ordner: 6
PUP.Optional.SearchProtect.A, C:\Users\****\AppData\Local\SearchProtect, In Quarantäne, [cfa5ea74d9a3f93d347de93fc043f30d], 
PUP.Optional.SearchProtect.A, C:\Users\****\AppData\Local\SearchProtect\SearchProtect, In Quarantäne, [cfa5ea74d9a3f93d347de93fc043f30d], 
PUP.Optional.SearchProtect.A, C:\Users\****\AppData\Local\SearchProtect\SearchProtect\rep, In Quarantäne, [cfa5ea74d9a3f93d347de93fc043f30d], 
PUP.Optional.SearchProtect.A, C:\Users\****\AppData\Local\SearchProtect\SearchProtect\STG, In Quarantäne, [cfa5ea74d9a3f93d347de93fc043f30d], 
PUP.Optional.SearchProtect.A, C:\Users\****\AppData\Local\SearchProtect\UI, In Quarantäne, [cfa5ea74d9a3f93d347de93fc043f30d], 
PUP.Optional.SearchProtect.A, C:\Users\****\AppData\Local\SearchProtect\UI\rep, In Quarantäne, [cfa5ea74d9a3f93d347de93fc043f30d], 

Dateien: 10
PUP.Optional.ICForge, C:\Users\****\Downloads\FileZilla_3.7.3_win32-setup.exe, Keine Aktion durch Benutzer, [adc7afaf8af2bb7b2058a9253dc42ad6], 
PUP.Optional.Conduit.A, C:\Users\****\AppData\Local\Temp\nsr3413.exe, In Quarantäne, [1e56312d324a60d62c838c123cc5fa06], 
PUP.Optional.Conduit.A, C:\Users\****\AppData\Local\Temp\nsr36D2.exe, In Quarantäne, [41331f3f0d6fc5716847128c5ca53dc3], 
PUP.Optional.SearchProtect.A, C:\Users\****\AppData\Local\Temp\nsbC64E.tmp, In Quarantäne, [baba0c526b11e74f606c1d8bd42dd729], 
PUP.Optional.Conduit.A, C:\Users\****\AppData\Local\Temp\nsbFDC4.exe, In Quarantäne, [db99342ad9a3f83e4669a8f64fb23cc4], 
PUP.Optional.Conduit.A, C:\Users\****\AppData\Local\Temp\nsgF9EC.exe, In Quarantäne, [c6ae4d111666082effb0ccd216eb43bd], 
PUP.Optional.ClientConnect, C:\Users\****\AppData\Local\Temp\schriftarten-fonts.png&SoftwareDescription=&setid=1, In Quarantäne, [1262a3bb394365d1634b8734c73ab749], 
PUP.Optional.SearchProtect.A, C:\Users\****\AppData\Local\SearchProtect\SearchProtect\rep\UserRepository.dat, In Quarantäne, [cfa5ea74d9a3f93d347de93fc043f30d], 
PUP.Optional.SearchProtect.A, C:\Users\****\AppData\Local\SearchProtect\SearchProtect\rep\UserSettings.dat, In Quarantäne, [cfa5ea74d9a3f93d347de93fc043f30d], 
PUP.Optional.SearchProtect.A, C:\Users\****\AppData\Local\SearchProtect\UI\rep\UIRepository.dat, In Quarantäne, [cfa5ea74d9a3f93d347de93fc043f30d], 

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)

Code:

ATTFilter

Problem signature:
  Problem Event Name:	StartupRepairOffline
  Problem Signature 01:	6.1.7600.16385
  Problem Signature 02:	6.1.7600.16385
  Problem Signature 03:	unknown
  Problem Signature 04:	21200291
  Problem Signature 05:	AutoFailover
  Problem Signature 06:	17
  Problem Signature 07:	CorruptFile
  OS Version:	6.1.7601.2.1.0.256.1
  Locale ID:	1033

Read our privacy statement online:
  hxxp://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0409

If the online privacy statement is not available, please read our privacy statement offline:
  X:\windows\system32\en-US\erofflps.txt

schrauber · 14.12.2014, 20:30

hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

ärztefan186 · 15.12.2014, 10:12

Hi, Programme lassen sich nicht ausführen, ich komme ja nicht mehr "richtig" in den PC rein, sondern nur über die Problemhilfe von Windows in dieses Fenster, in dem ich Dateien speichern kann.

schrauber · 15.12.2014, 20:19

hi,

Scan mit Farbar's Recovery Scan Tool (Recovery Mode - Windows Vista, 7, 8)

Hinweise für Windows 8-Nutzer: Anleitung 1 (FRST-Variante) und Anleitung 2 (zweiter Teil)

Downloade dir bitte die passende Version des Tools (im Zweifel beide) und speichere diese auf einen USB Stick: FRST 32-Bit | FRST 64-Bit

Schließe den USB Stick an das infizierte System an und boote das System in die System Reparatur Option.

Scanne jetzt nach der bebilderten Anleitung oder verwende die folgende Kurzanleitung:

Über den Boot Manager:

Starte den Rechner neu.

Während dem Hochfahren drücke mehrmals die F8 Taste

Wähle nun Computer reparieren.

Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Mit Windows CD/DVD (auch bei Windows 8 möglich):

Lege die Windows CD in dein Laufwerk.

Starte den Rechner neu und starte von der CD.

Wähle die Spracheinstellungen und klicke "Weiter".

Klicke auf Computerreparaturoptionen !

Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Wähle in den Reparaturoptionen: Eingabeaufforderung

Gib nun bitte notepad ein und drücke Enter.

Im öffnenden Textdokument: Datei > Speichern unter... und wähle Computer.
Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt, merke ihn dir.

Schließe Notepad wieder

Gib nun bitte folgenden Befehl ein.
e:\frst.exe bzw. e:\frst64.exe
Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks, den du dir gemerkt hast. Gegebenfalls anpassen.

Akzeptiere den Disclaimer mit Ja und klicke Untersuchen

Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier nach Möglichkeit in Code-Tags (Anleitung).

ärztefan186 · 15.12.2014, 21:43

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-12-2014 01
Ran by SYSTEM on MININT-60PJ4Q0 on 15-12-2014 21:38:29
Running from g:\
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery

The current controlset is ControlSet002
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MedionReminder] => C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe [443688 2011-05-25] (CyberLink)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-09-24] (Adobe Systems Incorporated)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2010-08-03] (CyberLink)
HKLM-x32\...\Run: [AVMWlanClient] => C:\Program Files (x86)\avmwlanstick\wlangui.exe [2105344 2010-10-21] (AVM Berlin)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073352 2012-06-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41336 2013-09-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840568 2013-09-03] (Adobe Systems Inc.)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
HKLM-x32\...\Run: [AVP] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe [356128 2013-10-10] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-01-20] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-04-30] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5225064 2014-12-03] (AVAST Software)
HKLM\...\RunOnce: [MedionReminder] => C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe [443688 2011-05-25] (CyberLink)
HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware  (cleanup)] => C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \mbamdor.exe [54072 2014-10-01] (Malwarebytes Corporation)
HKLM\...26dfa299cadb\InprocServer32: [Authentication UI Logon UI] authuitu.dll <==== ATTENTION!
HKU\Default\...\RunOnce: [HKCU] => C:\Windows\System32\oobe\info\HKCU.vbs [126 2009-11-12] ()
HKU\Default\...\RunOnce: [Screensaver] => C:\Windows\Web\Wallpaper\MEDION\start.vbs [129 2009-10-23] ()
HKU\Default User\...\RunOnce: [HKCU] => C:\Windows\System32\oobe\info\HKCU.vbs [126 2009-11-12] ()
HKU\Default User\...\RunOnce: [Screensaver] => C:\Windows\Web\Wallpaper\MEDION\start.vbs [129 2009-10-23] ()
HKU\***\...\Run: [AdobeBridge] => [X]
HKU\***\...\Policies\system: [LogonHoursAction] 2
HKU\***\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\UpdatusUser\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-12-24] (Google Inc.)
HKU\UpdatusUser\...\RunOnce: [HKCU] => C:\Windows\System32\oobe\info\HKCU.vbs [126 2009-11-12] ()
HKU\UpdatusUser\...\RunOnce: [Screensaver] => C:\Windows\Web\Wallpaper\MEDION\start.vbs [129 2009-10-23] ()
IFEO\tvdtray.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
GroupPolicyUsers\S-1-5-21-1129197167-488084488-3586192003-1001\User: Group Policy restriction detected <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-03] (AVAST Software)
S2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2010-10-21] (AVM Berlin)
S2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe [356128 2013-10-10] (Kaspersky Lab ZAO)
S2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
S2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S2 DokanMounter; C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe [14848 2011-01-10] ()
S2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-04-05] ()
S2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2123584 2011-12-14] (TuneUp Software)
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [759192 2013-09-02] (Tunngle.net GmbH)
S4 watchmi; C:\Program Files (x86)\watchmi\TvdService.exe [70144 2011-10-07] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-03] ()
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-03] ()
S1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-03] ()
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-03] ()
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-03] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-03] ()
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-12-03] ()
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-03] ()
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-21] (AVM Berlin)
S2 Dokan; C:\Windows\system32\drivers\dokan.sys [120408 2011-01-10] (Windows (R) Win 7 DDK provider)
S3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [460800 2010-10-21] (AVM GmbH)
S0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-12-11] (Kaspersky Lab ZAO)
S5 klflt; C:\Windows\System32\Drivers\klflt.sys [90208 2013-04-24] (Kaspersky Lab ZAO)
S1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [626272 2013-10-10] (Kaspersky Lab ZAO)
S1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-12-11] (Kaspersky Lab ZAO)
S3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-10-10] (Kaspersky Lab ZAO)
S3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-10] (Kaspersky Lab ZAO)
S1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-06-19] (Kaspersky Lab ZAO)
S1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-04-24] (Kaspersky Lab ZAO)
S0 mxeqhls; C:\Windows\System32\drivers\qshslr.sys [79064 2014-12-03] (Malwarebytes Corporation)
S3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-15] (Tunngle.net)
S3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [11856 2011-12-12] (TuneUp Software)
S0 nvpciflt; system32\DRIVERS\nvpciflt.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-03 08:00 - 2014-12-03 08:01 - 00000000 ____D () C:\Users\***\AppData\Local\{EAA51105-6EA1-45F5-B82D-4C494DAFFA61}
2014-12-03 07:55 - 2014-12-03 08:01 - 00000264 _____ () C:\Users\***\Desktop\Stud-Veranstaltungen.txt
2014-12-03 07:53 - 2014-12-03 07:53 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\qshslr.sys
2014-12-03 07:27 - 2014-12-03 07:27 - 00302704 _____ () C:\Windows\Minidump\120314-30108-01.dmp
2014-12-03 07:25 - 2014-12-03 07:25 - 01050432 _____ (AVAST Software) C:\Windows\System32\Drivers\aswsnx.sys
2014-12-03 07:25 - 2014-12-03 07:25 - 01050432 _____ () C:\Windows\System32\Drivers\aswsnx.sys.1417620355865
2014-12-03 07:25 - 2014-12-03 07:25 - 00436624 _____ () C:\Windows\System32\Drivers\aswSP.sys
2014-12-03 07:25 - 2014-12-03 07:25 - 00364512 _____ (AVAST Software) C:\Windows\System32\aswBoot.exe
2014-12-03 07:25 - 2014-12-03 07:25 - 00267632 _____ () C:\Windows\System32\Drivers\aswVmm.sys
2014-12-03 07:25 - 2014-12-03 07:25 - 00116728 _____ () C:\Windows\System32\Drivers\aswStm.sys
2014-12-03 07:25 - 2014-12-03 07:25 - 00093568 _____ () C:\Windows\System32\Drivers\aswRdr2.sys
2014-12-03 07:25 - 2014-12-03 07:25 - 00083280 _____ () C:\Windows\System32\Drivers\aswMonFlt.sys
2014-12-03 07:25 - 2014-12-03 07:25 - 00065776 _____ () C:\Windows\System32\Drivers\aswRvrt.sys
2014-12-03 07:25 - 2014-12-03 07:25 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-12-03 07:25 - 2014-12-03 07:25 - 00029208 _____ () C:\Windows\System32\Drivers\aswHwid.sys
2014-12-03 07:25 - 2014-12-03 07:25 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-12-03 07:20 - 2014-12-03 07:22 - 132469808 _____ (AVAST Software) C:\Users\***\Downloads\avast_free_antivirus_setup_10.2208.712.exe
2014-11-26 13:15 - 2014-11-26 13:15 - 00000000 ____D () C:\Users\***\AppData\Local\{A09C3B53-6020-4DE1-98CB-C04AB132DECF}
2014-11-24 14:05 - 2014-11-24 14:05 - 00000000 ____D () C:\Users\***\AppData\Local\{33E6E422-070A-4328-96D0-13F5F4D0C3FE}
2014-11-23 06:33 - 2014-11-23 06:33 - 00000000 ____D () C:\Users\***\AppData\Local\{ED1F8FF3-A755-40EA-88B5-EB60EA476730}
2014-11-21 10:31 - 2014-11-21 10:31 - 00000000 ____D () C:\Users\***\AppData\Local\Hola
2014-11-21 10:30 - 2014-11-21 10:30 - 00000000 ____D () C:\Users\***\AppData\Local\{6F828BA1-5B19-4494-B631-1130303A1871}
2014-11-19 14:15 - 2014-11-10 19:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2014-11-19 14:15 - 2014-11-10 19:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\System32\pku2u.dll
2014-11-19 14:15 - 2014-11-10 18:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-19 14:15 - 2014-11-10 18:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-18 05:55 - 2014-11-18 05:55 - 00000000 ____D () C:\Users\***\AppData\Local\{E99D9FAB-27F4-426C-9279-F89BF096288F}
2014-11-16 15:52 - 2014-11-16 15:52 - 00000000 __SHD () C:\Users\***\AppData\Local\EmieBrowserModeList
2014-11-16 07:20 - 2014-11-16 07:21 - 00000000 ____D () C:\Users\***\AppData\Local\{78B7BEA4-DDDE-4CCA-B807-6E52CC3BA3B4}
2014-11-16 04:59 - 2014-11-16 04:59 - 00000000 ____D () C:\Users\***\AppData\Local\{DC0FE71D-6782-44F1-AD88-82EFDB131F1B}

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-15 21:38 - 2014-01-03 02:51 - 00000000 ____D () C:\FRST
2014-12-03 08:01 - 2011-12-24 14:36 - 01478801 _____ () C:\Windows\WindowsUpdate.log
2014-12-03 07:53 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\PLA
2014-12-03 07:38 - 2009-07-13 20:45 - 00024800 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-03 07:38 - 2009-07-13 20:45 - 00024800 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-03 07:34 - 2011-05-16 06:04 - 00699432 _____ () C:\Windows\System32\perfh007.dat
2014-12-03 07:34 - 2011-05-16 06:04 - 00149572 _____ () C:\Windows\System32\perfc007.dat
2014-12-03 07:34 - 2009-07-13 21:13 - 01620684 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-12-03 07:33 - 2014-06-25 12:46 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2014-12-03 07:33 - 2014-06-25 12:46 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-12-03 07:33 - 2013-03-02 11:56 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-12-03 07:27 - 2013-06-15 17:54 - 600654259 _____ () C:\Windows\MEMORY.DMP
2014-12-03 07:27 - 2013-06-15 17:54 - 00000000 ____D () C:\Windows\Minidump
2014-12-03 07:27 - 2012-01-04 07:06 - 00252380 _____ () C:\Windows\PFRO.log
2014-12-03 07:27 - 2012-01-04 06:49 - 00234590 _____ () C:\Windows\setupact.log
2014-12-03 07:27 - 2011-09-05 14:24 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-12-03 07:27 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-03 07:25 - 2012-07-01 03:58 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-12-03 07:25 - 2012-07-01 03:58 - 00000000 ____D () C:\Program Files\AVAST Software
2014-12-03 07:12 - 2011-12-25 18:26 - 00000000 ____D () C:\Users\***\AppData\Local\Adobe
2014-12-03 07:02 - 2012-03-31 01:34 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-03 07:02 - 2011-08-10 11:09 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-01 13:36 - 2011-12-25 07:06 - 00000000 ____D () C:\Users\***\AppData\Roaming\Skype
2014-12-01 11:26 - 2011-12-25 07:06 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-11-26 11:22 - 2009-07-13 21:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-24 11:44 - 2013-06-12 08:34 - 00092160 ___SH () C:\Users\***\Thumbs.db
2014-11-16 16:20 - 2012-09-01 08:19 - 00000000 ____D () C:\Users\***\iTunes
2014-11-16 07:43 - 2011-12-25 07:06 - 00000000 ____D () C:\ProgramData\Skype
2014-11-15 04:56 - 2009-07-13 20:45 - 05104256 _____ () C:\Windows\System32\FNTCACHE.DAT
2014-11-15 04:53 - 2014-05-07 17:00 - 00000000 ___SD () C:\Windows\System32\CompatTel

Files to move or delete:
====================
C:\ProgramData\6033918.bat
C:\ProgramData\6033918.pad
C:\ProgramData\6033918.reg
C:\Users\Public\dcmsvcsetup.exe
C:\Users\Public\invokesi.exe


Some content of TEMP:
====================
C:\Users\***\AppData\Local\Temp\drm_dyndata_7410004.dll
C:\Users\***\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprpohrq.dll
C:\Users\***\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.5.432.exe
C:\Users\***\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.5.466.exe
C:\Users\***\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.5.487.exe
C:\Users\***\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.5.554.exe
C:\Users\***\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.5.575.exe
C:\Users\***\AppData\Local\Temp\SkypeSetup.exe


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points  =========================


==================== Memory info =========================== 

Percentage of memory in use: 16%
Total physical RAM: 4077.64 MB
Available physical RAM: 3401.68 MB
Total Pagefile: 4075.84 MB
Available Pagefile: 3395.23 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Drives ================================

Drive c: (Boot) (Fixed) (Total:1811.92 GB) (Free:489.95 GB) NTFS
Drive e: (Recover) (Fixed) (Total:50 GB) (Free:25.47 GB) NTFS
Drive f: (MDW7HP64S1) (CDROM) (Total:3.98 GB) (Free:0 GB) UDF
Drive g: (ZOE) (Removable) (Total:3.72 GB) (Free:3.37 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: () (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 2BD2C32A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1811.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=50 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)

========================================================
Disk: 1 (Size: 3.7 GB) (Disk ID: 2C155A2D)
Partition 1: (Not Active) - (Size=3.7 GB) - (Type=0B)


LastRegBack: 2014-11-25 08:26

==================== End Of Log ============================

--- --- ---

Super, danke für deine Ausdauer, mir das so genau zu erklären!

schrauber · 16.12.2014, 21:04

Drücke bitte die

+ R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

HKLM\...26dfa299cadb\InprocServer32: [Authentication UI Logon UI] authuitu.dll <==== ATTENTION!
GroupPolicyUsers\S-1-5-21-1129197167-488084488-3586192003-1001\User: Group Policy restriction detected <======= ATTENTION
C:\ProgramData\6033918.bat
C:\ProgramData\6033918.pad
C:\ProgramData\6033918.reg
C:\Users\Public\dcmsvcsetup.exe
C:\Users\Public\invokesi.exe
Emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem USB Stick.

Starte deinen Rechner erneut in die Reparaturoptionen
Starte nun die FRST.exe erneut und klicke den Entfernen Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.

Jetzt nochmal den normalen Modus versuchen.

ärztefan186 · 17.12.2014, 01:32

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-12-2014 01
Ran by SYSTEM at 2014-12-17 00:47:38 Run:1
Running from j:\
Boot Mode: Recovery
==============================================

Content of fixlist:
*****************
HKLM\...26dfa299cadb\InprocServer32: [Authentication UI Logon UI] authuitu.dll <==== ATTENTION!
GroupPolicyUsers\S-1-5-21-1129197167-488084488-3586192003-1001\User: Group Policy restriction detected <======= ATTENTION
C:\ProgramData\6033918.bat
C:\ProgramData\6033918.pad
C:\ProgramData\6033918.reg
C:\Users\Public\dcmsvcsetup.exe
C:\Users\Public\invokesi.exe
Emptytemp:
*****************

HKLM\Software\Classes\CLSID\{7986d495-ce42-4926-8afc-26dfa299cadb}\InprocServer32\\Default => Value was restored successfully.
C:\Windows\System32\GroupPolicyUsers\S-1-5-21-1129197167-488084488-3586192003-1001\User => Moved successfully.
C:\Windows\System32\GroupPolicy\GPT.ini => Moved successfully.
C:\ProgramData\6033918.bat => Moved successfully.
C:\ProgramData\6033918.pad => Moved successfully.
C:\ProgramData\6033918.reg => Moved successfully.
C:\Users\Public\dcmsvcsetup.exe => Moved successfully.
C:\Users\Public\invokesi.exe => Moved successfully.
Emptytemp: => Error: This directive works only outside recovery mode.

==== End of Fixlog ====

Hab's nochmals im normalen Modus probiert, aber es geht immer noch nicht. :/

schrauber · 17.12.2014, 20:27

Drücke bitte die

+ R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

LastRegBack: 2014-11-25 08:26

Speichere diese bitte als Fixlist.txt auf deinem USB Stick.

Starte deinen Rechner erneut in die Reparaturoptionen
Starte nun die FRST.exe erneut und klicke den Entfernen Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.

ärztefan186 · 18.12.2014, 11:37

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-12-2014 01
Ran by SYSTEM at 2014-12-18 11:33:40 Run:2
Running from j:\
Boot Mode: Recovery
==============================================

Content of fixlist:
*****************
LastRegBack: 2014-11-25 08:26
*****************

DEFAULT hive was successfully copied to System32\config\HiveBackup
DEFAULT hive was successfully restored from registry back up.
SAM hive was successfully copied to System32\config\HiveBackup
SAM hive was successfully restored from registry back up.
SECURITY hive was successfully copied to System32\config\HiveBackup
SECURITY hive was successfully restored from registry back up.
SOFTWARE hive was successfully copied to System32\config\HiveBackup
SOFTWARE hive was successfully restored from registry back up.
SYSTEM hive was successfully copied to System32\config\HiveBackup
SYSTEM hive was successfully restored from registry back up.

==== End of Fixlog ====

Er geht wieder!

Rein aus Interesse, kannst du mir sagen, woran es ungefähr lag bzw. was passiert ist?

schrauber · 18.12.2014, 21:15

Keinen Schimmer. Man könnte meinen es liegt an dem was MBAM entfernt hat, weil danach der Rechner nicht mehr ging. Aber im Log von MBAM steht dazu gar nix. Ich hab auch in den Logs nichts gesehen, deswegen haben wir ein Backp der Registry zurück gespielt.

Jetzt bitte vom Desktop aus:

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

ärztefan186 · 19.12.2014, 18:52

Okay, hier:

Frst.txt

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-12-2014
Ran by **** (administrator) on ****-PC on 19-12-2014 18:40:58
Running from C:\Users\****\Desktop
Loaded Profile: **** (Available profiles: UpdatusUser & ****)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanNetService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\CompatTel\wicainventory.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MedionReminder] => C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe [443688 2011-05-26] (CyberLink)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-09-25] (Adobe Systems Incorporated)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2010-08-03] (CyberLink)
HKLM-x32\...\Run: [AVMWlanClient] => C:\Program Files (x86)\avmwlanstick\wlangui.exe [2105344 2010-10-22] (AVM Berlin)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073352 2012-06-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41336 2013-09-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840568 2013-09-03] (Adobe Systems Inc.)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
HKLM-x32\...\Run: [AVP] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe [356128 2013-10-10] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-01-20] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.)
HKLM\...\RunOnce: [MedionReminder] => C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe [443688 2011-05-26] (CyberLink)
HKU\S-1-5-21-1129197167-488084488-3586192003-1002\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1129197167-488084488-3586192003-1002\...\MountPoints2: G - G:\LaunchU3.exe -a
HKU\S-1-5-21-1129197167-488084488-3586192003-1002\...\MountPoints2: {27df2026-6f7f-11e2-bfff-001a4f48a136} - J:\setup\rsrc\Autorun.exe
HKU\S-1-5-21-1129197167-488084488-3586192003-1002\...\MountPoints2: {762d96b1-aa79-11e2-b32c-8c89a57cd01b} - K:\ibs.exe
HKU\S-1-5-21-1129197167-488084488-3586192003-1002\...\MountPoints2: {dd71202c-2ef1-11e1-9ca8-742f68a87cfa} - F:\pushinst.exe
HKU\S-1-5-21-1129197167-488084488-3586192003-1002\...\MountPoints2: {e3987405-8ce7-11e3-b95c-8c89a57cd01b} - G:\LaunchU3.exe -a
HKU\S-1-5-21-1129197167-488084488-3586192003-1002\...\MountPoints2: {eba747cc-2ec1-11e1-90a0-806e6f6e6963} - E:\install.EXE id= ver=1.0.0.0
IFEO\tvdtray.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\watchmi tray.lnk
ShortcutTarget: watchmi tray.lnk -> C:\Windows\Installer\{409DC300-28AF-468F-9624-1F3309701881}\SHCT_TRAY_STARTUP_F1540F35F9254DF584F2487D88448402.exe (Acresso Software Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1129197167-488084488-3586192003-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-1129197167-488084488-3586192003-1002 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/DE/Core/Player/2020PlayerAX_IKEA_Win32.cab
Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\u02u633k.default
FF NewTab: 
FF SearchEngineOrder.1: 
FF SelectedSearchEngine: 
FF Homepage: about:blank
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll No File
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll No File
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/MycameraPlugin -> C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Extension: Hola Better Internet - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\u02u633k.default\Extensions\jid1-4P0kohSJxU1qGg@jetpack [2014-12-18]
FF Extension: DownloadHelper - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\u02u633k.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-11]
FF Extension: ProxTube - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\u02u633k.default\Extensions\ich@maltegoetz.de.xpi [2014-09-11]
FF Extension: ScrapBook - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\u02u633k.default\Extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}.xpi [2014-02-01]
FF Extension: Adblock Plus - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\u02u633k.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-08-04]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-12-18]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-12-18]
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [KavAntiBanner@Kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012-09-25]
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\url_advisor@kaspersky.com [2013-03-02]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\virtual_keyboard@kaspersky.com [2013-03-02]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\content_blocker@kaspersky.com
FF Extension: Content Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\content_blocker@kaspersky.com [2013-03-02]

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\ChromeExt\urladvisor.crx [2012-10-25]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\ChromeExt\content_blocker_chrome.crx [2012-10-25]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\ChromeExt\virtkbd.crx [2012-10-25]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin) [File not signed]
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe [356128 2013-10-10] (Kaspersky Lab ZAO)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 DokanMounter; C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe [14848 2011-01-10] () [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-04-05] ()
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2123584 2011-12-14] (TuneUp Software)
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [759192 2013-09-03] (Tunngle.net GmbH) [File not signed]
S4 watchmi; C:\Program Files (x86)\watchmi\TvdService.exe [70144 2011-10-07] () [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-22] (AVM Berlin)
R2 Dokan; C:\Windows\system32\drivers\dokan.sys [120408 2011-01-10] (Windows (R) Win 7 DDK provider)
S3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [460800 2010-10-22] (AVM GmbH)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-12-11] (Kaspersky Lab ZAO)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [90208 2013-04-24] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [626272 2013-10-10] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-12-11] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-10-10] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-10] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-06-19] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-04-24] (Kaspersky Lab ZAO)
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [11856 2011-12-12] (TuneUp Software)
S0 nvpciflt; system32\DRIVERS\nvpciflt.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-19 18:40 - 2014-12-19 18:43 - 00023593 _____ () C:\Users\****\Desktop\FRST.txt
2014-12-19 18:40 - 2014-12-19 18:40 - 00000000 ____D () C:\Users\****\Desktop\FRST-OlderVersion
2014-12-19 18:39 - 2014-12-19 18:40 - 00000000 ____D () C:\120c9547d0d0c510a8184f
2014-12-18 20:33 - 2014-12-18 20:33 - 00000000 ____D () C:\Windows\system32\config\HiveBackup
2014-12-18 19:49 - 2014-12-18 19:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-18 12:14 - 2014-12-18 12:14 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-18 12:09 - 2014-10-18 03:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-18 12:09 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-18 12:09 - 2014-07-07 03:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-12-18 12:09 - 2014-07-07 03:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-12-18 12:09 - 2014-07-07 03:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-12-18 12:09 - 2014-07-07 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-12-18 12:09 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-12-18 12:09 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-12-18 12:09 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-12-18 12:09 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-12-18 12:04 - 2014-12-18 12:04 - 00000000 ____D () C:\Users\****\AppData\Local\{DC715D00-6F48-49A6-8080-612A29481D73}
2014-12-18 11:54 - 2014-12-04 03:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-18 11:54 - 2014-12-04 03:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-18 11:54 - 2014-12-04 03:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-18 11:54 - 2014-12-04 03:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-18 11:54 - 2014-12-04 03:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-18 11:54 - 2014-12-04 03:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-18 11:54 - 2014-12-04 03:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-18 11:54 - 2014-12-02 00:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-18 11:54 - 2014-11-27 02:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-18 11:54 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-18 11:54 - 2014-11-22 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-18 11:54 - 2014-11-22 04:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-18 11:54 - 2014-11-22 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-18 11:54 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-18 11:54 - 2014-11-22 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-18 11:54 - 2014-11-22 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-18 11:54 - 2014-11-22 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-18 11:54 - 2014-11-22 03:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-18 11:54 - 2014-11-22 03:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-18 11:54 - 2014-11-22 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-18 11:54 - 2014-11-22 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-18 11:54 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-18 11:54 - 2014-11-22 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-18 11:54 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-18 11:54 - 2014-11-22 03:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-18 11:54 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-18 11:54 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-18 11:54 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-18 11:54 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-18 11:54 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-18 11:54 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-18 11:54 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-18 11:54 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-18 11:54 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-18 11:54 - 2014-11-22 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-18 11:54 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-18 11:54 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-18 11:54 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-18 11:54 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-18 11:54 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-18 11:54 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-18 11:54 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-18 11:54 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-18 11:54 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-18 11:54 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-18 11:54 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-18 11:54 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-18 11:54 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-18 11:54 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-18 11:54 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-18 11:54 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-18 11:54 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-18 11:54 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-18 11:54 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-18 11:54 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-18 11:54 - 2014-11-11 04:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-18 11:54 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-18 11:54 - 2014-11-11 02:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-18 11:53 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-18 11:53 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-18 11:53 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-18 11:53 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-18 11:53 - 2014-11-22 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-18 11:53 - 2014-11-22 03:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-18 11:53 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-18 11:53 - 2014-11-22 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-18 11:53 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-18 11:52 - 2014-11-08 04:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-18 11:52 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-18 11:52 - 2014-10-30 03:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-18 11:52 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-18 11:52 - 2014-10-03 03:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-18 11:52 - 2014-10-03 03:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-18 11:52 - 2014-10-03 03:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-18 11:52 - 2014-10-03 03:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-18 11:52 - 2014-10-03 03:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-18 11:52 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-18 11:52 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-18 11:52 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-18 11:52 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-18 11:52 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2014-12-03 17:00 - 2014-12-03 17:01 - 00000000 ____D () C:\Users\****\AppData\Local\{EAA51105-6EA1-45F5-B82D-4C494DAFFA61}
2014-12-03 16:55 - 2014-12-03 17:01 - 00000264 _____ () C:\Users\****\Desktop\Stud-Veranstaltungen.txt
2014-12-03 16:53 - 2014-12-03 16:53 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\qshslr.sys
2014-12-03 16:27 - 2014-12-03 16:27 - 00302704 _____ () C:\Windows\Minidump\120314-30108-01.dmp
2014-12-03 16:25 - 2014-12-03 16:25 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-12-03 16:25 - 2014-12-03 16:25 - 01050432 _____ () C:\Windows\system32\Drivers\aswsnx.sys.1417620355865
2014-12-03 16:25 - 2014-12-03 16:25 - 00436624 _____ () C:\Windows\system32\Drivers\aswSP.sys
2014-12-03 16:25 - 2014-12-03 16:25 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-12-03 16:25 - 2014-12-03 16:25 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-12-03 16:25 - 2014-12-03 16:25 - 00116728 _____ () C:\Windows\system32\Drivers\aswStm.sys
2014-12-03 16:25 - 2014-12-03 16:25 - 00093568 _____ () C:\Windows\system32\Drivers\aswRdr2.sys
2014-12-03 16:25 - 2014-12-03 16:25 - 00083280 _____ () C:\Windows\system32\Drivers\aswMonFlt.sys
2014-12-03 16:25 - 2014-12-03 16:25 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-12-03 16:25 - 2014-12-03 16:25 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-12-03 16:25 - 2014-12-03 16:25 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-12-03 16:25 - 2014-12-03 16:25 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-12-03 16:20 - 2014-12-03 16:22 - 132469808 _____ (AVAST Software) C:\Users\****\Downloads\avast_free_antivirus_setup_10.2208.712.exe
2014-11-26 22:15 - 2014-11-26 22:15 - 00000000 ____D () C:\Users\****\AppData\Local\{A09C3B53-6020-4DE1-98CB-C04AB132DECF}
2014-11-24 23:05 - 2014-11-24 23:05 - 00000000 ____D () C:\Users\****\AppData\Local\{33E6E422-070A-4328-96D0-13F5F4D0C3FE}
2014-11-23 15:33 - 2014-11-23 15:33 - 00000000 ____D () C:\Users\****\AppData\Local\{ED1F8FF3-A755-40EA-88B5-EB60EA476730}
2014-11-21 19:31 - 2014-11-21 19:31 - 00000000 ____D () C:\Users\****\AppData\Local\Hola
2014-11-21 19:30 - 2014-11-21 19:30 - 00000000 ____D () C:\Users\****\AppData\Local\{6F828BA1-5B19-4494-B631-1130303A1871}
2014-11-19 23:15 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-19 23:15 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-19 23:15 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-19 23:15 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-19 18:41 - 2014-01-03 11:51 - 00000000 ____D () C:\FRST
2014-12-19 18:41 - 2011-12-24 23:36 - 02032463 _____ () C:\Windows\WindowsUpdate.log
2014-12-19 18:40 - 2014-01-03 11:50 - 02121216 _____ (Farbar) C:\Users\****\Desktop\FRST64.exe
2014-12-19 18:40 - 2009-07-14 05:45 - 00024800 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-19 18:40 - 2009-07-14 05:45 - 00024800 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-19 18:39 - 2011-12-26 03:26 - 00000000 ____D () C:\Users\****\AppData\Local\Adobe
2014-12-19 18:35 - 2011-05-16 15:04 - 00699432 _____ () C:\Windows\system32\perfh007.dat
2014-12-19 18:35 - 2011-05-16 15:04 - 00149572 _____ () C:\Windows\system32\perfc007.dat
2014-12-19 18:35 - 2009-07-14 06:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-19 18:32 - 2013-03-02 20:56 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-12-19 18:31 - 2012-07-02 15:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-19 18:29 - 2012-01-04 15:49 - 00234758 _____ () C:\Windows\setupact.log
2014-12-19 18:29 - 2011-09-05 23:24 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-12-19 18:29 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-18 20:10 - 2011-12-25 16:06 - 00000000 ____D () C:\Users\****\AppData\Roaming\Skype
2014-12-18 12:14 - 2014-05-08 02:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-18 12:14 - 2013-08-20 16:02 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-18 12:14 - 2012-01-04 03:41 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-18 12:14 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-18 12:14 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat
2014-12-18 12:10 - 2011-07-18 21:31 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-18 11:36 - 2011-12-25 16:06 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-12-18 11:35 - 2012-04-04 23:18 - 00000008 __RSH () C:\Users\****\ntuser.pol
2014-12-18 11:35 - 2011-12-24 23:42 - 00000000 ____D () C:\Users\****
2014-12-17 09:47 - 2009-07-14 04:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-12-03 16:53 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PLA
2014-12-03 16:33 - 2014-06-25 21:46 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-03 16:33 - 2014-06-25 21:46 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-12-03 16:27 - 2013-06-16 02:54 - 600654259 _____ () C:\Windows\MEMORY.DMP
2014-12-03 16:27 - 2013-06-16 02:54 - 00000000 ____D () C:\Windows\Minidump
2014-12-03 16:27 - 2012-01-04 16:06 - 00252380 _____ () C:\Windows\PFRO.log
2014-12-03 16:25 - 2012-07-01 12:58 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-12-03 16:25 - 2012-07-01 12:58 - 00000000 ____D () C:\Program Files\AVAST Software
2014-12-03 16:02 - 2012-03-31 10:34 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-03 16:02 - 2011-08-10 20:09 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-26 20:22 - 2009-07-14 06:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-24 20:44 - 2013-06-12 17:34 - 00092160 ___SH () C:\Users\****\Thumbs.db
2014-11-24 14:04 - 2010-11-21 04:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

Some content of TEMP:
====================
C:\Users\****\AppData\Local\Temp\drm_dyndata_7410004.dll
C:\Users\****\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprpohrq.dll
C:\Users\****\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.5.432.exe
C:\Users\****\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.5.466.exe
C:\Users\****\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.5.487.exe
C:\Users\****\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.5.554.exe
C:\Users\****\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.5.575.exe
C:\Users\****\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.5.806.exe
C:\Users\****\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.5.855.exe
C:\Users\****\AppData\Local\Temp\SkypeSetup.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-25 17:26

==================== End Of Log ============================

--- --- ---

Addition.txt:
FRST Additions Logfile:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-12-2014
Ran by **** at 2014-12-19 18:46:02
Running from C:\Users\****\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Anti-Virus (Enabled - Out of date) {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
AS: Kaspersky Anti-Virus (Enabled - Up to date) {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

05 (HKLM-x32\...\NintendoVIP) (Version:  - )
ActiveX-kontroll för fjärranslutningar för Windows Live Mesh (HKLM-x32\...\{376D59B1-42D9-4FA2-B6CC-E346B6BE14F5}) (Version: 15.4.5722.2 - Microsoft Corporation)
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.8 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.4.0.2540 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.2 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.4.402.287 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.9.900.117 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Reader X (10.1.3) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.3 - Adobe Systems Incorporated)
Adobe Reader X (10.1.8) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.8 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.1.629 - Adobe Systems, Inc.)
AI War: Fleet Command (HKLM-x32\...\Steam App 40400) (Version:  - Arcen Games)
AION Free-To-Play (HKLM-x32\...\InstallShield_{6A9EF6CF-7630-4E33-AE22-7D70F3AF4B05}) (Version: 2.70.0000 - Gameforge)
AION Free-To-Play (x32 Version: 2.70.0000 - Gameforge) Hidden
AIX-V2_mappack_ITHH (HKLM-x32\...\AIX-V2_mappack_ITHH) (Version:  - )
Allied Intent Xtended 2.0 (HKLM-x32\...\Allied Intent Xtended) (Version: 2.0 - AIX Community)
Apple Application Support (HKLM-x32\...\{A922C4B7-50E0-4787-A94C-59DBF3C65DBE}) (Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FE86CB0C-FCB3-4358-B4B0-B0A41E33B3DD}) (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ashampoo Burning Studio (HKLM-x32\...\Ashampoo Burning Studio_is1) (Version: 10.0.10 - Ashampoo GmbH & Co. KG)
Ashampoo Photo Commander (HKLM-x32\...\Ashampoo Photo Commander_is1) (Version: 9.2.0 - Ashampoo GmbH & Co. KG)
Ashampoo Photo Optimizer (HKLM-x32\...\Ashampoo Photo Optimizer_is1) (Version: 4.0.0 - Ashampoo GmbH & Co. KG)
Ashampoo Snap (HKLM-x32\...\Ashampoo Snap_is1) (Version: 4.3.0 - Ashampoo GmbH & Co. KG)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.12.5.0 - Asmedia Technology)
Assassin's Creed (HKLM-x32\...\{8CFA9151-6404-409A-AF22-4632D04582FD}) (Version: 1.02 - Ubisoft)
Atom Zombie Smasher  (HKLM-x32\...\Steam App 55040) (Version:  - )
Audiosurf (HKLM-x32\...\Steam App 12900) (Version:  - BestGameEver)
AVM FRITZ!Box Dokumentation (HKLM-x32\...\AVMFBox) (Version:  - AVM Berlin)
AVM FRITZ!Box Druckeranschluss (HKLM-x32\...\AVMFBoxPrinter) (Version:  - AVM Berlin)
AVM FRITZ!WLAN (HKLM-x32\...\AVMWLANCLI) (Version:  - AVM Berlin)
Awesomenauts (HKLM-x32\...\Steam App 204300) (Version:  - )
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CANON iMAGE GATEWAY MyCamera Download Plugin (HKLM-x32\...\MyCamera Download Plugin) (Version: 3.1.1.2 - Canon Inc.)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM-x32\...\CANON iMAGE GATEWAY Task) (Version: 1.9.0.9 - Canon Inc.)
Canon MOV Decoder (HKLM-x32\...\Canon MOV Decoder) (Version: 1.8.0.7 - Canon Inc.)
Canon MOV Encoder (HKLM-x32\...\Canon MOV Encoder) (Version: 1.6.0.1 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 3.7.0.4 - Canon Inc.)
Canon Utilities Digital Photo Professional 3.10 (HKLM-x32\...\DPP) (Version: 3.10.2.0 - Canon Inc.)
Canon Utilities EOS Sample Music (HKLM-x32\...\EOS Sample Music) (Version: 1.0.0.204 - Canon Inc.)
Canon Utilities EOS Utility (HKLM-x32\...\EOS Utility) (Version: 2.10.2.0 - Canon Inc.)
Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX (HKLM-x32\...\EOS Video Snapshot Task) (Version: 1.0.0.10 - Canon Inc.)
Canon Utilities Movie Uploader for YouTube (HKLM-x32\...\MovieUploaderForYouTube) (Version: 1.2.0.7 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.)
Canon Utilities Picture Style Editor (HKLM-x32\...\Picture Style Editor) (Version: 1.9.0.0 - Canon Inc.)
Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.7.0.24 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.5.0.9 - Canon Inc.)
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (HKLM-x32\...\{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}) (Version: 15.4.5722.2 - Microsoft Corporation)
Corel Graphics - Windows Shell Extension (HKLM-x32\...\_{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}) (Version: 15.2.0.686 - Corel Corporation)
Corel Graphics - Windows Shell Extension (x32 Version: 15.2.686 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension 64 Bit (Version: 15.2.686 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Common (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Connect (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Custom Data (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - DE (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Draw (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - EN (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - ES (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Extra Content (HKLM-x32\...\_{5A10CFDA-FA2B-453C-B561-AE864E62EAC8}) (Version:  - Corel Corporation)
CorelDRAW Essentials X5 - Extra Content (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Filters (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - FR (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - IPM (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - IT (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - PHOTO-PAINT (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Redist (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Setup Files (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - WT (x32 Version: 15.3 -  Corel Corporation) Hidden
CorelDRAW Essentials X5 (HKLM-x32\...\_{EDBEBF07-F880-48FB-9AA5-0E8E71E02D83}) (Version: 15.2.0.686 - Corel Corporation)
CorelDRAW Essentials X5 (x32 Version: 15.3 - Corel Corporation) Hidden
Counter-Strike: Source v17 (HKLM-x32\...\Counter-Strike: Source v17) (Version:  - )
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3418 - CyberLink Corp.)
CyberLink MediaEspresso (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.1817_38674 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 7.0.0.1327 - CyberLink Corp.)
CyberLink PowerDVD Copy (HKLM-x32\...\InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}) (Version: 1.5.1306 - CyberLink Corp.)
CyberLink PowerRecover (HKLM-x32\...\InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.5.4125 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
dcmsvc 1.0 (HKLM-x32\...\dcmsvc_is1) (Version:  - )
Death Rally (HKLM-x32\...\Steam App 108700) (Version:  - )
Dokan Library 0.6.0 (HKLM-x32\...\DokanLibrary) (Version:  - )
Duden Rechtschreibtrainer (HKLM-x32\...\{BB550FD8-1DD8-412A-8BEE-659122E6115F}) (Version: 2.0.0 - Bibliographisches Institut GmbH, Mannheim)
Duden-Bibliothek (HKLM-x32\...\{5C81B189-5456-40C4-9313-7FE6FA6DD64C}) (Version: 5.1.0 - Bibliographisches Institut GmbH)
Duty Calls (HKLM-x32\...\{0AEB967F-1D12-43C8-A59C-D93DA8EE4A4E}) (Version: 1.00.0000 - Duty Calls)
DVDFab 6.2.1.8 (31/12/2009) (HKLM-x32\...\DVDFab 6_is1) (Version:  - Fengtao Software Inc.)
FileZilla Client 3.7.3 (HKU\S-1-5-21-1129197167-488084488-3586192003-1002\...\FileZilla Client) (Version: 3.7.3 - Tim Kosse)
Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych (HKLM-x32\...\{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}) (Version: 15.4.5722.2 - Microsoft Corporation)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Free Studio version 5.3.3 (HKLM-x32\...\Free Studio_is1) (Version:  - DVDVideoSoft Ltd.)
Free Video Call Recorder for Skype version 1.1.0.319 (HKLM-x32\...\Free Video Call Recorder for Skype_is1) (Version: 1.1.0.319 - DVDVideoSoft Ltd.)
Free YouTube Download version 3.2.18.1128 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.18.1128 - DVDVideoSoft Ltd.)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
GIMP 2.6.8 (HKLM\...\WinGimp-2.0_is1) (Version:  - )
GoHa.RU World of Tanks skins (HKLM-x32\...\GohaRUWotSkins) (Version:  - )
Google Earth (HKLM-x32\...\{28E82311-8616-11E1-BEB0-B8AC6F97B88E}) (Version: 6.2.2.6613 - Google)
Google SketchUp 8 (HKLM-x32\...\{5E2ABE05-B7AD-4D77-8A19-BDA0E4302190}) (Version: 3.0.11762 - Google, Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.3.2710.138 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.21.111 - Google Inc.) Hidden
GPGNet (HKLM-x32\...\{C194D333-B84A-4BB7-B35E-060732D98DC4}) (Version: 1.0.0 - Gas Powered Games)
Hamachi 1.0.3.0 (HKLM-x32\...\Hamachi) (Version:  - )
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.5.0.1026 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.32 - Irfan Skiljan)
Iron Sky Invasion DEMO (HKLM-x32\...\Iron Sky Invasion DEMO) (Version: 1.2.0.0 - Reality Pump)
iTunes (HKLM\...\{0D924CB2-2EA4-4044-BAF7-770202D6BD0D}) (Version: 11.1.4.62 - Apple Inc.)
Java(TM) 7 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417000FF}) (Version: 7.0.0 - Oracle)
Java(TM) 7 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217000FF}) (Version: 7.0.0 - Oracle)
jazz  Screen Saver (HKLM-x32\...\jazz) (Version:  - )
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kaspersky Anti-Virus 2013 (HKLM-x32\...\InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}) (Version: 13.0.1.4190 - Kaspersky Lab)
Kaspersky Anti-Virus 2013 (x32 Version: 13.0.1.4190 - Kaspersky Lab) Hidden
Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave (HKLM-x32\...\{CA227A9D-09BE-4BFB-9764-48FED2DA5454}) (Version: 15.4.5722.2 - Microsoft Corporation)
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
LEGO Star Wars (HKLM-x32\...\InstallShield_{E914A24F-2412-4374-B420-86D21D6D444A}) (Version: 1.00.0000 - Ihr Firmenname)
LEGO Star Wars (x32 Version: 1.00.0000 - Ihr Firmenname) Hidden
LEGO Star Wars II (HKLM-x32\...\InstallShield_{578FA426-47C0-4A3F-98A4-01ACD26B7556}) (Version: 1.00.0000 - LucasArts)
LEGO Star Wars II (x32 Version: 1.00.0000 - LucasArts) Hidden
LEGO® Indiana Jones™ (HKLM-x32\...\InstallShield_{A14C40E7-F7E5-498D-B8BD-A3EAE942EED0}) (Version: 1.00.0000 - LucasArts)
LEGO® Indiana Jones™ (x32 Version: 1.00.0000 - LucasArts) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MarioKart Screen Saver (HKLM-x32\...\MarioKart) (Version:  - )
Mathematik interaktiv (HKLM-x32\...\{D794373D-4197-4F77-AB73-5404A005E043}) (Version: 1.00.0000 - Bildungshaus Schulbuchverlage Westermann Schroedel Diesterweg Schöningh Winklers GmbH)
Medion Home Cinema (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2926 - CyberLink Corp.)
Medion Home Cinema (x32 Version: 8.0.2926 - CyberLink Corp.) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2000 Premium (HKLM-x32\...\{00000407-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2816 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package (HKLM-x32\...\Microsoft Visual J# 2.0 Redistributable Package) (Version:  - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
myMugle (HKLM-x32\...\myMugle3.0.0.0) (Version: 3.0.0.0 - Computer Business Solutions)
NC Launcher (GameForge) (HKLM-x32\...\NCLauncher_GameForge) (Version:  - NCsoft)
Netscape Navigator (9.0.0.6) (HKLM-x32\...\Netscape Navigator (9.0.0.6)) (Version: 9.0.0.6 (en-US) - Netscape)
Nintendo Desktop Manager (HKLM-x32\...\Nintendo Desktop Manager) (Version:  - )
NVIDIA 3D Vision Controller-Treiber 310.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 310.70 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Grafiktreiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
pängpong  Screen Saver (HKLM-x32\...\pängpong) (Version:  - )
PanoramaStudio 2.3 ((deinstallieren)) (HKLM\...\PanoramaStudio2) (Version:  - )
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
Phase 5 HTML-Editor (HKLM-x32\...\{20B1B020-DEAE-48D1-9960-D4C3185D758B}) (Version: 5.6.2.3 - Systemberatung Schommer)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
PokemonColosseum.Screensaver (HKLM-x32\...\PokemonColosseum.Screensaver.scr) (Version:  - )
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6368 - Realtek Semiconductor Corp.)
Resonance (HKLM-x32\...\Steam App 212050) (Version:  - )
Roll (HKLM-x32\...\RollerCoaster Tycoon Setup) (Version:  - )
RollerCoaster Tycoon 2 (HKLM-x32\...\{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}) (Version:  - )
Sanctum (HKLM-x32\...\Steam App 91600) (Version:  - )
SDFormatter (HKLM-x32\...\{A5355F15-F98B-4704-9BAE-E53B9FE48F48}) (Version: 3.1.0 - SD Association)
SharpKeys (HKLM-x32\...\{636E94DA-99C0-448F-A931-3DAD83B4975F}) (Version: 3.5.0000 - RandyRants.com)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
Smokin Guns (HKLM-x32\...\{88FB76D1-DE67-4646-95B4-A22E38C35D01}) (Version: 1.00.0000 - Smokin Guns)
Spelling Dictionaries Support For Adobe Reader X (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-A00000000004}) (Version: 10.0.0 - Adobe Systems Incorporated)
Split/Second (HKLM-x32\...\{28526951-55EF-4901-A0CA-B9AC966D1DD1}) (Version: 1.00.0000 - Disney Interactive Studios)
Star Ruler (HKLM-x32\...\Steam App 70900) (Version:  - Blind Mind Studios)
Star Wars Battlefront II (HKLM-x32\...\{3D374523-CFDE-461A-827E-2A102E2AB365}) (Version: 1.0 - LucasArts)
Star Wars Empire at War (HKLM-x32\...\{99AE7207-8612-4DBA-A8F8-BAE5C633390D}) (Version: 1.0 - LucasArts)
Star Wars Empire at War Forces of Corruption (HKLM-x32\...\{6592FDEC-2C1A-413A-9985-25FEC2F0848D}) (Version: 1.0 - LucasArts)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Stellarium 0.11.4 (HKLM\...\Stellarium_is1) (Version: 0.11.4 - Stellarium team)
Supreme Commander - Forged Alliance (HKLM-x32\...\{31D95937-B237-405D-920C-A3EF4E482395}) (Version: 1.00.0000 - Gas Powered Games)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamSpeak 3 Client (HKU\S-1-5-21-1129197167-488084488-3586192003-1002\...\TeamSpeak 3 Client) (Version: 3.0.13.1 - TeamSpeak Systems GmbH)
Titan Quest (HKLM-x32\...\{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}) (Version: 1.00.0000 - Iron Lore)
Titan Quest Immortal Throne (HKLM-x32\...\{B5C5C17E-FEF6-4062-8151-A427AE8AF9D7}) (Version: 1.00.0000 - Iron Lore)
TmNationsForever (HKLM-x32\...\TmNationsForever_is1) (Version:  - Nadeo)
TP-LINK TL-WN821N_WN822N Driver (HKLM-x32\...\{62FE0726-9652-4CD2-9F09-C769D8699C21}) (Version: 1.2.1 - TP-LINK)
TP-LINK Wireless Configuration Utility (HKLM-x32\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 1.2.1 - TP-LINK)
TuneUp Utilities 2012 (HKLM-x32\...\TuneUp Utilities 2012) (Version: 12.0.2160.11 - TuneUp Software)
TuneUp Utilities 2012 (x32 Version: 12.0.2160.11 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (de-DE) (x32 Version: 12.0.2160.11 - TuneUp Software) Hidden
Tunngle beta (HKLM-x32\...\Tunngle beta_is1) (Version:  - Tunngle.net GmbH)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi (HKLM-x32\...\{241E7104-937A-4366-AD57-8FDDDB003939}) (Version: 15.4.5722.2 - Microsoft Corporation)
Vektoris3D 2.0 (HKLM-x32\...\8458-4195-6614-3708) (Version:  - kapieren.de)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version:  - Elaborate Bytes)
VLC media player 1.1.11 (HKLM-x32\...\VLC media player) (Version: 1.1.11 - VideoLAN)
VVVVVV (HKLM-x32\...\Steam App 70300) (Version:  - )
Warner Bros. Digital Copy Manager (HKLM-x32\...\com.warnerbros.DigitalCopyManager.449F66ACC381FDC604DC2AA255FEECEEBBBEE1E5.1) (Version: 1.70 - Warner Bros. Entertainment Inc.)
Warner Bros. Digital Copy Manager (x32 Version: 1.70 - Warner Bros. Entertainment Inc.) Hidden
watchmi (HKLM-x32\...\{409DC300-28AF-468F-9624-1F3309701881}) (Version: 2.7.0 - Axel Springer Digital TV Guide GmbH)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger (HKLM-x32\...\{09B7C7EB-3140-4B5E-842F-9C79A7137139}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-objekt til fjernforbindelser (HKLM-x32\...\{57220148-3B2B-412A-A2E0-82B9DF423696}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz (HKLM-x32\...\{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Meshin etäyhteyksien ActiveX-komponentti (HKLM-x32\...\{4CF6F287-5121-483C-A5A2-07BDE19D8B4E}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Mobile-Gerätecenter (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Wolfschanze II (1.0) (HKLM-x32\...\Wolfschanze II_is1) (Version:  - City Interactive)
World of Tanks - Common Test (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812CT}_is1) (Version:  - Wargaming.net)
World of Tanks (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1) (Version:  - Wargaming.net)
World of Warplanes (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C813}_is1) (Version:  - Wargaming.net)
Worms Revolution (HKLM-x32\...\Steam App 200170) (Version:  - Team17 Digital Ltd.)
Worms World Party (HKLM-x32\...\{9A200E68-D5F4-4E70-910F-2871753A0E2B}) (Version:  - )
Xfire (remove only) (HKLM-x32\...\Xfire) (Version:  - )
Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις (HKLM-x32\...\{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1129197167-488084488-3586192003-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\****\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File

==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0F05656D-F385-4C22-9C54-4BD093C01E7F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {1101D87C-EE02-443E-9FA8-D4A5DBE89B58} - System32\Tasks\{DF87441B-901A-4C9C-BEE8-8E1740E8DCC3} => pcalua.exe -a C:\Users\****\Documents\Nintendo\Sessel.exe -d C:\Users\****\Documents\Nintendo
Task: {1EC898E4-3BCD-456C-9A1D-699582148F54} - System32\Tasks\{102CA60F-A628-48AA-8C6E-6D66D1610113} => pcalua.exe -a C:\Users\****\Downloads\paengpong_setup.exe(1)\pÑngpong_setup.exe -d C:\Users\****\Downloads\paengpong_setup.exe(1)
Task: {417760B4-88A4-4D55-85E5-B2A34D7AC74D} - System32\Tasks\{D9063DDC-A72F-41C1-AE2F-BD67CEFAA25D} => pcalua.exe -a E:\FSetup.exe -d E:\
Task: {46C520AD-60CF-454F-BE0D-CA6D8A232D97} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2012 => C:\Program Files (x86)\TuneUp Utilities 2012\OneClick.exe [2011-12-14] (TuneUp Software)
Task: {4FA55A0B-BC99-438A-8565-5AA7C2CC7B4B} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04] (Adobe Systems Incorporated)
Task: {6BBCFEEF-06E2-447A-AAFD-62B61BA4E191} - System32\Tasks\{0CF9AD93-4FD2-4524-96C7-F7021D4B9B41} => pcalua.exe -a E:\autorun.exe -d E:\
Task: {7F5E0D71-8580-43C8-A53B-0FE7FFFA8F4A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-24] (Google Inc.)
Task: {85574A21-3EC5-4A06-B0F9-23C5E0577F70} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-24] (Google Inc.)
Task: {89EA375A-E418-4F16-B52A-4D68C4F2E356} - System32\Tasks\{9FC752EA-8051-4540-9DCF-9B6C18DAD82F} => pcalua.exe -a C:\Users\****\Downloads\pbsetup\pbsetup.exe -d C:\Users\****\Downloads\pbsetup
Task: {965613A8-82D5-4705-91AB-29657F9F6922} - System32\Tasks\{26680CC7-F8FD-49E8-8B7D-4ADDF52C0CE5} => pcalua.exe -a C:\Users\****\Documents\Nintendo\Kühlschrank.exe -d C:\Users\****\Documents\Nintendo
Task: {9C61A87B-8CEB-472B-BA16-2398F7339E03} - System32\Tasks\AdobeAAMUpdater-1.0-****-PC-**** => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-09-25] (Adobe Systems Incorporated)
Task: {D0252891-AC54-43BD-B4C4-84F6D8A4E9B9} - System32\Tasks\{DE306357-54F1-41CD-8157-E2F1570B3414} => pcalua.exe -a C:\Users\****\Downloads\paengpong_setup.exe\pÑngpong_setup.exe -d C:\Users\****\Downloads\paengpong_setup.exe
Task: {D3FF9BC7-927C-44C2-94FE-57BE2EB942BB} - System32\Tasks\{D3EB13DB-BF86-4F38-8EB5-929F23E959DE} => pcalua.exe -a E:\setup.exe -d E:\
Task: {DFDEACA2-88A3-4777-B75A-3CAB07117821} - \BrowserDefendert No Task File <==== ATTENTION
Task: {E00AE1B3-FAF1-4095-A15E-AF1F8B26A2F2} - System32\Tasks\{A4CCCFAF-9061-4D8B-8E79-8BB64065EEA6} => pcalua.exe -a C:\Users\****\Documents\Nintendo\Aquarium.exe -d C:\Users\****\Documents\Nintendo
Task: {E5CF2C72-E541-47FE-A19D-24AB68A93C97} - System32\Tasks\{C8742CD0-2F83-4D15-87D4-964D1620FEFD} => pcalua.exe -a F:\Skyrim\installer\install.exe -d F:\Skyrim\installer
Task: {E8AF4C47-E6E2-4F92-A965-F282D52F63A9} - System32\Tasks\{33CE28B8-0475-4A56-8977-D29EEE9650E0} => pcalua.exe -a C:\Users\****\Documents\Nintendo\Tapete.exe -d C:\Users\****\Documents\Nintendo
Task: {EF1DDEA2-F6F3-409E-9932-3137B6A54BD2} - System32\Tasks\{AD84414D-1F52-4EB6-A62D-1E4D4E3EB336} => pcalua.exe -a C:\Users\****\Documents\Nintendo\Pflanze.exe -d C:\Users\****\Documents\Nintendo
Task: {F0E9BF3F-D414-4C4D-98E2-5D75CDC4E689} - System32\Tasks\{418866E9-B085-4BC6-B4AC-C9E2CC953512} => pcalua.exe -a C:\Users\****\Documents\Nintendo\Lavalampe.exe -d C:\Users\****\Documents\Nintendo
Task: {F2AE4B48-C4FB-46C8-B405-D44EE6E7EC33} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {F9F48BC7-43F3-4F3E-A48C-B77966B1606D} - \EPUpdater No Task File <==== ATTENTION
Task: {FEBB00FD-D9EA-4DDA-8CD0-C2B62FB1050D} - System32\Tasks\{3F3C461A-897B-491F-B1C5-EC4740CF6A34} => pcalua.exe -a C:\Users\****\Documents\Nintendo\Regal.exe -d C:\Users\****\Documents\Nintendo
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-12-18 18:27 - 2013-01-18 16:00 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2011-01-10 13:49 - 2011-01-10 13:49 - 00014848 _____ () C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe
2013-02-05 11:54 - 2013-04-05 17:11 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2010-01-02 15:42 - 2010-01-02 15:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 13:16 - 2014-01-20 13:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-08-17 21:39 - 2013-03-02 21:00 - 01310136 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\kpcengine.2.2.dll
2010-08-03 23:39 - 2010-08-03 23:39 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2010-08-03 23:39 - 2010-08-03 23:39 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2013-09-03 14:54 - 2013-09-03 14:54 - 00019968 _____ () C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Locale\de_DE\acrotray.deu
2012-08-17 21:38 - 2012-08-17 21:38 - 00479160 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\dblite.dll
2012-08-17 21:40 - 2012-08-17 21:40 - 00068024 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\QtWebKit\qmlwebkitplugin4.dll
2014-12-18 19:49 - 2014-12-18 19:49 - 03758192 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-11-09 18:05 - 2014-11-09 18:05 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\c152a64e30c5b94894d75ac86aa7aad2\IsdiInterop.ni.dll
2011-08-11 21:01 - 2011-04-30 08:28 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-1129197167-488084488-3586192003-500 - Administrator - Disabled)
Gast (S-1-5-21-1129197167-488084488-3586192003-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1129197167-488084488-3586192003-1004 - Limited - Enabled)
**** (S-1-5-21-1129197167-488084488-3586192003-1002 - Administrator - Enabled) => C:\Users\****
UpdatusUser (S-1-5-21-1129197167-488084488-3586192003-1001 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/19/2014 06:46:06 PM) (Source: VSS) (EventID: 12292) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Erstellen der Schattenkopieanbieter-COM-Klasse mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
] ist ein Fehler aufgetreten.


Vorgang:
   Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
   Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen
   Schattenkopien abfragen

Kontext:
   Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
   Snapshotkontext: 13
   Snapshotkontext: 13
   Ausführungskontext: Coordinator

Error: (12/19/2014 06:46:06 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} und dem Namen "SW_PROV" kann nicht gestartet werden. [0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
]


Vorgang:
   Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
   Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen
   Schattenkopien abfragen

Kontext:
   Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
   Snapshotkontext: 13
   Snapshotkontext: 13
   Ausführungskontext: Coordinator

Error: (12/19/2014 06:39:45 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\svchost.exe -k netsvcs; Beschreibung = Windows Update; Fehler = 0x80042302).

Error: (12/19/2014 06:39:44 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "GetProviderMgmtInterface" ist ein unerwarteter Fehler aufgetreten. hr = 0x8004230f, Unerwarteter Fehler beim Schattenkopieanbieter bei dem Versuch, den angegebenen Vorgang zu verarbeiten.
.

Error: (12/19/2014 06:39:44 PM) (Source: VSS) (EventID: 12292) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Erstellen der Schattenkopieanbieter-COM-Klasse mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
] ist ein Fehler aufgetreten.


Vorgang:
   Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
   Anbieterverwaltungsschnittstelle wird abgerufen

Kontext:
   Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Klassen-ID: {00000000-0000-0000-0000-000000000000}
   Snapshotkontext: -1
   Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}

Error: (12/19/2014 06:39:44 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} und dem Namen "SW_PROV" kann nicht gestartet werden. [0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
]


Vorgang:
   Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
   Anbieterverwaltungsschnittstelle wird abgerufen

Kontext:
   Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Klassen-ID: {00000000-0000-0000-0000-000000000000}
   Snapshotkontext: -1
   Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}

Error: (12/18/2014 00:14:09 PM) (Source: VSS) (EventID: 12292) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Erstellen der Schattenkopieanbieter-COM-Klasse mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
] ist ein Fehler aufgetreten.


Vorgang:
   Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
   Anbieterverwaltungsschnittstelle wird abgerufen

Kontext:
   Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Klassen-ID: {00000000-0000-0000-0000-000000000000}
   Snapshotkontext: -1
   Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}

Error: (12/18/2014 00:14:09 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} und dem Namen "SW_PROV" kann nicht gestartet werden. [0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
]


Vorgang:
   Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
   Anbieterverwaltungsschnittstelle wird abgerufen

Kontext:
   Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Klassen-ID: {00000000-0000-0000-0000-000000000000}
   Snapshotkontext: -1
   Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}

Error: (12/18/2014 00:10:23 PM) (Source: VSS) (EventID: 12292) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Erstellen der Schattenkopieanbieter-COM-Klasse mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
] ist ein Fehler aufgetreten.


Vorgang:
   Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
   Anbieterverwaltungsschnittstelle wird abgerufen

Kontext:
   Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Klassen-ID: {00000000-0000-0000-0000-000000000000}
   Snapshotkontext: -1
   Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}

Error: (12/18/2014 00:10:23 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} und dem Namen "SW_PROV" kann nicht gestartet werden. [0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
]


Vorgang:
   Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
   Anbieterverwaltungsschnittstelle wird abgerufen

Kontext:
   Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Klassen-ID: {00000000-0000-0000-0000-000000000000}
   Snapshotkontext: -1
   Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}


System errors:
=============
Error: (12/19/2014 06:32:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (12/19/2014 06:32:25 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (12/18/2014 06:53:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (12/18/2014 06:53:30 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (12/18/2014 11:37:56 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (12/18/2014 11:37:56 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (12/03/2014 04:30:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (12/03/2014 04:30:58 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (12/03/2014 04:29:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (12/03/2014 04:29:39 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Media Player-Netzwerkfreigabedienst erreicht.


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-11-16 12:41:08.456
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-16 12:41:08.446
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-16 12:41:08.425
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-16 12:41:08.415
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-16 12:33:57.893
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-16 12:33:57.811
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-15 20:21:35.412
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-15 20:21:35.360
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-15 20:21:35.310
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-15 20:21:35.259
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-2320 CPU @ 3.00GHz
Percentage of memory in use: 75%
Total physical RAM: 4077.64 MB
Available physical RAM: 984.86 MB
Total Pagefile: 8153.46 MB
Available Pagefile: 4468.04 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (Boot) (Fixed) (Total:1811.92 GB) (Free:489.82 GB) NTFS
Drive d: (Recover) (Fixed) (Total:50 GB) (Free:25.47 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 2BD2C32A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1811.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=50 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)

==================== End Of Log ============================

--- --- ---

schrauber · 20.12.2014, 15:40

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

ärztefan186 · 21.12.2014, 20:15

AdwCleaner-Log:
AdwCleaner Logfile:

Code:

ATTFilter

# AdwCleaner v4.106 - Bericht erstellt am 21/12/2014 um 19:17:34
# Aktualisiert 21/12/2014 von Xplode
# Database : 2014-12-21.4 [Local]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : **** - ****-PC
# Gestartet von : C:\Users\****\Desktop\adwcleaner_4.106.exe
# Option : Löschen

***** [ Dienste ] *****

Dienst Gelöscht : Skype C2C Service

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Users\****\AppData\Local\Hola
Datei Gelöscht : C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\u02u633k.default\foxydeal.sqlite

***** [ Tasks ] *****

Task Gelöscht : BrowserDefendert
Task Gelöscht : EPUpdater

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Wert Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\SearchProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6592FDEC-2C1A-413A-9985-25FEC2F0848D}

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Mozilla Firefox v34.0.5 (x86 de)


-\\ Chromium v


*************************

AdwCleaner[R0].txt - [13356 octets] - [03/01/2014 15:12:01]
AdwCleaner[R1].txt - [2912 octets] - [21/12/2014 19:14:51]
AdwCleaner[S0].txt - [12859 octets] - [03/01/2014 15:13:06]
AdwCleaner[S1].txt - [2767 octets] - [21/12/2014 19:17:34]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2827 octets] ##########

--- --- ---

JRT-Log:
JRT Logfile:

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Windows 7 Home Premium x64
Ran by **** on 21.12.2014 at 19:58:08.84
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{00D3A80D-8A66-4A03-AEDE-28DA183B118E}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{01288570-1E60-456D-9F9D-D3069BEB74F4}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{03F6F4AD-8D18-468A-91B0-5D00E7C44A08}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{045C4281-237C-4B76-83C0-8EB9CA4A3773}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{047BA228-C0F7-4C1E-9BD0-6539EAB03589}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{056C105F-0A0C-41F2-8DC2-9D4703E75063}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{07A5DA68-6CBA-4D60-A4DB-15175A921F75}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{0ACFECEF-B858-4F7C-B41F-3D9D0B3BEE9F}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{0AEA4AA4-3845-4B25-9716-F52D92D1E766}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{0EE92AB9-16DA-4C45-914B-75117FD1559C}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{0F07A73C-A73F-413D-8351-1276D2906BB7}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{12AABE39-622B-41BC-828A-BDD40576A785}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{13142850-28CB-42BD-BB64-E34F3349DE8D}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{13BA2BDB-A167-4EE1-8A11-29523A79A048}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{14AD9A9F-DD62-4931-BC89-23F5A0532B43}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{163A856C-8735-485F-8D3B-B6E8E4799577}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{1B7E03FC-63E7-45BC-85F8-7E4BDCBF7871}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{1B8ACD9E-EB79-468E-BDC7-1C3154728E02}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{1C86CC96-F809-4A9A-A925-F7E5BDC2FA34}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{1C93F351-9EDD-4DA9-A30D-177F06B36CBA}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{1D7F9FF0-FD34-467B-938A-3B21EAD27021}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{1ECA00C8-04E7-4A6E-A143-85EC77B8C239}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{1F0F84B1-225E-4623-A2CA-1BF3DDF8B858}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{21C19F14-2145-46C8-AD13-CC33021CBAD0}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{221643FF-8FD7-4AA4-BB26-AEE144C0233A}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{248E7388-8D26-4192-B207-01C55F80EA50}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{27B48763-71E0-4A28-9E6C-6B740E1E1F56}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{27FA58DE-A78F-4D1A-9E5E-32D47A7EA3C6}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{2949672B-3A3F-43CC-948A-D152B51FB054}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{29C8C53F-DBC3-492F-BDC8-200CDACCE8C4}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{29CDFBBC-00C2-4D2C-AC46-3DABF954FB26}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{2CD6C1B0-3685-4F22-A775-64A6A2A35397}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{2F04B679-4D68-4F43-9A2F-06A9D638F515}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{31B6A5C7-F386-4426-B362-73EDEF2FDC57}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{339B2868-0D5A-4E30-98FF-237327EE35A2}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{33E6E422-070A-4328-96D0-13F5F4D0C3FE}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{34A357B7-61C9-442C-908A-5E83A6570CEF}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{35D298F2-8B29-45B2-80DB-233214B92F05}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{368C8A61-1C83-4A1C-978F-6FE420930D9B}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{370C25AE-6FEB-4EEF-88E3-787CE6AE85AD}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{38D6702A-95A0-439C-9170-17F09BEF7EB4}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{3CEE9D90-0D08-4C2E-9490-7820B24139C6}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{3DF7E36D-1E27-49EC-B41A-084E557DE04D}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{3ECDDFDD-2393-425B-BF0C-28141965AAA4}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{3F9D097B-7852-4867-9BEA-6A5B8082E437}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{41E768B8-0E54-489C-ACF0-EEB92313F70C}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{4C01FBD0-4B6C-48DE-8C43-723573AC2E92}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{4C7DEE87-A8C6-4F64-AD16-3B7B74784C25}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{4E16FB0B-455C-4C11-A90C-AE6060F212A0}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{4E841C01-A97F-40CC-A83A-5FF9A9B266B0}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{4E8FAC29-1321-4D4E-ABF1-D654AE81DD56}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{4EE7D6E4-0C50-49BD-B887-4A84159FAF2D}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{5089F575-9A7F-4550-A92C-D99D829C32CB}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{524F19AD-EC64-43F5-B281-A2248E760D31}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{52DF5AF4-8A5A-4227-91BA-4C378FA9B88A}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{5446B5D7-F923-4F82-8D2E-7BCB856DA842}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{54BAA2F0-501F-4796-B28C-C82CA81921D5}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{5697B438-CAB5-4BE8-889A-50B93F68FF05}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{5A192470-FEE3-40F7-838E-EFBAB591670E}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{5F211AB1-7957-47FA-BE43-C877C7C944FD}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{5FEFCC7D-1326-4873-AF6F-4E37FD358691}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{61012A8D-4496-4311-AE7E-682057D56C1A}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{617A5352-21A3-4BB9-9460-5D8F0C7BEA29}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{638B7119-D6F2-4AEF-9AB6-EBCF7F2974CD}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{683FF39F-BE3A-4F80-9D20-ABD7AB52F817}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{6B3C3523-299F-40F4-97FD-6E91B59D7847}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{6BE197D3-DE6F-4C10-BB3C-DF97C68877C4}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{6CE1A190-932E-4AC2-B19C-B350D790E4E9}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{6F828BA1-5B19-4494-B631-1130303A1871}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{70A0D2BA-7A31-4659-BB7F-F4DC5B176DDB}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{70A298FB-57C9-43E4-B7C5-27FC38A949C6}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{74F55E8E-4FEF-4C1E-836E-20197DE00D2E}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{76037EDA-94EB-4402-9FF7-3EDAB99294BF}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{76E394C2-8AAC-4317-9FFA-2BCCAED3EDF4}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{7728CC3C-A19E-4E15-AE9A-814FEFAA91CC}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{78503487-07F1-4D02-9DB5-3A5B7824BEF5}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{78B7BEA4-DDDE-4CCA-B807-6E52CC3BA3B4}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{7B0CD4BC-4AF8-426C-9CF1-A17E28B4440A}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{7B33AB48-17A5-4140-9C09-31B4F19E176C}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{7BA34B76-547B-499A-A1B4-2346018C4F35}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{7DBB766D-8EDB-417D-ADDC-F956541357B5}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{8476A832-72CF-4D1B-A15F-49B22EA3402D}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{86C71572-C642-42D4-8E49-85540F0E7FA5}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{8806D5E4-DB36-4B74-8819-3478DBA7611E}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{8A6676F6-8B83-4E97-BAAA-C2AF037118CB}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{8C339D6B-022E-48CA-BFFC-34D83DE045E8}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{8CFD3CD4-23E0-43D2-8DDC-BE06869624C9}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{8EA7444C-0B56-4693-9BE0-D44A4B946206}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{8EB88293-2EAC-4C11-9F39-6D28FB38DC2A}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{900FB09A-AE6A-44C9-89AD-C066B1EE3261}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{91358AC3-592D-46B4-A6FE-0C6CBE31FC48}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{917B478D-376F-463F-AF44-3F105DCD1CDA}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{923C25B7-46EE-4A05-9BEB-2CDF2D4F7E35}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{94378548-EF74-4503-991C-507B9B308B87}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{959F404C-AC9A-49BE-B358-D9B7148890CA}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{9600335A-2076-4D12-BF83-80F6DA687E3F}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{98A6C36A-79EC-483F-88BE-D8E50ABB7FEC}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{993AFD0A-FEB2-4CF3-A270-0CE4FF401BA4}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{995B6603-5078-486D-B936-1E47941C8617}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{9A7408DA-33A2-42A6-ABB8-B0D7F8D5C1B7}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{9A8B59DB-0EC1-43E2-90D3-C43ED0D90BA1}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{9D426AB8-94BA-4FEE-9706-E94F34EA9D4D}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{9DDB844C-7B0B-4278-92D5-1F2D07ED0740}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{9E1756CE-B818-4104-B0AA-C071B91292E2}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{9E3A847F-7F5C-4361-8FA5-7CA02A4D6DD7}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{A04BE2EB-CB44-4F4E-ACF4-922F82D52D0A}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{A09C3B53-6020-4DE1-98CB-C04AB132DECF}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{A106D0C3-226B-4AAA-94E0-5FB0535E9F8C}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{A1C256C9-E0F0-4608-8869-1049774AA197}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{A1F24738-DF5B-4909-A3D9-F12FF4802C29}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{A3D3A70C-B450-4829-8EBA-8D6978C0FA63}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{A5758C81-510A-481A-9C77-6981F5A2DECD}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{A7803385-A799-4CED-BE68-E09EF2BF6D3B}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{A96D70CB-B57D-40BD-8A55-E7C7691F6103}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{AD8EC148-E934-4C4C-BBFB-9408370D3BF4}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{ADED0CC7-B7F7-4B4B-A017-2323FF9A0CDD}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{AF58B497-86E2-4B3F-BBA4-C1AA21ACD0A5}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{AF683987-6693-4873-AE8A-08EAF7BC384A}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{B2826DE3-0497-48AB-856D-6F1DA0753BD6}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{B3805D3E-4E9C-42A4-AA68-0AC2B0F06993}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{B44962E9-48C2-4D82-83EA-8C971DC3D701}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{B4BDD094-81AC-4C50-9C09-FBA5EF09EB15}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{B609E608-F92E-4C16-B86C-11B90329E49A}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{B6543ABB-9195-412B-B971-1D3ACD26066F}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{B823929E-EB13-465F-BDF8-5FD2B2007DF4}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{B8C1A8BC-E38E-46C5-B9AC-91958006A675}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{B9316771-8FC9-41B2-A6BA-0980852B6D94}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{BA8CBE55-A348-48A9-A3F7-84834AD1D211}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{BAEE825E-DC4C-4AD0-A412-6430B57C60B8}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{BCBF29DB-7ACA-4FD2-AE61-259B440B5B36}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{BEE0DD63-02F2-45A5-A175-B7ECFE3BCA00}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{C08DB387-D9FF-4A27-BA7C-AA1E85CA861D}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{C0E09400-8B8F-4A66-91D2-8E6EEA63CD77}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{C249F8BB-C069-4F93-9047-691239B66899}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{C35C3714-9488-4A71-A91D-B9F128EE5BC1}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{C4B76591-1C73-4506-B8B3-ED2AF26A9251}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{C62ED425-03A1-49B8-9FB8-8DD442B45640}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{C688A979-1F3D-4A57-A582-4C45A87220B3}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{C7256014-8ABD-44AB-81A3-BD5D3789FF7E}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{C9B7503E-9B0E-4643-ACC4-E5624C96AEBB}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{CA8B7BD4-CE97-4E1D-8BF8-0AD661048399}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{CC484A4D-C19E-44A8-88A0-365673DFAC56}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{CF16E228-AEDB-46E1-9D68-10E33CAA1815}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{CFA206DB-8736-49FB-9364-AB5E6B461F2C}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{D362D138-0BC0-473D-893B-28AC3B220252}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{D48D86E4-9CBC-44C6-AFC4-D766D791A3D7}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{D496D1DD-3FB0-4CC5-BAB7-CB8AA1650590}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{DC0FE71D-6782-44F1-AD88-82EFDB131F1B}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{DC715D00-6F48-49A6-8080-612A29481D73}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{DD887547-CE68-4A22-81A9-7A1E0E2F7931}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{DFB8BE60-D1D0-4C86-8367-4AB11AA9A177}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{E00897A5-BF98-4451-B9E6-AA7B5A10A0D6}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{E02A202A-0F91-4EAE-8ACC-121CC0C5B2F4}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{E15EED36-B6BD-432F-A6B7-CB8C859D0095}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{E209AC31-2347-4D55-A231-AEBF3AFBB9BE}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{E2DB6306-8D7B-48C0-BAE4-ED94F770B7C1}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{E2E1B3AC-F169-44CF-8C7F-2A2E662A41C1}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{E37F0F9D-FC87-4347-912C-8FAB20041362}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{E3A11B9F-FD26-4C66-A60B-3640D49AAC24}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{E3A2B57C-BF9E-4F44-9483-64A12E511EB2}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{E4065FE2-53FD-4208-A5C7-F4B8591B394A}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{E42D15A8-B28B-48EC-9D73-09C9120CA5F1}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{E736140B-612D-4B71-81D8-4F5EDEF3B7B8}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{E99D9FAB-27F4-426C-9279-F89BF096288F}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{E9EB9F31-842E-4E18-AAED-D854D4DF9B22}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{EAA41458-4E26-40D9-804A-51477C186A75}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{EAA51105-6EA1-45F5-B82D-4C494DAFFA61}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{EB090AAB-4471-4575-8343-A9279E2135C3}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{EB97D4BF-3665-4B39-BE1A-DFB5B11F19F7}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{EC615FA8-6806-47C5-A716-5D16B2899A37}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{ED1F8FF3-A755-40EA-88B5-EB60EA476730}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{ED4D5903-5171-4C87-BDFC-B146119BADBC}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{EF9E2C44-3F5B-4A9E-9FBA-159794183BC1}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{F0999F12-5287-44BD-BD83-5F15262D33D2}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{F1C988C5-B622-4F4F-9756-61CC277BF5D9}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{F50099E8-6932-4D90-B554-048E9CB92FC2}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{F564A03E-30D2-4DC1-81EF-5C0E29FBDF19}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{F5D921C6-107C-466B-A22C-1240499CD216}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{F86E4EF9-1C07-473F-9415-56282320A577}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{FA1413EC-6768-4839-9F0E-E2EA695E3810}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{FA58A752-5929-4CAC-B76B-A21EE9EF08A4}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{FB37D674-387D-48B7-8478-646B6A35AADA}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{FBC3B364-6D67-4260-B8E6-DDFA6DE0FA58}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{FC55493E-16DE-450C-9F01-9B3C0C37028B}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{FCF02CED-5BC2-404E-9110-B028F96C91F5}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{FD107F2C-FCA7-4E55-BBB3-FC8C0075B26A}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{FDB132B7-A9CD-4CC3-B896-976175A6DB9C}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{FDC5606D-D1EC-4C3D-B6E2-08E55FACD04D}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{FE722394-7831-4947-A2C4-6430105D94A4}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{FF8D096B-5849-4BA3-80D4-C7875A4CCAF6}



~~~ FireFox

Emptied folder: C:\Users\****\AppData\Roaming\mozilla\firefox\profiles\u02u633k.default\minidumps [89 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 21.12.2014 at 20:01:06.58
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

--- --- ---

FRST:
FRST Additions Logfile:
FRST Additions Logfile:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-12-2014 01
Ran by **** at 2014-12-21 20:09:35
Running from C:\Users\****\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Anti-Virus (Disabled - Out of date) {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
AS: Kaspersky Anti-Virus (Disabled - Up to date) {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

05 (HKLM-x32\...\NintendoVIP) (Version:  - )
ActiveX-kontroll för fjärranslutningar för Windows Live Mesh (HKLM-x32\...\{376D59B1-42D9-4FA2-B6CC-E346B6BE14F5}) (Version: 15.4.5722.2 - Microsoft Corporation)
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.8 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.4.0.2540 - Adobe Systems Incorporated)
Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.2 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.4.402.287 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.9.900.117 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Reader X (10.1.3) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.3 - Adobe Systems Incorporated)
Adobe Reader X (10.1.8) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.8 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.1.629 - Adobe Systems, Inc.)
Adobe Support Advisor (HKLM-x32\...\AdobeSupportAdvisor.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1) (Version: 1.6.1.20120504 - Adobe Systems Incorporated)
AI War: Fleet Command (HKLM-x32\...\Steam App 40400) (Version:  - Arcen Games)
AIX-V2_mappack_ITHH (HKLM-x32\...\AIX-V2_mappack_ITHH) (Version:  - )
Allied Intent Xtended 2.0 (HKLM-x32\...\Allied Intent Xtended) (Version: 2.0 - AIX Community)
Apple Application Support (HKLM-x32\...\{A922C4B7-50E0-4787-A94C-59DBF3C65DBE}) (Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FE86CB0C-FCB3-4358-B4B0-B0A41E33B3DD}) (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ashampoo Burning Studio (HKLM-x32\...\Ashampoo Burning Studio_is1) (Version: 10.0.10 - Ashampoo GmbH & Co. KG)
Ashampoo Photo Commander (HKLM-x32\...\Ashampoo Photo Commander_is1) (Version: 9.2.0 - Ashampoo GmbH & Co. KG)
Ashampoo Photo Optimizer (HKLM-x32\...\Ashampoo Photo Optimizer_is1) (Version: 4.0.0 - Ashampoo GmbH & Co. KG)
Ashampoo Snap (HKLM-x32\...\Ashampoo Snap_is1) (Version: 4.3.0 - Ashampoo GmbH & Co. KG)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.12.5.0 - Asmedia Technology)
Assassin's Creed (HKLM-x32\...\{8CFA9151-6404-409A-AF22-4632D04582FD}) (Version: 1.02 - Ubisoft)
Atom Zombie Smasher  (HKLM-x32\...\Steam App 55040) (Version:  - )
Audiosurf (HKLM-x32\...\Steam App 12900) (Version:  - BestGameEver)
AVM FRITZ!Box Dokumentation (HKLM-x32\...\AVMFBox) (Version:  - AVM Berlin)
AVM FRITZ!Box Druckeranschluss (HKLM-x32\...\AVMFBoxPrinter) (Version:  - AVM Berlin)
AVM FRITZ!WLAN (HKLM-x32\...\AVMWLANCLI) (Version:  - AVM Berlin)
Awesomenauts (HKLM-x32\...\Steam App 204300) (Version:  - )
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CANON iMAGE GATEWAY MyCamera Download Plugin (HKLM-x32\...\MyCamera Download Plugin) (Version: 3.1.1.2 - Canon Inc.)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM-x32\...\CANON iMAGE GATEWAY Task) (Version: 1.9.0.9 - Canon Inc.)
Canon MOV Decoder (HKLM-x32\...\Canon MOV Decoder) (Version: 1.8.0.7 - Canon Inc.)
Canon MOV Encoder (HKLM-x32\...\Canon MOV Encoder) (Version: 1.6.0.1 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 3.7.0.4 - Canon Inc.)
Canon Utilities Digital Photo Professional 3.10 (HKLM-x32\...\DPP) (Version: 3.10.2.0 - Canon Inc.)
Canon Utilities EOS Sample Music (HKLM-x32\...\EOS Sample Music) (Version: 1.0.0.204 - Canon Inc.)
Canon Utilities EOS Utility (HKLM-x32\...\EOS Utility) (Version: 2.10.2.0 - Canon Inc.)
Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX (HKLM-x32\...\EOS Video Snapshot Task) (Version: 1.0.0.10 - Canon Inc.)
Canon Utilities Movie Uploader for YouTube (HKLM-x32\...\MovieUploaderForYouTube) (Version: 1.2.0.7 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.)
Canon Utilities Picture Style Editor (HKLM-x32\...\Picture Style Editor) (Version: 1.9.0.0 - Canon Inc.)
Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.7.0.24 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.5.0.9 - Canon Inc.)
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (HKLM-x32\...\{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}) (Version: 15.4.5722.2 - Microsoft Corporation)
Corel Graphics - Windows Shell Extension (HKLM-x32\...\_{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}) (Version: 15.2.0.686 - Corel Corporation)
Corel Graphics - Windows Shell Extension (x32 Version: 15.2.686 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension 64 Bit (Version: 15.2.686 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Common (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Connect (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Custom Data (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - DE (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Draw (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - EN (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - ES (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Extra Content (HKLM-x32\...\_{5A10CFDA-FA2B-453C-B561-AE864E62EAC8}) (Version:  - Corel Corporation)
CorelDRAW Essentials X5 - Extra Content (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Filters (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - FR (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - IPM (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - IT (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - PHOTO-PAINT (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Redist (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Setup Files (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - WT (x32 Version: 15.3 -  Corel Corporation) Hidden
CorelDRAW Essentials X5 (HKLM-x32\...\_{EDBEBF07-F880-48FB-9AA5-0E8E71E02D83}) (Version: 15.2.0.686 - Corel Corporation)
CorelDRAW Essentials X5 (x32 Version: 15.3 - Corel Corporation) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3418 - CyberLink Corp.)
CyberLink MediaEspresso (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.1817_38674 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 7.0.0.1327 - CyberLink Corp.)
CyberLink PowerDVD Copy (HKLM-x32\...\InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}) (Version: 1.5.1306 - CyberLink Corp.)
CyberLink PowerRecover (HKLM-x32\...\InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.5.4125 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
dcmsvc 1.0 (HKLM-x32\...\dcmsvc_is1) (Version:  - )
Death Rally (HKLM-x32\...\Steam App 108700) (Version:  - )
Dokan Library 0.6.0 (HKLM-x32\...\DokanLibrary) (Version:  - )
Duden Rechtschreibtrainer (HKLM-x32\...\{BB550FD8-1DD8-412A-8BEE-659122E6115F}) (Version: 2.0.0 - Bibliographisches Institut GmbH, Mannheim)
Duden-Bibliothek (HKLM-x32\...\{5C81B189-5456-40C4-9313-7FE6FA6DD64C}) (Version: 5.1.0 - Bibliographisches Institut GmbH)
Duty Calls (HKLM-x32\...\{0AEB967F-1D12-43C8-A59C-D93DA8EE4A4E}) (Version: 1.00.0000 - Duty Calls)
DVDFab 6.2.1.8 (31/12/2009) (HKLM-x32\...\DVDFab 6_is1) (Version:  - Fengtao Software Inc.)
FileZilla Client 3.7.3 (HKU\S-1-5-21-1129197167-488084488-3586192003-1002\...\FileZilla Client) (Version: 3.7.3 - Tim Kosse)
Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych (HKLM-x32\...\{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}) (Version: 15.4.5722.2 - Microsoft Corporation)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Free Studio version 5.3.3 (HKLM-x32\...\Free Studio_is1) (Version:  - DVDVideoSoft Ltd.)
Free Video Call Recorder for Skype version 1.1.0.319 (HKLM-x32\...\Free Video Call Recorder for Skype_is1) (Version: 1.1.0.319 - DVDVideoSoft Ltd.)
Free YouTube Download version 3.2.18.1128 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.18.1128 - DVDVideoSoft Ltd.)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
GIMP 2.6.8 (HKLM\...\WinGimp-2.0_is1) (Version:  - )
GoHa.RU World of Tanks skins (HKLM-x32\...\GohaRUWotSkins) (Version:  - )
Google Earth (HKLM-x32\...\{28E82311-8616-11E1-BEB0-B8AC6F97B88E}) (Version: 6.2.2.6613 - Google)
Google SketchUp 8 (HKLM-x32\...\{5E2ABE05-B7AD-4D77-8A19-BDA0E4302190}) (Version: 3.0.11762 - Google, Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.3.2710.138 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.21.111 - Google Inc.) Hidden
GPGNet (HKLM-x32\...\{C194D333-B84A-4BB7-B35E-060732D98DC4}) (Version: 1.0.0 - Gas Powered Games)
Hamachi 1.0.3.0 (HKLM-x32\...\Hamachi) (Version:  - )
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.5.0.1026 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.32 - Irfan Skiljan)
Iron Sky Invasion DEMO (HKLM-x32\...\Iron Sky Invasion DEMO) (Version: 1.2.0.0 - Reality Pump)
iTunes (HKLM\...\{0D924CB2-2EA4-4044-BAF7-770202D6BD0D}) (Version: 11.1.4.62 - Apple Inc.)
Java(TM) 7 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417000FF}) (Version: 7.0.0 - Oracle)
Java(TM) 7 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217000FF}) (Version: 7.0.0 - Oracle)
jazz  Screen Saver (HKLM-x32\...\jazz) (Version:  - )
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kaspersky Anti-Virus 2013 (HKLM-x32\...\InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}) (Version: 13.0.1.4190 - Kaspersky Lab)
Kaspersky Anti-Virus 2013 (x32 Version: 13.0.1.4190 - Kaspersky Lab) Hidden
Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave (HKLM-x32\...\{CA227A9D-09BE-4BFB-9764-48FED2DA5454}) (Version: 15.4.5722.2 - Microsoft Corporation)
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
LEGO Star Wars (HKLM-x32\...\InstallShield_{E914A24F-2412-4374-B420-86D21D6D444A}) (Version: 1.00.0000 - Ihr Firmenname)
LEGO Star Wars (x32 Version: 1.00.0000 - Ihr Firmenname) Hidden
LEGO Star Wars II (HKLM-x32\...\InstallShield_{578FA426-47C0-4A3F-98A4-01ACD26B7556}) (Version: 1.00.0000 - LucasArts)
LEGO Star Wars II (x32 Version: 1.00.0000 - LucasArts) Hidden
LEGO® Indiana Jones™ (HKLM-x32\...\InstallShield_{A14C40E7-F7E5-498D-B8BD-A3EAE942EED0}) (Version: 1.00.0000 - LucasArts)
LEGO® Indiana Jones™ (x32 Version: 1.00.0000 - LucasArts) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MarioKart Screen Saver (HKLM-x32\...\MarioKart) (Version:  - )
Mathematik interaktiv (HKLM-x32\...\{D794373D-4197-4F77-AB73-5404A005E043}) (Version: 1.00.0000 - Bildungshaus Schulbuchverlage Westermann Schroedel Diesterweg Schöningh Winklers GmbH)
Medion Home Cinema (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2926 - CyberLink Corp.)
Medion Home Cinema (x32 Version: 8.0.2926 - CyberLink Corp.) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2000 Premium (HKLM-x32\...\{00000407-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2816 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package (HKLM-x32\...\Microsoft Visual J# 2.0 Redistributable Package) (Version:  - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
myMugle (HKLM-x32\...\myMugle3.0.0.0) (Version: 3.0.0.0 - Computer Business Solutions)
NC Launcher (GameForge) (HKLM-x32\...\NCLauncher_GameForge) (Version:  - NCsoft)
Netscape Navigator (9.0.0.6) (HKLM-x32\...\Netscape Navigator (9.0.0.6)) (Version: 9.0.0.6 (en-US) - Netscape)
Nintendo Desktop Manager (HKLM-x32\...\Nintendo Desktop Manager) (Version:  - )
NVIDIA 3D Vision Controller-Treiber 310.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 310.70 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Grafiktreiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
pängpong  Screen Saver (HKLM-x32\...\pängpong) (Version:  - )
PanoramaStudio 2.3 ((deinstallieren)) (HKLM\...\PanoramaStudio2) (Version:  - )
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
Phase 5 HTML-Editor (HKLM-x32\...\{20B1B020-DEAE-48D1-9960-D4C3185D758B}) (Version: 5.6.2.3 - Systemberatung Schommer)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
PokemonColosseum.Screensaver (HKLM-x32\...\PokemonColosseum.Screensaver.scr) (Version:  - )
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6368 - Realtek Semiconductor Corp.)
Resonance (HKLM-x32\...\Steam App 212050) (Version:  - )
Roll (HKLM-x32\...\RollerCoaster Tycoon Setup) (Version:  - )
RollerCoaster Tycoon 2 (HKLM-x32\...\{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}) (Version:  - )
Sanctum (HKLM-x32\...\Steam App 91600) (Version:  - )
SDFormatter (HKLM-x32\...\{A5355F15-F98B-4704-9BAE-E53B9FE48F48}) (Version: 3.1.0 - SD Association)
SharpKeys (HKLM-x32\...\{636E94DA-99C0-448F-A931-3DAD83B4975F}) (Version: 3.5.0000 - RandyRants.com)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
Smokin Guns (HKLM-x32\...\{88FB76D1-DE67-4646-95B4-A22E38C35D01}) (Version: 1.00.0000 - Smokin Guns)
Spelling Dictionaries Support For Adobe Reader X (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-A00000000004}) (Version: 10.0.0 - Adobe Systems Incorporated)
Split/Second (HKLM-x32\...\{28526951-55EF-4901-A0CA-B9AC966D1DD1}) (Version: 1.00.0000 - Disney Interactive Studios)
Star Ruler (HKLM-x32\...\Steam App 70900) (Version:  - Blind Mind Studios)
Star Wars Empire at War (HKLM-x32\...\{99AE7207-8612-4DBA-A8F8-BAE5C633390D}) (Version: 1.0 - LucasArts)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Stellarium 0.11.4 (HKLM\...\Stellarium_is1) (Version: 0.11.4 - Stellarium team)
Supreme Commander - Forged Alliance (HKLM-x32\...\{31D95937-B237-405D-920C-A3EF4E482395}) (Version: 1.00.0000 - Gas Powered Games)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamSpeak 3 Client (HKU\S-1-5-21-1129197167-488084488-3586192003-1002\...\TeamSpeak 3 Client) (Version: 3.0.13.1 - TeamSpeak Systems GmbH)
Titan Quest (HKLM-x32\...\{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}) (Version: 1.00.0000 - Iron Lore)
Titan Quest Immortal Throne (HKLM-x32\...\{B5C5C17E-FEF6-4062-8151-A427AE8AF9D7}) (Version: 1.00.0000 - Iron Lore)
TmNationsForever (HKLM-x32\...\TmNationsForever_is1) (Version:  - Nadeo)
TP-LINK TL-WN821N_WN822N Driver (HKLM-x32\...\{62FE0726-9652-4CD2-9F09-C769D8699C21}) (Version: 1.2.1 - TP-LINK)
TP-LINK Wireless Configuration Utility (HKLM-x32\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 1.2.1 - TP-LINK)
TuneUp Utilities 2012 (HKLM-x32\...\TuneUp Utilities 2012) (Version: 12.0.2160.11 - TuneUp Software)
TuneUp Utilities 2012 (x32 Version: 12.0.2160.11 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (de-DE) (x32 Version: 12.0.2160.11 - TuneUp Software) Hidden
Tunngle beta (HKLM-x32\...\Tunngle beta_is1) (Version:  - Tunngle.net GmbH)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi (HKLM-x32\...\{241E7104-937A-4366-AD57-8FDDDB003939}) (Version: 15.4.5722.2 - Microsoft Corporation)
Vektoris3D 2.0 (HKLM-x32\...\8458-4195-6614-3708) (Version:  - kapieren.de)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version:  - Elaborate Bytes)
VLC media player 1.1.11 (HKLM-x32\...\VLC media player) (Version: 1.1.11 - VideoLAN)
VVVVVV (HKLM-x32\...\Steam App 70300) (Version:  - )
Warner Bros. Digital Copy Manager (HKLM-x32\...\com.warnerbros.DigitalCopyManager.449F66ACC381FDC604DC2AA255FEECEEBBBEE1E5.1) (Version: 1.70 - Warner Bros. Entertainment Inc.)
Warner Bros. Digital Copy Manager (x32 Version: 1.70 - Warner Bros. Entertainment Inc.) Hidden
watchmi (HKLM-x32\...\{409DC300-28AF-468F-9624-1F3309701881}) (Version: 2.7.0 - Axel Springer Digital TV Guide GmbH)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger (HKLM-x32\...\{09B7C7EB-3140-4B5E-842F-9C79A7137139}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-objekt til fjernforbindelser (HKLM-x32\...\{57220148-3B2B-412A-A2E0-82B9DF423696}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz (HKLM-x32\...\{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Meshin etäyhteyksien ActiveX-komponentti (HKLM-x32\...\{4CF6F287-5121-483C-A5A2-07BDE19D8B4E}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Mobile-Gerätecenter (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Wolfschanze II (1.0) (HKLM-x32\...\Wolfschanze II_is1) (Version:  - City Interactive)
World of Tanks - Common Test (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812CT}_is1) (Version:  - Wargaming.net)
World of Tanks (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1) (Version:  - Wargaming.net)
World of Warplanes (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C813}_is1) (Version:  - Wargaming.net)
Worms Revolution (HKLM-x32\...\Steam App 200170) (Version:  - Team17 Digital Ltd.)
Worms World Party (HKLM-x32\...\{9A200E68-D5F4-4E70-910F-2871753A0E2B}) (Version:  - )
Xfire (remove only) (HKLM-x32\...\Xfire) (Version:  - )
Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις (HKLM-x32\...\{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1129197167-488084488-3586192003-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\****\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File

==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0F05656D-F385-4C22-9C54-4BD093C01E7F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {1101D87C-EE02-443E-9FA8-D4A5DBE89B58} - System32\Tasks\{DF87441B-901A-4C9C-BEE8-8E1740E8DCC3} => pcalua.exe -a C:\Users\****\Documents\Nintendo\Sessel.exe -d C:\Users\****\Documents\Nintendo
Task: {1EC898E4-3BCD-456C-9A1D-699582148F54} - System32\Tasks\{102CA60F-A628-48AA-8C6E-6D66D1610113} => pcalua.exe -a C:\Users\****\Downloads\paengpong_setup.exe(1)\pÑngpong_setup.exe -d C:\Users\****\Downloads\paengpong_setup.exe(1)
Task: {417760B4-88A4-4D55-85E5-B2A34D7AC74D} - System32\Tasks\{D9063DDC-A72F-41C1-AE2F-BD67CEFAA25D} => pcalua.exe -a E:\FSetup.exe -d E:\
Task: {46C520AD-60CF-454F-BE0D-CA6D8A232D97} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2012 => C:\Program Files (x86)\TuneUp Utilities 2012\OneClick.exe [2011-12-14] (TuneUp Software)
Task: {4FA55A0B-BC99-438A-8565-5AA7C2CC7B4B} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04] (Adobe Systems Incorporated)
Task: {6BBCFEEF-06E2-447A-AAFD-62B61BA4E191} - System32\Tasks\{0CF9AD93-4FD2-4524-96C7-F7021D4B9B41} => pcalua.exe -a E:\autorun.exe -d E:\
Task: {7F5E0D71-8580-43C8-A53B-0FE7FFFA8F4A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-24] (Google Inc.)
Task: {85574A21-3EC5-4A06-B0F9-23C5E0577F70} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-24] (Google Inc.)
Task: {89EA375A-E418-4F16-B52A-4D68C4F2E356} - System32\Tasks\{9FC752EA-8051-4540-9DCF-9B6C18DAD82F} => pcalua.exe -a C:\Users\****\Downloads\pbsetup\pbsetup.exe -d C:\Users\****\Downloads\pbsetup
Task: {965613A8-82D5-4705-91AB-29657F9F6922} - System32\Tasks\{26680CC7-F8FD-49E8-8B7D-4ADDF52C0CE5} => pcalua.exe -a C:\Users\****\Documents\Nintendo\Kühlschrank.exe -d C:\Users\****\Documents\Nintendo
Task: {9C61A87B-8CEB-472B-BA16-2398F7339E03} - System32\Tasks\AdobeAAMUpdater-1.0-****-PC-**** => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-09-25] (Adobe Systems Incorporated)
Task: {D0252891-AC54-43BD-B4C4-84F6D8A4E9B9} - System32\Tasks\{DE306357-54F1-41CD-8157-E2F1570B3414} => pcalua.exe -a C:\Users\****\Downloads\paengpong_setup.exe\pÑngpong_setup.exe -d C:\Users\****\Downloads\paengpong_setup.exe
Task: {D3FF9BC7-927C-44C2-94FE-57BE2EB942BB} - System32\Tasks\{D3EB13DB-BF86-4F38-8EB5-929F23E959DE} => pcalua.exe -a E:\setup.exe -d E:\
Task: {E00AE1B3-FAF1-4095-A15E-AF1F8B26A2F2} - System32\Tasks\{A4CCCFAF-9061-4D8B-8E79-8BB64065EEA6} => pcalua.exe -a C:\Users\****\Documents\Nintendo\Aquarium.exe -d C:\Users\****\Documents\Nintendo
Task: {E5CF2C72-E541-47FE-A19D-24AB68A93C97} - System32\Tasks\{C8742CD0-2F83-4D15-87D4-964D1620FEFD} => pcalua.exe -a F:\Skyrim\installer\install.exe -d F:\Skyrim\installer
Task: {E8AF4C47-E6E2-4F92-A965-F282D52F63A9} - System32\Tasks\{33CE28B8-0475-4A56-8977-D29EEE9650E0} => pcalua.exe -a C:\Users\****\Documents\Nintendo\Tapete.exe -d C:\Users\****\Documents\Nintendo
Task: {EF1DDEA2-F6F3-409E-9932-3137B6A54BD2} - System32\Tasks\{AD84414D-1F52-4EB6-A62D-1E4D4E3EB336} => pcalua.exe -a C:\Users\****\Documents\Nintendo\Pflanze.exe -d C:\Users\****\Documents\Nintendo
Task: {F0E9BF3F-D414-4C4D-98E2-5D75CDC4E689} - System32\Tasks\{418866E9-B085-4BC6-B4AC-C9E2CC953512} => pcalua.exe -a C:\Users\****\Documents\Nintendo\Lavalampe.exe -d C:\Users\****\Documents\Nintendo
Task: {F2AE4B48-C4FB-46C8-B405-D44EE6E7EC33} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {FEBB00FD-D9EA-4DDA-8CD0-C2B62FB1050D} - System32\Tasks\{3F3C461A-897B-491F-B1C5-EC4740CF6A34} => pcalua.exe -a C:\Users\****\Documents\Nintendo\Regal.exe -d C:\Users\****\Documents\Nintendo
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-12-18 18:27 - 2013-01-18 16:00 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2011-01-10 13:49 - 2011-01-10 13:49 - 00014848 _____ () C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe
2013-02-05 11:54 - 2013-04-05 17:11 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2010-01-02 15:42 - 2010-01-02 15:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 13:16 - 2014-01-20 13:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-08-17 21:39 - 2013-03-02 21:00 - 01310136 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\kpcengine.2.2.dll
2010-08-03 23:39 - 2010-08-03 23:39 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2010-08-03 23:39 - 2010-08-03 23:39 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2013-09-03 14:54 - 2013-09-03 14:54 - 00019968 _____ () C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Locale\de_DE\acrotray.deu
2012-08-17 21:38 - 2012-08-17 21:38 - 00479160 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\dblite.dll
2012-08-17 21:40 - 2012-08-17 21:40 - 00068024 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\QtWebKit\qmlwebkitplugin4.dll
2014-11-09 18:05 - 2014-11-09 18:05 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\c152a64e30c5b94894d75ac86aa7aad2\IsdiInterop.ni.dll
2011-08-11 21:01 - 2011-04-30 08:28 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2014-12-18 19:49 - 2014-12-18 19:49 - 03758192 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-1129197167-488084488-3586192003-500 - Administrator - Disabled)
Gast (S-1-5-21-1129197167-488084488-3586192003-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1129197167-488084488-3586192003-1004 - Limited - Enabled)
**** (S-1-5-21-1129197167-488084488-3586192003-1002 - Administrator - Enabled) => C:\Users\****
UpdatusUser (S-1-5-21-1129197167-488084488-3586192003-1001 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/21/2014 08:09:36 PM) (Source: VSS) (EventID: 12292) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Erstellen der Schattenkopieanbieter-COM-Klasse mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
] ist ein Fehler aufgetreten.


Vorgang:
   Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
   Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen
   Schattenkopien abfragen

Kontext:
   Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
   Snapshotkontext: 13
   Snapshotkontext: 13
   Ausführungskontext: Coordinator

Error: (12/21/2014 08:09:36 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} und dem Namen "SW_PROV" kann nicht gestartet werden. [0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
]


Vorgang:
   Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
   Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen
   Schattenkopien abfragen

Kontext:
   Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
   Snapshotkontext: 13
   Snapshotkontext: 13
   Ausführungskontext: Coordinator

Error: (12/21/2014 08:08:07 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.


System errors:
=============

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-12-19 18:57:36.067
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-19 18:57:35.985
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-16 12:41:08.456
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-16 12:41:08.446
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-16 12:41:08.425
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-16 12:41:08.415
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-16 12:33:57.893
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-16 12:33:57.811
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-15 20:21:35.412
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-15 20:21:35.360
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-2320 CPU @ 3.00GHz
Percentage of memory in use: 56%
Total physical RAM: 4077.64 MB
Available physical RAM: 1762.19 MB
Total Pagefile: 8153.46 MB
Available Pagefile: 5176.36 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (Boot) (Fixed) (Total:1811.92 GB) (Free:489.86 GB) NTFS
Drive d: (Recover) (Fixed) (Total:50 GB) (Free:25.47 GB) NTFS
Drive f: (HDDRIVE2GO) (Fixed) (Total:1863.01 GB) (Free:1052.5 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 2BD2C32A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1811.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=50 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: B377DBD9)
Partition 1: (Active) - (Size=1863 GB) - (Type=07 NTFS)

==================== End Of Log ============================

--- --- ---

Edit: Das oben ist ja nur die Addition... hier jetzt das richtige FRST-Log:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-12-2014 01
Ran by **** (administrator) on ****-PC on 21-12-2014 20:08:23
Running from C:\Users\****\Desktop
Loaded Profile: **** (Available profiles: UpdatusUser & ****)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanNetService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
(Microsoft Corporation) C:\Windows\System32\SndVol.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\splwow64.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MedionReminder] => C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe [443688 2011-05-26] (CyberLink)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-09-25] (Adobe Systems Incorporated)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2010-08-03] (CyberLink)
HKLM-x32\...\Run: [AVMWlanClient] => C:\Program Files (x86)\avmwlanstick\wlangui.exe [2105344 2010-10-22] (AVM Berlin)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073352 2012-06-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41336 2013-09-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840568 2013-09-03] (Adobe Systems Inc.)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
HKLM-x32\...\Run: [AVP] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe [356128 2013-10-10] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-01-20] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.)
HKLM\...\RunOnce: [MedionReminder] => C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe [443688 2011-05-26] (CyberLink)
HKU\S-1-5-21-1129197167-488084488-3586192003-1002\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1129197167-488084488-3586192003-1002\...\MountPoints2: G - G:\LaunchU3.exe -a
HKU\S-1-5-21-1129197167-488084488-3586192003-1002\...\MountPoints2: {27df2026-6f7f-11e2-bfff-001a4f48a136} - J:\setup\rsrc\Autorun.exe
HKU\S-1-5-21-1129197167-488084488-3586192003-1002\...\MountPoints2: {762d96b1-aa79-11e2-b32c-8c89a57cd01b} - K:\ibs.exe
HKU\S-1-5-21-1129197167-488084488-3586192003-1002\...\MountPoints2: {dd71202c-2ef1-11e1-9ca8-742f68a87cfa} - F:\pushinst.exe
HKU\S-1-5-21-1129197167-488084488-3586192003-1002\...\MountPoints2: {e3987405-8ce7-11e3-b95c-8c89a57cd01b} - G:\LaunchU3.exe -a
HKU\S-1-5-21-1129197167-488084488-3586192003-1002\...\MountPoints2: {eba747cc-2ec1-11e1-90a0-806e6f6e6963} - E:\install.EXE id= ver=1.0.0.0
IFEO\tvdtray.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\watchmi tray.lnk
ShortcutTarget: watchmi tray.lnk -> C:\Windows\Installer\{409DC300-28AF-468F-9624-1F3309701881}\SHCT_TRAY_STARTUP_F1540F35F9254DF584F2487D88448402.exe (Acresso Software Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1129197167-488084488-3586192003-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: HKLM-x32 {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/DE/Core/Player/2020PlayerAX_IKEA_Win32.cab
Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\u02u633k.default
FF NewTab: 
FF SearchEngineOrder.1: 
FF SelectedSearchEngine: 
FF Homepage: about:blank
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll No File
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll No File
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/MycameraPlugin -> C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Extension: Hola Better Internet - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\u02u633k.default\Extensions\jid1-4P0kohSJxU1qGg@jetpack [2014-12-18]
FF Extension: DownloadHelper - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\u02u633k.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-11]
FF Extension: ProxTube - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\u02u633k.default\Extensions\ich@maltegoetz.de.xpi [2014-09-11]
FF Extension: ScrapBook - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\u02u633k.default\Extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}.xpi [2014-02-01]
FF Extension: Adblock Plus - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\u02u633k.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-08-04]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-12-18]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-12-18]
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [KavAntiBanner@Kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012-09-25]
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\url_advisor@kaspersky.com [2013-03-02]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\virtual_keyboard@kaspersky.com [2013-03-02]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\content_blocker@kaspersky.com
FF Extension: Content Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\content_blocker@kaspersky.com [2013-03-02]

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\ChromeExt\urladvisor.crx [2012-10-25]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\ChromeExt\content_blocker_chrome.crx [2012-10-25]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\ChromeExt\virtkbd.crx [2012-10-25]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin) [File not signed]
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe [356128 2013-10-10] (Kaspersky Lab ZAO)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 DokanMounter; C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe [14848 2011-01-10] () [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-04-05] ()
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2123584 2011-12-14] (TuneUp Software)
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [759192 2013-09-03] (Tunngle.net GmbH) [File not signed]
S4 watchmi; C:\Program Files (x86)\watchmi\TvdService.exe [70144 2011-10-07] () [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-22] (AVM Berlin)
R2 Dokan; C:\Windows\system32\drivers\dokan.sys [120408 2011-01-10] (Windows (R) Win 7 DDK provider)
S3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [460800 2010-10-22] (AVM GmbH)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-12-11] (Kaspersky Lab ZAO)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [90208 2013-04-24] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [626272 2013-10-10] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-12-11] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-10-10] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-10] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-06-19] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-04-24] (Kaspersky Lab ZAO)
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [11856 2011-12-12] (TuneUp Software)
S0 nvpciflt; system32\DRIVERS\nvpciflt.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-21 20:08 - 2014-12-21 20:09 - 00022772 _____ () C:\Users\****\Desktop\FRST.txt
2014-12-21 20:08 - 2014-12-21 20:08 - 00000000 ____D () C:\Users\****\Desktop\FRST-OlderVersion
2014-12-21 20:01 - 2014-12-21 20:01 - 00020707 _____ () C:\Users\****\Desktop\JRT.txt
2014-12-21 19:29 - 2014-11-29 11:17 - 01707646 _____ (Thisisu) C:\Users\****\Desktop\JRT_NEW.exe
2014-12-21 19:21 - 2014-12-21 19:21 - 00000000 ____D () C:\Users\****\AppData\Local\Hola
2014-12-19 18:49 - 2014-12-13 06:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-19 18:49 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-18 20:33 - 2014-12-18 20:33 - 00000000 ____D () C:\Windows\system32\config\HiveBackup
2014-12-18 19:49 - 2014-12-18 19:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-18 12:14 - 2014-12-18 12:14 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-18 12:09 - 2014-10-18 03:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-18 12:09 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-18 12:09 - 2014-07-07 03:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-12-18 12:09 - 2014-07-07 03:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-12-18 12:09 - 2014-07-07 03:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-12-18 12:09 - 2014-07-07 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-12-18 12:09 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-12-18 12:09 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-12-18 12:09 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-12-18 12:09 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-12-18 11:54 - 2014-12-04 03:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-18 11:54 - 2014-12-04 03:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-18 11:54 - 2014-12-04 03:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-18 11:54 - 2014-12-04 03:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-18 11:54 - 2014-12-04 03:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-18 11:54 - 2014-12-04 03:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-18 11:54 - 2014-12-04 03:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-18 11:54 - 2014-12-02 00:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-18 11:54 - 2014-11-27 02:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-18 11:54 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-18 11:54 - 2014-11-22 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-18 11:54 - 2014-11-22 04:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-18 11:54 - 2014-11-22 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-18 11:54 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-18 11:54 - 2014-11-22 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-18 11:54 - 2014-11-22 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-18 11:54 - 2014-11-22 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-18 11:54 - 2014-11-22 03:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-18 11:54 - 2014-11-22 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-18 11:54 - 2014-11-22 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-18 11:54 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-18 11:54 - 2014-11-22 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-18 11:54 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-18 11:54 - 2014-11-22 03:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-18 11:54 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-18 11:54 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-18 11:54 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-18 11:54 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-18 11:54 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-18 11:54 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-18 11:54 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-18 11:54 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-18 11:54 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-18 11:54 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-18 11:54 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-18 11:54 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-18 11:54 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-18 11:54 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-18 11:54 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-18 11:54 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-18 11:54 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-18 11:54 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-18 11:54 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-18 11:54 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-18 11:54 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-18 11:54 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-18 11:54 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-18 11:54 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-18 11:54 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-18 11:54 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-18 11:54 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-18 11:54 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-18 11:54 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-18 11:54 - 2014-11-11 04:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-18 11:54 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-18 11:54 - 2014-11-11 02:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-18 11:53 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-18 11:53 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-18 11:53 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-18 11:53 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-18 11:53 - 2014-11-22 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-18 11:53 - 2014-11-22 03:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-18 11:53 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-18 11:53 - 2014-11-22 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-18 11:53 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-18 11:52 - 2014-11-08 04:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-18 11:52 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-18 11:52 - 2014-10-30 03:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-18 11:52 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-18 11:52 - 2014-10-03 03:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-18 11:52 - 2014-10-03 03:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-18 11:52 - 2014-10-03 03:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-18 11:52 - 2014-10-03 03:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-18 11:52 - 2014-10-03 03:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-18 11:52 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-18 11:52 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-18 11:52 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-18 11:52 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-18 11:52 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2014-12-03 16:55 - 2014-12-03 17:01 - 00000264 _____ () C:\Users\****\Desktop\Stud-Veranstaltungen.txt
2014-12-03 16:53 - 2014-12-03 16:53 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\qshslr.sys
2014-12-03 16:27 - 2014-12-03 16:27 - 00302704 _____ () C:\Windows\Minidump\120314-30108-01.dmp
2014-12-03 16:25 - 2014-12-03 16:25 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-12-03 16:25 - 2014-12-03 16:25 - 01050432 _____ () C:\Windows\system32\Drivers\aswsnx.sys.1417620355865
2014-12-03 16:25 - 2014-12-03 16:25 - 00436624 _____ () C:\Windows\system32\Drivers\aswSP.sys
2014-12-03 16:25 - 2014-12-03 16:25 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-12-03 16:25 - 2014-12-03 16:25 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-12-03 16:25 - 2014-12-03 16:25 - 00116728 _____ () C:\Windows\system32\Drivers\aswStm.sys
2014-12-03 16:25 - 2014-12-03 16:25 - 00093568 _____ () C:\Windows\system32\Drivers\aswRdr2.sys
2014-12-03 16:25 - 2014-12-03 16:25 - 00083280 _____ () C:\Windows\system32\Drivers\aswMonFlt.sys
2014-12-03 16:25 - 2014-12-03 16:25 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-12-03 16:25 - 2014-12-03 16:25 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-12-03 16:25 - 2014-12-03 16:25 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-12-03 16:25 - 2014-12-03 16:25 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-12-03 16:20 - 2014-12-03 16:22 - 132469808 _____ (AVAST Software) C:\Users\****\Downloads\avast_free_antivirus_setup_10.2208.712.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-21 20:08 - 2014-01-03 11:51 - 00000000 ____D () C:\FRST
2014-12-21 20:08 - 2014-01-03 11:50 - 02122240 _____ (Farbar) C:\Users\****\Desktop\FRST64.exe
2014-12-21 19:28 - 2009-07-14 05:45 - 00024800 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-21 19:28 - 2009-07-14 05:45 - 00024800 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-21 19:27 - 2011-12-24 23:36 - 02080029 _____ () C:\Windows\WindowsUpdate.log
2014-12-21 19:25 - 2011-05-16 15:04 - 00699432 _____ () C:\Windows\system32\perfh007.dat
2014-12-21 19:25 - 2011-05-16 15:04 - 00149572 _____ () C:\Windows\system32\perfc007.dat
2014-12-21 19:25 - 2009-07-14 06:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-21 19:22 - 2013-03-02 20:56 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-12-21 19:19 - 2012-01-04 16:06 - 00252694 _____ () C:\Windows\PFRO.log
2014-12-21 19:19 - 2012-01-04 15:49 - 00234870 _____ () C:\Windows\setupact.log
2014-12-21 19:19 - 2011-09-05 23:24 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-12-21 19:19 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-21 19:17 - 2014-01-03 15:10 - 00000000 ____D () C:\AdwCleaner
2014-12-21 18:40 - 2011-12-26 03:26 - 00000000 ____D () C:\Users\****\AppData\Local\Adobe
2014-12-21 18:27 - 2012-07-02 15:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-19 21:16 - 2011-12-25 16:06 - 00000000 ____D () C:\Users\****\AppData\Roaming\Skype
2014-12-18 12:14 - 2014-05-08 02:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-18 12:14 - 2013-08-20 16:02 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-18 12:14 - 2012-01-04 03:41 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-18 12:14 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-18 12:14 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat
2014-12-18 12:10 - 2011-07-18 21:31 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-18 11:36 - 2011-12-25 16:06 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-12-18 11:35 - 2012-04-04 23:18 - 00000008 __RSH () C:\Users\****\ntuser.pol
2014-12-18 11:35 - 2011-12-24 23:42 - 00000000 ____D () C:\Users\****
2014-12-17 09:47 - 2009-07-14 04:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-12-03 16:53 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PLA
2014-12-03 16:33 - 2014-06-25 21:46 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-03 16:33 - 2014-06-25 21:46 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-12-03 16:27 - 2013-06-16 02:54 - 600654259 _____ () C:\Windows\MEMORY.DMP
2014-12-03 16:27 - 2013-06-16 02:54 - 00000000 ____D () C:\Windows\Minidump
2014-12-03 16:25 - 2012-07-01 12:58 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-12-03 16:25 - 2012-07-01 12:58 - 00000000 ____D () C:\Program Files\AVAST Software
2014-12-03 16:02 - 2012-03-31 10:34 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-03 16:02 - 2011-08-10 20:09 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-26 20:22 - 2009-07-14 06:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-24 20:44 - 2013-06-12 17:34 - 00092160 ___SH () C:\Users\****\Thumbs.db
2014-11-24 14:04 - 2010-11-21 04:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

Some content of TEMP:
====================
C:\Users\****\AppData\Local\Temp\drm_dyndata_7410004.dll
C:\Users\****\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprpohrq.dll
C:\Users\****\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.5.432.exe
C:\Users\****\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.5.466.exe
C:\Users\****\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.5.487.exe
C:\Users\****\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.5.554.exe
C:\Users\****\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.5.575.exe
C:\Users\****\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.5.806.exe
C:\Users\****\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.5.855.exe
C:\Users\****\AppData\Local\Temp\Quarantine.exe
C:\Users\****\AppData\Local\Temp\SkypeSetup.exe
C:\Users\****\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-25 17:26

==================== End Of Log ============================

--- --- ---

--- --- ---

Startup Repair schlägt fehl

Plagegeister aller Art und deren Bekämpfung: Startup Repair schlägt fehl