Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: eset smart security funktioniert nicht mehr wegen EKR.exe Fehler

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 22.01.2015, 17:04   #1
bellachen56
 
eset smart security funktioniert nicht mehr wegen EKR.exe Fehler - Böse

eset smart security funktioniert nicht mehr wegen EKR.exe Fehler



Hallo liebes Forumteam,

ich habe mich schon im web auf der Seite von schlau gemacht was man machen kann wenn eset nicht mehr funktioniert und mir auch die nötigen Schritte ausgedruckt.

Leider kann ich die noch übrigen Reste von eset trotzdem nicht von meinem Rechner löschen.

Inzwischen, nachdem ich überhaupt festgestellt hatte, dass die Software nicht mehr funktioniert habe ich mir avast heruntergeladen, denke, dass dadurch mein Rechner optimal geschützt ist, es würde mich aber doch interessieren , wodurch die eset, hatte eine noch gültige Vollversion, nicht mehr funktioniert.

Ich bin auch kein solcher Experte und vor allem hapert es an Englischkenntnissen. Ich habe mein Problem auch Eset geschildert aber leider noch keine Antwort erhalten.

Ich hoffe, dass ihr mir weiterhelfen könnt.

Gruß
Ilona

Alt 22.01.2015, 17:12   #2
schrauber
/// the machine
/// TB-Ausbilder
 

eset smart security funktioniert nicht mehr wegen EKR.exe Fehler - Standard

eset smart security funktioniert nicht mehr wegen EKR.exe Fehler



hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 22.01.2015, 18:11   #3
bellachen56
 
eset smart security funktioniert nicht mehr wegen EKR.exe Fehler - Standard

eset smart security funktioniert nicht mehr wegen EKR.exe Fehler



FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015
Ran by ilona (administrator) on ILONA-PC on 22-01-2015 17:38:00
Running from C:\Users\ilona\Downloads
Loaded Profiles: ilona & UpdatusUser &  (Available profiles: ilona & UpdatusUser & Robin)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
(TomTom) C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe
(1&1 Mail & Media GmbH) C:\Users\ilona\AppData\Local\GMX Application {sync-000021}\gmx_mediacenter.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Dropbox, Inc.) C:\Anwendungsdaten\Dropbox\bin\Dropbox.exe
(1und1 Mail und Media GmbH) C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck_Broker.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 5\Integrator.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13774040 2014-12-21] (Realtek Semiconductor)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5618456 2013-09-12] (ESET)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [193568 2014-10-13] (Geek Software GmbH)
HKLM-x32\...\Run: [MailCheck IE Broker] => C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck_Broker.exe [2096192 2014-11-17] (1und1 Mail und Media GmbH)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-18] (AVAST Software)
HKU\S-1-5-21-257635416-103086523-1945266447-1000\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248176 2014-12-19] (TomTom)
HKU\S-1-5-21-257635416-103086523-1945266447-1000\...\Run: [MyDriveConnect.exe] => C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe [1792376 2014-10-03] (TomTom)
HKU\S-1-5-21-257635416-103086523-1945266447-1000\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [37152 2015-01-19] (Glarysoft Ltd)
HKU\S-1-5-21-257635416-103086523-1945266447-1000\...\Run: [GMX Application {sync-000021}] => C:\Users\ilona\AppData\Local\GMX Application {sync-000021}\gmx_mediacenter.exe [777216 2014-12-03] (1&1 Mail & Media GmbH)
HKU\S-1-5-21-257635416-103086523-1945266447-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-257635416-103086523-1945266447-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-257635416-103086523-1945266447-1000\...\MountPoints2: K - K:\AutoRun.exe
HKU\S-1-5-21-257635416-103086523-1945266447-1000\...\MountPoints2: {62cc26a2-afa0-11e1-9348-002268469609} - K:\LaunchU3.exe -a
HKU\S-1-5-21-257635416-103086523-1945266447-1000\...\MountPoints2: {fab7f4b6-83e3-11e1-bb88-002268469609} - J:\pushinst.exe
HKU\S-1-5-21-257635416-103086523-1945266447-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248176 2014-12-19] (TomTom)
HKU\S-1-5-21-257635416-103086523-1945266447-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [MyDriveConnect.exe] => C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe [1792376 2014-10-03] (TomTom)
HKU\S-1-5-21-257635416-103086523-1945266447-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [37152 2015-01-19] (Glarysoft Ltd)
HKU\S-1-5-21-257635416-103086523-1945266447-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GMX Application {sync-000021}] => C:\Users\ilona\AppData\Local\GMX Application {sync-000021}\gmx_mediacenter.exe [777216 2014-12-03] (1&1 Mail & Media GmbH)
HKU\S-1-5-21-257635416-103086523-1945266447-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-257635416-103086523-1945266447-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-257635416-103086523-1945266447-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: K - K:\AutoRun.exe
HKU\S-1-5-21-257635416-103086523-1945266447-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {62cc26a2-afa0-11e1-9348-002268469609} - K:\LaunchU3.exe -a
HKU\S-1-5-21-257635416-103086523-1945266447-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {fab7f4b6-83e3-11e1-bb88-002268469609} - J:\pushinst.exe
HKU\S-1-5-21-257635416-103086523-1945266447-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleChromeAutoLaunch_F4AAF779939494B008FEE98AC5BB7F41] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [856904 2015-01-09] (Google Inc.)
HKU\S-1-5-21-257635416-103086523-1945266447-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {62cc26a2-afa0-11e1-9348-002268469609} - K:\LaunchU3.exe -a
Startup: C:\Users\ilona\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Anwendungsdaten\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ 1&1 Sync Overlay 1] -> {02B2B772-B8A8-4DA4-9B18-42551A54A1A8} => C:\Program Files\Common Files\1&1 Sync\1&1SyncShellExtension64_1_0_0_1_20141210132119457.dll (1&1 Mail & Media GmbH)
ShellIconOverlayIdentifiers: [ 1&1 Sync Overlay 2] -> {0575AB16-E932-4160-8936-4DBE195BDBD7} => C:\Program Files\Common Files\1&1 Sync\1&1SyncShellExtension64_1_0_0_1_20141210132119457.dll (1&1 Mail & Media GmbH)
ShellIconOverlayIdentifiers: [ 1&1 Sync Overlay 3] -> {0E9EF89A-96D3-4DE6-B2F8-E9548AA5321E} => C:\Program Files\Common Files\1&1 Sync\1&1SyncShellExtension64_1_0_0_1_20141210132119457.dll (1&1 Mail & Media GmbH)
ShellIconOverlayIdentifiers: [ 1&1 Sync Overlay 4] -> {1A4AFFE1-B2F9-483D-B627-D9A339DBFD34} => C:\Program Files\Common Files\1&1 Sync\1&1SyncShellExtension64_1_0_0_1_20141210132119457.dll (1&1 Mail & Media GmbH)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers-x32: [ 1&1 Sync Overlay 1] -> {02B2B772-B8A8-4DA4-9B18-42551A54A1A8} => C:\Program Files (x86)\Common Files\1&1 Sync\1&1SyncShellExtension_1_0_0_1_20141210132119457.dll (1&1 Mail & Media GmbH)
ShellIconOverlayIdentifiers-x32: [ 1&1 Sync Overlay 2] -> {0575AB16-E932-4160-8936-4DBE195BDBD7} => C:\Program Files (x86)\Common Files\1&1 Sync\1&1SyncShellExtension_1_0_0_1_20141210132119457.dll (1&1 Mail & Media GmbH)
ShellIconOverlayIdentifiers-x32: [ 1&1 Sync Overlay 3] -> {0E9EF89A-96D3-4DE6-B2F8-E9548AA5321E} => C:\Program Files (x86)\Common Files\1&1 Sync\1&1SyncShellExtension_1_0_0_1_20141210132119457.dll (1&1 Mail & Media GmbH)
ShellIconOverlayIdentifiers-x32: [ 1&1 Sync Overlay 4] -> {1A4AFFE1-B2F9-483D-B627-D9A339DBFD34} => C:\Program Files (x86)\Common Files\1&1 Sync\1&1SyncShellExtension_1_0_0_1_20141210132119457.dll (1&1 Mail & Media GmbH)
BootExecute: autocheck autochk *  
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-257635416-103086523-1945266447-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-257635416-103086523-1945266447-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-257635416-103086523-1945266447-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://go.gmx.net/tab2
HKU\S-1-5-21-257635416-103086523-1945266447-1000\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-257635416-103086523-1945266447-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
HKU\S-1-5-21-257635416-103086523-1945266447-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
HKU\S-1-5-21-257635416-103086523-1945266447-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://go.gmx.net/tab2
HKU\S-1-5-21-257635416-103086523-1945266447-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-257635416-103086523-1945266447-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
HKU\S-1-5-21-257635416-103086523-1945266447-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-257635416-103086523-1945266447-1000 -> {3067951F-5D19-4AF9-AD75-925287A9C0A1} URL = hxxp://go.web.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-257635416-103086523-1945266447-1000 -> {51D91A78-2A7D-492C-96BE-8B0D25F32D60} URL = hxxp://go.mail.com/tb/en-us/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-257635416-103086523-1945266447-1000 -> {582A7B67-A9C2-40A7-B1BD-452E2890DEE8} URL = hxxp://go.gmx.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-257635416-103086523-1945266447-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-257635416-103086523-1945266447-1000 -> {F3FC454A-D68A-453F-B057-6A13F963486E} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-257635416-103086523-1945266447-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {3067951F-5D19-4AF9-AD75-925287A9C0A1} URL = hxxp://go.web.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-257635416-103086523-1945266447-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {51D91A78-2A7D-492C-96BE-8B0D25F32D60} URL = hxxp://go.mail.com/tb/en-us/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-257635416-103086523-1945266447-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {582A7B67-A9C2-40A7-B1BD-452E2890DEE8} URL = hxxp://go.gmx.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-257635416-103086523-1945266447-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-257635416-103086523-1945266447-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {F3FC454A-D68A-453F-B057-6A13F963486E} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexbho.dll (CANON INC.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: GMX MailCheck BHO -> {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} -> C:\Program Files\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: No Name -> {9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F} ->  No File
BHO-x32: GMX MailCheck BHO -> {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} -> C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM - GMX MailCheck - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - GMX MailCheck - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH)
Toolbar: HKU\S-1-5-21-257635416-103086523-1945266447-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-257635416-103086523-1945266447-1000 -> GMX MailCheck - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH)
Toolbar: HKU\S-1-5-21-257635416-103086523-1945266447-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-257635416-103086523-1945266447-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> GMX MailCheck - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH)
Handler: gmx - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH)
Handler-x32: gmx - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_280.dll ()
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_280.dll ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-12-04]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-01-18]

Chrome: 
=======
CHR HomePage: Default -> 
CHR StartupUrls: Default -> "https://www.google.com/calendar/render?hl=de&pli=1&gsessionid=faqnnU3y23E9O6qXF4E2jw"
CHR Profile: C:\Users\ilona\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\ilona\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-21]
CHR Extension: (TV) - C:\Users\ilona\AppData\Local\Google\Chrome\User Data\Default\Extensions\beobeededemalmllhkmnkinmfembdimh [2014-09-21]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\ilona\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-22]
CHR Extension: (YouTube) - C:\Users\ilona\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-21]
CHR Extension: (Google-Suche) - C:\Users\ilona\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-21]
CHR Extension: (Trusted Shops-Erweiterung für Google Chrome) - C:\Users\ilona\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcpnemckonbbmnoakbjgjkgokkbaeo [2014-09-21]
CHR Extension: (Google Science Fair 2012) - C:\Users\ilona\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjibekncdookhijmkplhapjcfnglelcn [2014-09-21]
CHR Extension: (AdBlock) - C:\Users\ilona\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-09-21]
CHR Extension: (Avast Online Security) - C:\Users\ilona\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-01-18]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\ilona\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2014-09-21]
CHR Extension: (TLRemove) - C:\Users\ilona\AppData\Local\Google\Chrome\User Data\Default\Extensions\hneieddeibpcngeljjkdpcajfcgelalk [2014-09-21]
CHR Extension: (Online Radio) - C:\Users\ilona\AppData\Local\Google\Chrome\User Data\Default\Extensions\njjehckjnpdbbgohkdfdkpcopfgjaddg [2014-09-21]
CHR Extension: (Google Wallet) - C:\Users\ilona\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-21]
CHR Extension: (Google Calendar Checker (by Google)) - C:\Users\ilona\AppData\Local\Google\Chrome\User Data\Default\Extensions\ookhcbgokankfmjafalglpofmolfopek [2014-09-21]
CHR Extension: (Google Mail) - C:\Users\ilona\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-21]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-01-18]
CHR HKLM-x32\...\Chrome\Extension: [ocbnpbkmjpgbdcgiflkgkpnkinifpgpj] - C:\Users\ilona\ChromeExtensions\ocbnpbkmjpgbdcgiflkgkpnkinifpgpj\amazon-icon-2.crx [2015-01-03]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-01-18] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2015-01-18] (Avast Software)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1337752 2013-09-12] (ESET)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 eins1400; C:\Windows\system32\rundll32.exe C:\Windows\eins1400.dll,RDServiceStart eins1400 "C:\Windows\TEMP\inx3756.tmp"
S2 SpyHunter 4 Service; No ImagePath

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2015-01-18] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [87912 2015-01-18] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2015-01-18] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2015-01-18] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2015-01-18] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2015-01-18] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2015-01-18] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2015-01-18] ()
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-04] (AVM Berlin)
R3 azvusb; C:\Windows\System32\DRIVERS\azvusb.sys [54784 2009-08-24] (AzureWave Technologies, Inc.)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [239320 2013-09-17] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [168256 2013-09-17] (ESET)
R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [220232 2013-09-17] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [44120 2013-09-17] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [62136 2013-09-17] (ESET)
S3 ESETCleanersDriver; C:\Windows\system32\Drivers\ESETCleanersDriver.sys [170280 2015-01-18] (ESET)
S3 esgiguard; No ImagePath
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2012-06-22] ()
S3 fwlanusb4; C:\Windows\System32\DRIVERS\fwlanusb4.sys [1293824 2010-10-04] (AVM GmbH)
R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20160 2014-10-26] (Glarysoft Ltd)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2014-12-24] (REALiX(tm))
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-22] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
S3 usbUDisc; C:\Windows\System32\DRIVERS\USBDrv_AMD64.sys [17280 2013-10-21] (Scott)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2015-01-18] (Avast Software)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-22 17:38 - 2015-01-22 17:39 - 00027843 _____ () C:\Users\ilona\Downloads\FRST.txt
2015-01-22 17:37 - 2015-01-22 17:38 - 00000000 ____D () C:\FRST
2015-01-22 17:36 - 2015-01-22 17:37 - 02126848 _____ (Farbar) C:\Users\ilona\Downloads\FRST64.exe
2015-01-22 17:13 - 2015-01-22 17:13 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-22 17:13 - 2015-01-22 17:13 - 00001107 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-01-22 17:13 - 2015-01-22 17:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-01-22 17:13 - 2015-01-22 17:13 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-01-22 17:13 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-22 17:13 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-22 17:13 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-22 17:11 - 2015-01-22 17:12 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\ilona\Downloads\mbam-setup-2.0.4.1028 (1).exe
2015-01-22 16:20 - 2015-01-22 16:20 - 14892720 _____ () C:\Users\ilona\Downloads\gup5setup.exe
2015-01-22 13:20 - 2015-01-22 13:21 - 00000197 _____ () C:\Windows\system32\2015-01-22-12-20-39.033-AvastVBoxSVC.exe-3184.log
2015-01-21 10:47 - 2015-01-21 10:47 - 00000197 _____ () C:\Windows\system32\2015-01-21-09-47-17.056-AvastVBoxSVC.exe-3012.log
2015-01-20 17:14 - 2015-01-20 17:14 - 00000197 _____ () C:\Windows\system32\2015-01-20-16-14-16.081-AvastVBoxSVC.exe-3100.log
2015-01-20 17:13 - 2015-01-22 13:20 - 00000168 _____ () C:\Windows\setupact.log
2015-01-20 17:13 - 2015-01-20 17:13 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-20 17:12 - 2015-01-20 17:12 - 00003296 ____N () C:\bootsqm.dat
2015-01-19 11:22 - 2015-01-19 11:22 - 00000197 _____ () C:\Windows\system32\2015-01-19-10-22-27.057-AvastVBoxSVC.exe-3296.log
2015-01-18 16:37 - 2015-01-18 16:38 - 00000000 ____D () C:\Users\ilona\Documents\CCEnhancer-4.2-mulitlingual (1)
2015-01-18 16:35 - 2015-01-18 16:35 - 00199270 _____ () C:\Users\ilona\Downloads\CCEnhancer-4.2-mulitlingual (1).zip
2015-01-18 16:33 - 2015-01-18 16:33 - 00002200 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk
2015-01-18 16:33 - 2015-01-18 16:33 - 00002194 _____ () C:\Users\Public\Desktop\WinZip.lnk
2015-01-18 16:33 - 2015-01-18 16:33 - 00000000 ____D () C:\Users\ilona\AppData\Local\WinZip
2015-01-18 16:33 - 2015-01-18 16:33 - 00000000 ____D () C:\ProgramData\WinZip
2015-01-18 16:33 - 2015-01-18 16:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2015-01-18 16:33 - 2015-01-18 16:33 - 00000000 ____D () C:\Program Files\WinZip
2015-01-18 16:31 - 2015-01-18 16:32 - 62967296 _____ () C:\Users\ilona\Downloads\wz190gev-64.msi
2015-01-18 16:14 - 2015-01-18 16:14 - 00199270 _____ () C:\Users\ilona\Downloads\CCEnhancer-4.2-mulitlingual.zip
2015-01-18 15:56 - 2015-01-18 15:56 - 00000197 _____ () C:\Windows\system32\2015-01-18-14-56-49.088-AvastVBoxSVC.exe-3968.log
2015-01-18 14:05 - 2015-01-18 14:06 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\ilona\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-18 14:01 - 2015-01-18 14:02 - 00000247 _____ () C:\Windows\system32\2015-01-18-13-01-40.033-aswFe.exe-5320.log
2015-01-18 13:56 - 2015-01-18 14:01 - 00000247 _____ () C:\Windows\system32\2015-01-18-12-56-38.040-aswFe.exe-6288.log
2015-01-18 13:56 - 2015-01-18 13:56 - 00000197 _____ () C:\Windows\system32\2015-01-18-12-56-31.065-AvastVBoxSVC.exe-5440.log
2015-01-18 13:50 - 2015-01-18 13:50 - 00003274 _____ () C:\Windows\System32\Tasks\avastBCLRestartS-1-5-21-257635416-103086523-1945266447-1000
2015-01-18 13:47 - 2015-01-18 13:48 - 00000000 ____D () C:\Windows\SysWOW64\vbox
2015-01-18 13:47 - 2015-01-18 13:48 - 00000000 ____D () C:\Windows\system32\vbox
2015-01-18 13:44 - 2015-01-18 13:44 - 00001969 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-01-18 13:44 - 2015-01-18 13:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-01-18 13:43 - 2015-01-19 11:22 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-01-18 13:43 - 2015-01-18 13:44 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2015-01-18 13:43 - 2015-01-18 13:44 - 00087912 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2015-01-18 13:43 - 2015-01-18 13:43 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-01-18 13:43 - 2015-01-18 13:43 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-01-18 13:43 - 2015-01-18 13:43 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-01-18 13:43 - 2015-01-18 13:43 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-01-18 13:43 - 2015-01-18 13:43 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-01-18 13:43 - 2015-01-18 13:43 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-01-18 13:43 - 2015-01-18 13:43 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-01-18 13:42 - 2015-01-18 13:42 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-01-18 13:41 - 2015-01-18 13:41 - 00000000 ____D () C:\Program Files\AVAST Software
2015-01-18 13:40 - 2015-01-18 13:41 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-01-18 13:37 - 2015-01-18 13:40 - 132469808 _____ (AVAST Software) C:\Users\ilona\Downloads\avast_free_antivirus_setup.exe
2015-01-18 11:40 - 2015-01-18 11:40 - 00671432 _____ (ESET) C:\Users\ilona\Desktop\ESETUninstaller (1).exe
2015-01-18 11:35 - 2015-01-18 12:26 - 00004926 _____ () C:\Users\ilona\Downloads\~ESETUninstaller.log
2015-01-18 11:21 - 2015-01-18 16:36 - 00000000 ____D () C:\Program Files\CCleaner
2015-01-18 11:21 - 2015-01-18 11:21 - 00002772 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-01-18 11:21 - 2015-01-18 11:21 - 00000827 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-01-18 11:21 - 2015-01-18 11:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-01-18 10:59 - 2015-01-18 10:59 - 00001232 _____ () C:\Users\Public\Desktop\Wise Registry Cleaner.lnk
2015-01-18 10:59 - 2015-01-18 10:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Registry Cleaner
2015-01-18 10:59 - 2015-01-18 10:59 - 00000000 ____D () C:\Program Files (x86)\Wise
2015-01-18 10:56 - 2015-01-18 10:56 - 02138744 _____ (WiseCleaner.com ) C:\Users\ilona\Downloads\WRCFree_CB-DL-Manager [1].exe
2015-01-18 10:56 - 2015-01-18 10:56 - 00823792 _____ ( ) C:\Users\ilona\Downloads\WRCFree_CB-DL-Manager.exe
2015-01-18 10:37 - 2015-01-18 10:37 - 03894696 _____ (solvusoft Corporation ) C:\Users\ilona\Downloads\Ekrn.exe-Reparaturprogramm-WinThruster.exe
2015-01-18 10:33 - 2012-10-15 17:02 - 00019888 _____ (solvusoft) C:\Windows\system32\roboot64.exe
2015-01-18 10:19 - 2015-01-18 10:19 - 00070936 _____ () C:\Users\tyltsebbx\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-18 10:18 - 2015-01-18 10:18 - 00001426 _____ () C:\Users\tyltsebbx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-18 10:17 - 2015-01-18 10:17 - 00000020 ___SH () C:\Users\tyltsebbx\ntuser.ini
2015-01-18 10:17 - 2015-01-18 10:17 - 00000000 _SHDL () C:\Users\tyltsebbx\Vorlagen
2015-01-18 10:17 - 2015-01-18 10:17 - 00000000 _SHDL () C:\Users\tyltsebbx\Startmenü
2015-01-18 10:17 - 2015-01-18 10:17 - 00000000 _SHDL () C:\Users\tyltsebbx\Netzwerkumgebung
2015-01-18 10:17 - 2015-01-18 10:17 - 00000000 _SHDL () C:\Users\tyltsebbx\Lokale Einstellungen
2015-01-18 10:17 - 2015-01-18 10:17 - 00000000 _SHDL () C:\Users\tyltsebbx\Eigene Dateien
2015-01-18 10:17 - 2015-01-18 10:17 - 00000000 _SHDL () C:\Users\tyltsebbx\Druckumgebung
2015-01-18 10:17 - 2015-01-18 10:17 - 00000000 _SHDL () C:\Users\tyltsebbx\Documents\Eigene Musik
2015-01-18 10:17 - 2015-01-18 10:17 - 00000000 _SHDL () C:\Users\tyltsebbx\Documents\Eigene Bilder
2015-01-18 10:17 - 2015-01-18 10:17 - 00000000 _SHDL () C:\Users\tyltsebbx\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-01-18 10:17 - 2015-01-18 10:17 - 00000000 _SHDL () C:\Users\tyltsebbx\AppData\Local\Verlauf
2015-01-18 10:17 - 2015-01-18 10:17 - 00000000 _SHDL () C:\Users\tyltsebbx\AppData\Local\Anwendungsdaten
2015-01-18 10:17 - 2015-01-18 10:17 - 00000000 _SHDL () C:\Users\tyltsebbx\Anwendungsdaten
2015-01-18 10:16 - 2015-01-18 10:18 - 00000000 ____D () C:\Users\tyltsebbx
2015-01-18 10:16 - 2012-11-08 13:34 - 00002125 _____ () C:\Users\tyltsebbx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
2015-01-18 10:16 - 2009-07-14 05:54 - 00000000 ___RD () C:\Users\tyltsebbx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-18 10:16 - 2009-07-14 05:49 - 00000000 ___RD () C:\Users\tyltsebbx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-01-18 09:26 - 2015-01-18 12:42 - 00170280 _____ (ESET) C:\Windows\system32\Drivers\ESETCleanersDriver.sys
2015-01-14 16:01 - 2014-10-10 12:58 - 06821496 _____ (TomTom International B.V.) C:\Users\ilona\Downloads\InstallMyDriveConnect_3_3_0_1812.exe
2015-01-09 16:19 - 2015-01-09 16:20 - 14878624 _____ () C:\Users\ilona\Downloads\gup5setup (1).exe
2015-01-04 16:14 - 2015-01-04 16:14 - 00000000 ____D () C:\Users\ilona\Downloads\Christine und Familie
2015-01-04 14:15 - 2015-01-22 16:26 - 00000000 ____D () C:\Users\ilona\Andy
2015-01-04 14:15 - 2015-01-04 15:08 - 00039575 _____ () C:\Users\ilona\Andy.log
2015-01-04 14:14 - 2015-01-04 14:14 - 00000000 ____D () C:\Program Files\Oracle
2015-01-03 19:34 - 2014-10-11 13:29 - 00917112 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys
2015-01-03 19:34 - 2014-10-11 13:27 - 00129168 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys
2015-01-03 19:31 - 2015-01-03 19:31 - 00528520 _____ (andyroid.net) C:\Users\ilona\Downloads\Andy_v41_20 (4).exe
2015-01-03 18:53 - 2015-01-22 16:26 - 00000000 ____D () C:\Users\ilona\AppData\Local\Tempd1c57d15a3e0bec35f4ba5710166089b_
2015-01-03 18:53 - 2015-01-03 18:53 - 00000000 ____D () C:\Users\ilona\ChromeExtensions
2015-01-03 18:53 - 2015-01-03 18:53 - 00000000 ____D () C:\Users\ilona\AppData\Local\Temp7545a787ba9987ddd03f06f4974235ad
2015-01-03 18:38 - 2015-01-22 16:26 - 00000000 ____D () C:\Users\ilona\AppData\Local\Deutsche Telekom AG
2015-01-03 18:38 - 2015-01-03 18:38 - 00000000 ____D () C:\ProgramData\Telekom-Browser 7
2015-01-03 17:58 - 2015-01-22 16:26 - 00000000 ____D () C:\Users\ilona\AppData\Local\Tempd1c57d15a3e0bec35f4ba5710166089b
2015-01-03 17:58 - 2015-01-03 18:53 - 00000185 _____ () C:\Users\ilona\Desktop\Amazon.de.url
2015-01-03 16:44 - 2015-01-04 14:24 - 00000000 ____D () C:\Users\ilona\.VirtualBox
2015-01-03 16:44 - 2015-01-04 14:15 - 00000000 ____D () C:\Users\ilona\VirtualBox VMs
2015-01-03 16:44 - 2015-01-03 16:44 - 00000000 ____D () C:\Users\ilona\.android
2015-01-03 15:41 - 2015-01-10 01:12 - 00000000 ____D () C:\Program Files\Andy
2015-01-02 18:37 - 2014-12-13 06:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-01-02 18:37 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-01-02 11:25 - 2015-01-19 17:24 - 00000414 _____ () C:\Windows\Tasks\GlaryOneClickOptimizer 5.job
2015-01-02 11:25 - 2015-01-02 11:25 - 00003214 _____ () C:\Windows\System32\Tasks\GlaryOneClickOptimizer 5
2014-12-25 10:48 - 2014-12-25 10:48 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2014-12-25 10:42 - 2014-12-25 10:42 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-24 14:56 - 2014-10-18 03:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-24 14:56 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-24 09:46 - 2014-12-04 03:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-24 09:46 - 2014-12-04 03:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-24 09:46 - 2014-12-04 03:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-24 09:46 - 2014-12-04 03:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-24 09:46 - 2014-12-04 03:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-24 09:46 - 2014-12-04 03:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-24 09:46 - 2014-12-04 03:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-24 09:46 - 2014-12-02 00:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-24 09:46 - 2014-11-27 02:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-24 09:46 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-24 09:46 - 2014-11-22 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-24 09:46 - 2014-11-22 04:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-24 09:46 - 2014-11-22 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-24 09:46 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-24 09:46 - 2014-11-22 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-24 09:46 - 2014-11-22 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-24 09:46 - 2014-11-22 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-24 09:46 - 2014-11-22 03:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-24 09:46 - 2014-11-22 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-24 09:46 - 2014-11-22 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-24 09:46 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-24 09:46 - 2014-11-22 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-24 09:46 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-24 09:46 - 2014-11-22 03:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-24 09:46 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-24 09:46 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-24 09:46 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-24 09:46 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-24 09:46 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-24 09:46 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-24 09:46 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-24 09:46 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-24 09:46 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-24 09:46 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-24 09:46 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-24 09:46 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-24 09:46 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-24 09:46 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-24 09:46 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-24 09:46 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-24 09:46 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-24 09:46 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-24 09:46 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-24 09:46 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-24 09:46 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-24 09:46 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-24 09:46 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-24 09:46 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-24 09:46 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-24 09:46 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-24 09:46 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-24 09:46 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-24 09:46 - 2014-11-11 04:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-24 09:46 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-24 09:46 - 2014-11-11 02:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-24 09:45 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-24 09:45 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-24 09:45 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-24 09:45 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-24 09:45 - 2014-11-22 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-24 09:45 - 2014-11-22 03:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-24 09:45 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-24 09:45 - 2014-11-22 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-24 09:45 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-24 09:45 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-24 09:44 - 2014-11-08 04:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-24 09:44 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-24 09:44 - 2014-10-30 03:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-24 09:44 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-24 09:44 - 2014-10-03 03:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-24 09:44 - 2014-10-03 03:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-24 09:44 - 2014-10-03 03:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-24 09:44 - 2014-10-03 03:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-24 09:44 - 2014-10-03 03:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-24 09:44 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-24 09:44 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-24 09:44 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-24 09:44 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-24 09:44 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2014-12-24 09:37 - 2014-12-24 09:37 - 00002886 _____ () C:\Windows\System32\Tasks\Uninstaller_SkipUac_ilona
2014-12-24 09:36 - 2014-12-24 09:36 - 00026528 _____ (REALiX(tm)) C:\Windows\SysWOW64\Drivers\HWiNFO64A.SYS

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-22 17:32 - 2012-09-24 11:27 - 00003930 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{0079480B-B15A-4DB3-BE5C-0F92C60D3596}
2015-01-22 17:20 - 2013-11-24 09:38 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-22 16:41 - 2014-09-21 16:24 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-22 16:26 - 2014-12-12 15:45 - 00000000 ____D () C:\Users\ilona\AppData\Local\Apps\2.0
2015-01-22 16:26 - 2014-12-10 13:21 - 00000000 ____D () C:\Users\ilona\GMX MediaCenter
2015-01-22 16:26 - 2014-12-10 13:21 - 00000000 ____D () C:\Users\ilona\AppData\Local\GMX Application {sync-000021}
2015-01-22 16:26 - 2014-08-08 15:01 - 00000000 ____D () C:\ProgramData\BlueStacksSetup
2015-01-22 16:26 - 2014-07-12 12:56 - 00000000 ____D () C:\Users\ilona\.gimp-2.8
2015-01-22 16:26 - 2013-11-20 22:59 - 00000000 ___RD () C:\Users\ilona\Dropbox
2015-01-22 16:26 - 2013-06-19 10:01 - 00000000 ____D () C:\ProgramData\IObit
2015-01-22 16:26 - 2013-06-19 10:00 - 00000000 ____D () C:\Program Files (x86)\IObit
2015-01-22 16:26 - 2013-04-17 07:16 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-22 16:26 - 2013-01-01 13:28 - 00000000 ____D () C:\Anwendungsdaten
2015-01-22 16:26 - 2012-10-26 15:46 - 00000000 ____D () C:\Program Files (x86)\Opera
2015-01-22 16:26 - 2012-09-02 22:10 - 00000000 ____D () C:\Program Files (x86)\SRWare Iron
2015-01-22 16:26 - 2012-08-08 16:13 - 00000000 ____D () C:\Program Files (x86)\Canon
2015-01-22 16:26 - 2012-07-08 08:05 - 00000000 ____D () C:\Users\ilona\Documents\My Digital Editions
2015-01-22 16:26 - 2012-05-10 15:38 - 00000000 ____D () C:\Program Files (x86)\DivX
2015-01-22 16:26 - 2012-04-18 15:48 - 00000000 ____D () C:\Program Files (x86)\Garmin
2015-01-22 16:26 - 2012-04-14 18:13 - 00000000 ____D () C:\Users\ilona\AppData\Local\Mozilla
2015-01-22 16:26 - 2012-04-12 11:23 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-01-22 16:26 - 2012-04-12 00:46 - 00000000 ____D () C:\Hotfix
2015-01-22 16:26 - 2012-04-12 00:31 - 00000000 ____D () C:\Windows.old
2015-01-22 16:26 - 2012-04-11 19:05 - 00000000 ____D () C:\Users\ilona\AppData\Local\Google
2015-01-22 16:26 - 2012-04-11 15:41 - 00000000 ____D () C:\Users\ilona
2015-01-22 16:26 - 2012-02-20 16:09 - 00000000 ____D () C:\Users\ilona\Documents\Eigene PaperPort-Dokumente
2015-01-22 16:26 - 2012-01-25 17:42 - 00000000 ____D () C:\Users\ilona\.gimp-2.6
2015-01-22 16:26 - 2011-08-31 15:32 - 00000000 ____D () C:\Adipositas
2015-01-22 16:26 - 2011-08-31 15:21 - 00000000 ____D () C:\Eigene Musik
2015-01-22 16:26 - 2011-06-18 15:46 - 00000000 ____D () C:\Users\ilona\Documents\ChessBase
2015-01-22 16:26 - 2010-09-09 03:35 - 00000000 ___HD () C:\OEM
2015-01-22 16:26 - 2010-02-08 11:18 - 00000000 ____D () C:\Users\ilona\Documents\iMacros
2015-01-22 16:26 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2015-01-22 16:26 - 2008-12-02 11:55 - 00000000 ____D () C:\ACER
2015-01-22 16:26 - 2008-02-06 09:38 - 00000000 ____D () C:\Users\ilona\.gimp-2.4
2015-01-22 16:21 - 2014-09-05 08:01 - 00002972 _____ () C:\Windows\System32\Tasks\GU5SkipUAC
2015-01-22 16:21 - 2014-09-05 08:01 - 00002630 _____ () C:\Windows\System32\Tasks\GlaryInitialize 5
2015-01-22 16:21 - 2014-09-05 08:01 - 00001097 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
2015-01-22 16:21 - 2014-09-05 08:01 - 00001085 _____ () C:\Users\Public\Desktop\Glary Utilities 5.lnk
2015-01-22 16:21 - 2014-09-05 08:01 - 00000334 _____ () C:\Windows\Tasks\GlaryInitialize 5.job
2015-01-22 16:21 - 2014-09-05 08:01 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities 5
2015-01-22 14:41 - 2014-09-21 16:24 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-22 13:29 - 2009-07-14 05:45 - 00032336 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-22 13:29 - 2009-07-14 05:45 - 00032336 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-22 13:20 - 2012-08-02 16:25 - 00000374 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2015-01-22 13:20 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-20 19:31 - 2008-02-22 16:41 - 00029184 _____ () C:\Users\ilona\Desktop\Haushalt Horvat.xls
2015-01-19 11:32 - 2014-11-03 18:32 - 00000000 ____D () C:\Program Files (x86)\PDFCreator
2015-01-19 11:20 - 2009-07-14 05:45 - 00317424 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-18 16:21 - 2012-04-11 16:24 - 00070936 _____ () C:\Users\ilona\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-18 16:12 - 2013-04-17 10:54 - 00595968 ___SH () C:\Users\ilona\Desktop\Thumbs.db
2015-01-18 15:53 - 2010-11-21 08:16 - 00000000 ____D () C:\Windows\ShellNew
2015-01-18 14:06 - 2013-11-24 18:13 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-18 13:50 - 2014-06-26 12:03 - 00001396 _____ () C:\Users\ilona\Desktop\Internet Explorer.lnk
2015-01-18 10:58 - 2013-06-19 10:41 - 00000000 ____D () C:\ProgramData\Ashampoo
2015-01-17 17:33 - 2012-08-08 16:21 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2015-01-16 13:42 - 2014-09-21 16:25 - 00002180 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-14 16:20 - 2014-11-26 09:20 - 18127536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-01-14 16:20 - 2013-11-24 09:38 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-14 16:20 - 2013-11-24 09:38 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-14 16:20 - 2013-11-24 09:38 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-14 16:01 - 2014-06-17 18:31 - 00000000 ____D () C:\Program Files (x86)\MyDrive Connect
2015-01-14 15:01 - 2014-06-17 11:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TomTom
2015-01-14 15:01 - 2014-06-17 11:38 - 00000000 ____D () C:\Program Files (x86)\TomTom HOME 2
2015-01-14 14:57 - 2013-06-29 08:46 - 00000000 ____D () C:\Users\ilona\AppData\Local\Downloaded Installations
2015-01-10 01:12 - 2014-09-05 08:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5
2015-01-10 01:12 - 2013-11-28 09:58 - 00000000 ____D () C:\Users\Robin
2015-01-10 01:12 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2015-01-08 09:55 - 2010-11-21 04:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-03 19:26 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Public\Libraries
2015-01-03 17:24 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2015-01-02 19:40 - 2014-12-12 15:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GMX MailCheck
2015-01-02 19:40 - 2014-11-03 18:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
2015-01-02 19:40 - 2014-11-03 18:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2015-01-02 19:40 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat
2015-01-02 18:32 - 2013-11-23 20:00 - 00000000 ____D () C:\ProgramData\ProductData
2015-01-02 18:07 - 2014-03-26 09:26 - 00002854 _____ () C:\Windows\System32\Tasks\Driver Booster SkipUAC (ilona)
2014-12-25 10:42 - 2014-05-06 19:51 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-25 10:42 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-24 15:03 - 2013-08-14 20:31 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-24 14:57 - 2012-04-11 16:32 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Files in the root of some directories =======
2014-06-19 07:56 - 2014-06-19 07:56 - 0000024 _____ () C:\Anwendungsdaten\temp.ini
2013-07-31 13:46 - 2013-09-10 07:46 - 0000093 _____ () C:\Anwendungsdaten\WB.CFG
2013-07-31 13:46 - 2013-07-31 13:46 - 0000005 _____ () C:\Anwendungsdaten\WBPU-TTL.DAT
2014-07-12 12:59 - 2014-07-12 12:59 - 0000900 _____ () C:\Users\ilona\AppData\Local\recently-used.xbel
2012-07-12 08:01 - 2012-07-12 08:01 - 0000003 _____ () C:\Users\ilona\AppData\Local\updater.log
2012-07-12 08:01 - 2014-06-03 17:41 - 0000669 _____ () C:\Users\ilona\AppData\Local\UserProducts.xml
2013-12-11 10:41 - 2013-12-11 10:41 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2013-05-12 09:09 - 2013-05-12 17:52 - 0000285 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc

Files to move or delete:
====================
C:\Users\ilona\Schlecker_Fotoservice.exe


Some content of TEMP:
====================
C:\Users\ilona\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp9vlipe.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-18 08:29

==================== End Of Log ============================
         
--- --- ---

--- --- ---


[COAdditional scan result of Farbar Recovery Scan Tool (x64) Version: 19-01-2015
Ran by ilona at 2015-01-22 17:39:56
Running from C:\Users\ilona\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET Smart Security 7.0 (Disabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
AS: ESET Smart Security 7.0 (Disabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET Personal Firewall (Disabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.280 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Andy OS (HKLM-x32\...\Andy OS) (Version: 0.41 - Andy OS, Inc)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Box Sync (x32 Version: 4.0.5116.0 - Box Inc.) Hidden
calibre 64bit (HKLM\...\{C30715AA-E41F-4B8E-BA9E-4C455FB22DD4}) (Version: 2.4.0 - Kovid Goyal)
CameraHelperMsi (x32 Version: 13.31.1038.0 - Logitech) Hidden
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.4.1.0 - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: - )
Canon MP Navigator EX 5.1 (HKLM-x32\...\MP Navigator EX 5.1) (Version: - )
Canon MX510 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX510_series) (Version: - )
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 2.1.0 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 2.1.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: - )
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Deutsche Post E-Porto (HKLM-x32\...\{98595F74-7670-4CC6-810F-57AFA47222B0}) (Version: 2.3.0 - Deutsche Post AG)
Dropbox (HKU\S-1-5-21-257635416-103086523-1945266447-1000\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Glary Utilities PRO 5.17 (HKLM-x32\...\Glary Utilities 5) (Version: 5.17.0.30 - Glarysoft Ltd)
GMX Desktop Icons (HKLM-x32\...\1&1 Mail & Media GmbH 1und1DesktopIconsInstaller) (Version: 3.0.5.0 - 1&1 Mail & Media GmbH)
GMX MailCheck für Internet Explorer (HKLM-x32\...\1&1 Mail & Media GmbH Toolbar IE8) (Version: 2.6.0.4 - 1&1 Mail & Media GmbH)
GMX MediaCenter 1.9.3733.0 (HKU\S-1-5-21-257635416-103086523-1945266447-1000\...\GMX Application {sync-000021}) (Version: 1.9.3733.0 - 1&1 Mail & Media GmbH)
GMX Softwareaktualisierung (HKLM-x32\...\1&1 Mail & Media GmbH 1und1Softwareaktualisierung) (Version: 3.0.1.0 - 1&1 Mail & Media GmbH)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.99 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 18.7 - Intel)
Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Logitech Vid HD (HKLM-x32\...\Logitech Vid) (Version: 7.2 (7248) - Logitech Inc..)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.0 - Logitech Inc.)
LWS VideoEffects (Version: 13.30.1379.0 - Logitech) Hidden
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2003 Primary Interop Assemblies (HKLM-x32\...\{91490409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.6553.0 - Microsoft Corporation)
Microsoft Office Basic Edition 2003 (HKLM-x32\...\{91130407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0407-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-257635416-103086523-1945266447-1000\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MyDriveConnect 3.3.0.1812 (HKLM-x32\...\MyDriveConnect) (Version: 3.3.0.1812 - TomTom)
NVIDIA PhysX (HKLM-x32\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation)
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
Opera Stable 26.0.1656.60 (HKLM-x32\...\Opera 26.0.1656.60) (Version: 26.0.1656.60 - Opera Software ASA)
PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDF24 Creator 6.8.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge)
Qtrax Player (HKLM-x32\...\{7369E9D9-B12E-4C2D-A4EA-A9D7F3B6B9DF}) (Version: 01.001.0001 - Qtrax)
Qtrax Player (HKU\S-1-5-21-257635416-103086523-1945266447-1000\...\844419445.portal.qtrax.com) (Version: - portal.qtrax.com)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7373 - Realtek Semiconductor Corp.)
Samsung Story Album Viewer (HKLM-x32\...\InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}) (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.)
Samsung Story Album Viewer (x32 Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.27.0 - SAMSUNG Electronics Co., Ltd.)
SKIP-BO Castaway Caper (HKLM-x32\...\SKIP-BO Castaway Caper) (Version: 1.00 - phenomedia publishing gmbh)
SRWare Iron Version SRWare Iron 21.0.1200.0 (HKLM-x32\...\{C59CF2CE-B302-4833-AA35-E0E07D8EBC52}_is1) (Version: SRWare Iron 21.0.1200.0 - SRWare)
TomTom HOME (HKLM-x32\...\{7A2BB1C8-903D-4585-9F3B-CADD67D07D37}) (Version: 2.9.8 - Ihr Firmenname)
TomTom HOME (HKLM-x32\...\{BB05590A-6602-43F3-A400-77EA0976BC0A}) (Version: 2.9.8 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
TuneUp Utilities Language Pack (de-DE) (x32 Version: 12.0.3600.73 - TuneUp Software) Hidden
TVCenter (HKLM\...\{18F703C3-32EC-4E5C-BC3C-C1BD72D35F5B}) (Version: 6.4.1.858 - PCTV Systems)
Universal Adb Driver (HKLM-x32\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinZip 19.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E5}) (Version: 19.0.11293 - WinZip Computing, S.L. )
Wise Registry Cleaner 8.31 (HKLM-x32\...\Wise Registry Cleaner_is1) (Version: 8.31 - WiseCleaner.com, Inc.)
WISO Steuer-Sparbuch 2013 (HKLM-x32\...\{D6CC2FAF-F827-4091-96A1-D32CC9B69C79}) (Version: 20.00.8137 - Buhl Data Service GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-257635416-103086523-1945266447-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Anwendungsdaten\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-257635416-103086523-1945266447-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\ilona\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-257635416-103086523-1945266447-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\ilona\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-257635416-103086523-1945266447-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\ilona\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-257635416-103086523-1945266447-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\ilona\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-257635416-103086523-1945266447-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\ilona\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-257635416-103086523-1945266447-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Anwendungsdaten\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-257635416-103086523-1945266447-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Anwendungsdaten\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-257635416-103086523-1945266447-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Anwendungsdaten\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-257635416-103086523-1945266447-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Anwendungsdaten\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-257635416-103086523-1945266447-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Anwendungsdaten\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-257635416-103086523-1945266447-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Anwendungsdaten\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-257635416-103086523-1945266447-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Anwendungsdaten\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-257635416-103086523-1945266447-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Anwendungsdaten\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points =========================

09-09-2014 17:25:22 Windows Update
10-09-2014 17:11:36 Windows Update
16-09-2014 08:37:28 Windows Update
19-09-2014 08:43:54 Windows Update
19-09-2014 09:42:43 Driver Booster : NVIDIA GeForce GTS 250
21-09-2014 16:18:51 Removed Java 8 Update 11 (64-bit)
21-09-2014 16:22:52 Removed Samsung Kies
23-09-2014 17:07:11 Windows Update
24-09-2014 18:21:59 Windows Update
30-09-2014 06:32:50 Installed calibre 64bit
01-10-2014 06:41:12 Windows Update
01-10-2014 15:52:04 Windows Update
08-10-2014 06:50:53 Windows Update
15-10-2014 08:28:36 Windows Update
15-10-2014 12:02:30 Windows Update
21-10-2014 14:06:47 Windows Update
26-10-2014 11:33:19 Driver Booster : Adobe Flash Player ActiveX
28-10-2014 13:16:15 Windows Update
29-10-2014 09:04:39 Removed Skype Click to Call
02-11-2014 09:51:30 WinZip 18.5 wird entfernt
02-11-2014 09:53:08 Installed WinZip 19.0
04-11-2014 15:42:27 Windows Update
11-11-2014 17:36:25 Windows Update
13-11-2014 20:09:36 Windows Update
18-11-2014 08:50:14 Windows Update
19-11-2014 19:56:43 Windows Update
21-11-2014 19:27:38 Installed Samsung Kies3
21-11-2014 19:35:38 Windows Update
26-11-2014 08:23:38 Windows Update
01-12-2014 22:09:56 Removed WinZip 19.0
01-12-2014 22:14:16 Removed WinZip 19.0
02-12-2014 13:44:30 Windows Update
08-12-2014 16:10:09 Removed WinZip 19.0
08-12-2014 16:10:59 Removed WinZip 19.0
08-12-2014 16:13:40 WinZip 19.0 wird installiert
09-12-2014 10:29:08 Windows Update
10-12-2014 10:44:29 ESET Smart Security wurde installiert
14-12-2014 09:01:42 Driver Booster : Adobe Flash Player ActiveX
21-12-2014 11:56:38 Driver Booster : Realtek High Definition Audio
24-12-2014 09:44:09 Driver Booster : Generic Bluetooth Adapter
24-12-2014 09:46:43 Windows Update
24-12-2014 14:54:14 Windows Update
25-12-2014 19:54:01 Windows Update
02-01-2015 18:38:07 Windows Update
02-01-2015 22:08:26 Windows Update
03-01-2015 15:30:07 Removed BlueStacks Notification Center
03-01-2015 15:50:11 Installed Oracle VM VirtualBox 4.3.18
03-01-2015 17:49:42 Installed Oracle VM VirtualBox 4.3.20
03-01-2015 17:59:48 Removed Oracle VM VirtualBox 4.3.20
03-01-2015 18:01:48 Installed Oracle VM VirtualBox 4.3.18
03-01-2015 18:54:38 Removed Oracle VM VirtualBox 4.3.18
03-01-2015 18:56:04 Installed Oracle VM VirtualBox 4.3.18
03-01-2015 19:06:32 Installed Oracle VM VirtualBox 4.3.18
03-01-2015 19:21:53 Removed BlueStacks Notification Center
03-01-2015 19:32:40 Removed Oracle VM VirtualBox 4.3.18
03-01-2015 19:33:38 Installed Oracle VM VirtualBox 4.3.18
04-01-2015 14:08:09 Removed Oracle VM VirtualBox 4.3.18
04-01-2015 14:13:52 Installed Oracle VM VirtualBox 4.3.18
14-01-2015 14:59:05 Installed TomTom HOME.
18-01-2015 10:35:50 WinThruster So, Jan 18, 15 10:35
18-01-2015 10:37:05 Windows Update
18-01-2015 13:41:10 avast! antivirus system restore point
18-01-2015 16:15:43 WinZip 19.0 wird entfernt
18-01-2015 16:32:38 WinZip 19.0 wird installiert

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2012-04-23 06:33 - 00000895 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.google-analytics.com
127.0.0.1 google-analytics.com


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {073825D9-67B2-49A8-B5DB-3911D3C81523} - System32\Tasks\Driver Booster SkipUAC (ilona) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
Task: {07F9EB4A-8304-4CC6-B63E-ACE0A1F486C2} - System32\Tasks\{500A5504-4F0E-43E8-A0BD-A5ED9AE4E2ED} => C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
Task: {161CA60F-64F7-490D-91EF-9BB81311457E} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files (x86)\IObit\Game Booster 3\AutoUpdate.exe
Task: {1C45F5F4-A165-496C-BB7E-014747414A48} - System32\Tasks\Google Updater and Installer => C:\Users\ilona\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {1E7D357E-2290-4B63-8C0F-2C62683B9A8B} - System32\Tasks\TVCenter.exe => C:\Program Files (x86)\PCTV Systems\TVCenter\TVCenter.exe [2011-02-24] (PCTV Systems S.à r.l.)
Task: {22167725-1FAB-4B45-A790-F22BB72641C9} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {23C34B1D-2C75-46B4-A286-F5174ADECF67} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-01-18] (AVAST Software)
Task: {317CDCD4-5EE7-4505-BCD0-366A00415B0E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-21] (Google Inc.)
Task: {342854F4-6C21-45C3-ABAC-C36E2E72814D} - System32\Tasks\GlaryInitialize 5 => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe [2015-01-19] (Glarysoft Ltd)
Task: {392C726B-95D4-4DD1-8ABE-D9C8A7A7098F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-14] (Adobe Systems Incorporated)
Task: {4E2C0EEC-B146-41DC-A5EB-04F65CD01A82} - System32\Tasks\Registration 1und1 Task => C:\Program Files (x86)\1und1Softwareaktualisierung\cdsupdclient.exe [2014-03-31] (1&1 Mail & Media GmbH)
Task: {574ED517-8CE3-4021-8B49-B2CFCE39AD18} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-21] (Google Inc.)
Task: {5D0C959B-9C64-48F6-920F-729CECD90F18} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {6A6F0DC4-5962-434E-8E39-23EB617DF8F8} - System32\Tasks\GlaryOneClickOptimizer 5 => C:\Program Files (x86)\Glary Utilities 5\OneClickMaintenance.exe [2015-01-19] (Glarysoft Ltd)
Task: {8E02A41C-46BE-4BF2-A7FD-110F6EB929D2} - System32\Tasks\Opera scheduled Autoupdate 1413193602 => C:\Program Files (x86)\Opera\launcher.exe [2014-12-17] (Opera Software)
Task: {B3D241EC-26DE-4E0F-AA66-64EC7FC9AC29} - System32\Tasks\avastBCLRestartS-1-5-21-257635416-103086523-1945266447-1000 => Chrome.exe
Task: {C08D0DDE-241D-4522-96EB-61ADD7705090} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe
Task: {C0CC234A-B42A-45A9-9313-844E5566D69A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {C3C94F84-BF7A-49E5-852B-CFE574131B2F} - System32\Tasks\{1E074869-FEA6-4CC5-9BE0-B07C1DA3E6D4} => pcalua.exe -a E:\SETUP.EXE -d E:\ -c /AUTORUN
Task: {CB74ABF9-523A-46D7-B1AF-D3F896752812} - System32\Tasks\Divx-Online-Aktualisierungsprogramm => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
Task: {CC465444-C577-4D87-B545-678B7C2FD533} - System32\Tasks\{95289622-B171-458C-B981-631F81CA02E4} => pcalua.exe -a E:\setup.exe -d E:\
Task: {CF1A7E7E-D13A-4E57-9BA2-1D32223BB48E} - System32\Tasks\Uninstaller_SkipUac_ilona => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
Task: {D6E4F364-CBDF-4B1C-B579-63500A173A88} - System32\Tasks\GU5SkipUAC => C:\Program Files (x86)\Glary Utilities 5\Integrator.exe [2015-01-19] (Glarysoft Ltd)
Task: {D8945623-C432-49FC-B718-53C638D55D7E} - System32\Tasks\{D1EFD1E2-C05A-45B6-943E-ED2EE0BEBF48} => Firefox.exe
Task: {F282033E-B67C-4EA1-B034-3C096F2A1CD3} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-10-07] (Oracle Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GlaryInitialize 5.job => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe
Task: C:\Windows\Tasks\GlaryOneClickOptimizer 5.job => C:\Program Files (x86)\Glary Utilities 5\OneClickMaintenance.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-06-29 19:01 - 2014-07-02 19:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-08-02 21:20 - 2006-02-23 10:35 - 00020480 _____ () C:\Windows\System32\FritzColorPort64.dll
2012-08-02 21:20 - 2006-02-22 10:39 - 00020480 _____ () C:\Windows\System32\FritzPort64.dll
2015-01-18 13:42 - 2015-01-18 13:42 - 00388208 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll
2015-01-18 13:42 - 2015-01-18 13:42 - 05851328 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll
2014-12-10 13:21 - 2014-12-03 10:59 - 00104448 _____ () C:\Users\ilona\AppData\Local\GMX Application {sync-000021}\ConfigWizard.dll
2014-12-10 13:21 - 2014-12-03 10:59 - 00051200 _____ () C:\Users\ilona\AppData\Local\GMX Application {sync-000021}\CoreBranding.dll
2014-12-12 23:24 - 2014-12-12 23:24 - 00047104 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2015-01-20 21:18 - 2015-01-20 21:18 - 02911744 _____ () C:\Program Files\AVAST Software\Avast\defs\15012001\algo.dll
2015-01-18 13:42 - 2015-01-18 13:42 - 04495336 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\x86\VBoxRT-x86.dll
2015-01-22 13:20 - 2015-01-22 13:20 - 02913280 _____ () C:\Program Files\AVAST Software\Avast\defs\15012201\algo.dll
2014-10-03 13:04 - 2014-10-03 13:04 - 00026488 _____ () C:\Program Files (x86)\MyDrive Connect\DeviceDetection.dll
2014-10-03 13:04 - 2014-10-03 13:04 - 00087416 _____ () C:\Program Files (x86)\MyDrive Connect\TomTomSupporterBase.dll
2014-10-03 13:04 - 2014-10-03 13:04 - 00398712 _____ () C:\Program Files (x86)\MyDrive Connect\TomTomSupporterProxy.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00750080 _____ () C:\Anwendungsdaten\Dropbox\bin\libGLESv2.dll
2015-01-22 13:22 - 2015-01-22 13:22 - 00043008 _____ () c:\users\ilona\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp9vlipe.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00047616 _____ () C:\Anwendungsdaten\Dropbox\bin\libEGL.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00863744 _____ () C:\Anwendungsdaten\Dropbox\bin\plugins\platforms\qwindows.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00200704 _____ () C:\Anwendungsdaten\Dropbox\bin\plugins\imageformats\qjpeg.dll
2015-01-18 13:42 - 2015-01-18 13:42 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-01-19 08:26 - 2015-01-19 08:26 - 00080160 _____ () C:\Program Files (x86)\Glary Utilities 5\zlib1.dll
2015-01-16 13:42 - 2015-01-09 01:35 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\libglesv2.dll
2015-01-16 13:42 - 2015-01-09 01:35 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\libegl.dll
2015-01-16 13:42 - 2015-01-09 01:35 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\pdf.dll
2015-01-16 13:42 - 2015-01-09 01:35 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Nach Updates suchen.lnk => C:\Windows\pss\Nach Updates suchen.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^ilona^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Mediencenter.lnk => C:\Windows\pss\Mediencenter.lnk.Startup
MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
MSCONFIG\startupreg: CanonSolutionMenuEx => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
MSCONFIG\startupreg: Garmin Lifetime Updater =>
MSCONFIG\startupreg: Google Update =>
MSCONFIG\startupreg: GoogleRadar =>
MSCONFIG\startupreg: KiesPreload => c:\program files (x86)\samsung\kies\kies.exe /preload
MSCONFIG\startupreg: KiesTrayAgent => c:\program files (x86)\samsung\kies\kiestrayagent.exe
MSCONFIG\startupreg: Logitech Vid => "C:\Program Files (x86)\Logitech\Vid HD\Vid.exe" -bootmode
MSCONFIG\startupreg: LogMeIn Hamachi Ui =>
MSCONFIG\startupreg: LWS => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
MSCONFIG\startupreg: QtraxNotification =>
MSCONFIG\startupreg: Skype =>

========================= Accounts: ==========================

Administrator (S-1-5-21-257635416-103086523-1945266447-500 - Administrator - Disabled)
Gast (S-1-5-21-257635416-103086523-1945266447-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-257635416-103086523-1945266447-1002 - Limited - Enabled)
ilona (S-1-5-21-257635416-103086523-1945266447-1000 - Administrator - Enabled) => C:\Users\ilona
Robin (S-1-5-21-257635416-103086523-1945266447-1005 - Limited - Enabled) => C:\Users\Robin
UpdatusUser (S-1-5-21-257635416-103086523-1945266447-1004 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============

Name: Standardtastatur (PS/2)
Description: Standardtastatur (PS/2)
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardtastaturen)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: USB Device(VID_1f3a_PID_efe8)
Description: USB Device(VID_1f3a_PID_efe8)
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: USB Devices
Service: usbUDisc
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Microsoft PS/2-Maus
Description: Microsoft PS/2-Maus
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/22/2015 04:29:49 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm EmptyFolderFinder.exe, Version 5.0.0.22 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 14a8

Startzeit: 01d0365824421177

Endzeit: 16

Anwendungspfad: C:\Program Files (x86)\Glary Utilities 5\EmptyFolderFinder.exe

Berichts-ID: 70ccd4af-a24b-11e4-87b1-002268469609

Error: (01/22/2015 01:20:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/21/2015 10:45:13 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/20/2015 05:14:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/19/2015 11:21:53 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/18/2015 03:59:50 PM) (Source: MsiInstaller) (EventID: 11921) (User: NT-AUTORITÄT)
Description: Product: ESET Smart Security -- Fehler 1921. Dienst "ESET Service" (ekrn) konnte nicht beendet werden. Überprüfen Sie, ob Sie ausreichende Berechtigungen zum Beenden von Systemdiensten besitzen.

Error: (01/18/2015 03:54:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/18/2015 01:50:10 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary czoftkuk.

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (01/18/2015 01:49:03 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary czoftkuk.

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (01/18/2015 01:41:22 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary czoftkuk.

System Error:
Das System kann die angegebene Datei nicht finden.
.


System errors:
=============
Error: (01/22/2015 05:39:43 PM) (Source: Schannel) (EventID: 4108) (User: ilona-PC)
Description: Das vom Remoteserver erhaltene Zertifikat wurde falsch verifiziert. Fehlercode: 0x80092012. Fehler bei der SSL-Zertifikatanforderung. Die angefügten Daten enthalten das Serverzertifikat.

Error: (01/22/2015 05:39:43 PM) (Source: Schannel) (EventID: 4120) (User: ilona-PC)
Description: Es wurde eine schwerwiegende Warnung generiert: 43. Der interne Fehlerstatus lautet: 552.

Error: (01/22/2015 05:37:23 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (01/22/2015 05:34:29 PM) (Source: Schannel) (EventID: 4108) (User: ilona-PC)
Description: Das vom Remoteserver erhaltene Zertifikat wurde falsch verifiziert. Fehlercode: 0x80092012. Fehler bei der SSL-Zertifikatanforderung. Die angefügten Daten enthalten das Serverzertifikat.

Error: (01/22/2015 05:34:29 PM) (Source: Schannel) (EventID: 4120) (User: ilona-PC)
Description: Es wurde eine schwerwiegende Warnung generiert: 43. Der interne Fehlerstatus lautet: 552.

Error: (01/22/2015 05:29:19 PM) (Source: Schannel) (EventID: 4108) (User: ilona-PC)
Description: Das vom Remoteserver erhaltene Zertifikat wurde falsch verifiziert. Fehlercode: 0x80092012. Fehler bei der SSL-Zertifikatanforderung. Die angefügten Daten enthalten das Serverzertifikat.

Error: (01/22/2015 05:29:19 PM) (Source: Schannel) (EventID: 4120) (User: ilona-PC)
Description: Es wurde eine schwerwiegende Warnung generiert: 43. Der interne Fehlerstatus lautet: 552.

Error: (01/22/2015 05:24:09 PM) (Source: Schannel) (EventID: 4108) (User: ilona-PC)
Description: Das vom Remoteserver erhaltene Zertifikat wurde falsch verifiziert. Fehlercode: 0x80092012. Fehler bei der SSL-Zertifikatanforderung. Die angefügten Daten enthalten das Serverzertifikat.

Error: (01/22/2015 05:24:09 PM) (Source: Schannel) (EventID: 4120) (User: ilona-PC)
Description: Es wurde eine schwerwiegende Warnung generiert: 43. Der interne Fehlerstatus lautet: 552.

Error: (01/22/2015 05:18:59 PM) (Source: Schannel) (EventID: 4108) (User: ilona-PC)
Description: Das vom Remoteserver erhaltene Zertifikat wurde falsch verifiziert. Fehlercode: 0x80092012. Fehler bei der SSL-Zertifikatanforderung. Die angefügten Daten enthalten das Serverzertifikat.


Microsoft Office Sessions:
=========================
Error: (01/22/2015 04:29:49 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: EmptyFolderFinder.exe5.0.0.2214a801d036582442117716C:\Program Files (x86)\Glary Utilities 5\EmptyFolderFinder.exe70ccd4af-a24b-11e4-87b1-002268469609

Error: (01/22/2015 01:20:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/21/2015 10:45:13 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/20/2015 05:14:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/19/2015 11:21:53 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/18/2015 03:59:50 PM) (Source: MsiInstaller) (EventID: 11921) (User: NT-AUTORITÄT)
Description: Product: ESET Smart Security -- Fehler 1921. Dienst "ESET Service" (ekrn) konnte nicht beendet werden. Überprüfen Sie, ob Sie ausreichende Berechtigungen zum Beenden von Systemdiensten besitzen.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (01/18/2015 03:54:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/18/2015 01:50:10 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary czoftkuk.

System Error:
Das System kann die angegebene Datei nicht finden.

Error: (01/18/2015 01:49:03 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary czoftkuk.

System Error:
Das System kann die angegebene Datei nicht finden.

Error: (01/18/2015 01:41:22 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary czoftkuk.

System Error:
Das System kann die angegebene Datei nicht finden.


CodeIntegrity Errors:
===================================
Date: 2013-11-24 15:55:30.375
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows.old\Windows\System32\drivers\appid.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2013-11-24 15:55:30.246
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows.old\Windows\System32\drivers\appid.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2013-11-24 15:54:03.802
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows.old\Windows\System32\WinBioPlugIns\winbiostorageadapter.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2013-11-24 15:54:03.625
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows.old\Windows\System32\WinBioPlugIns\winbiostorageadapter.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2013-11-24 15:54:03.460
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows.old\Windows\System32\WinBioPlugIns\winbiosensoradapter.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2013-11-24 15:54:03.315
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows.old\Windows\System32\WinBioPlugIns\winbiosensoradapter.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2013-11-24 15:52:48.754
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows.old\Windows\System32\fveapibase.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2013-11-24 15:52:48.624
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows.old\Windows\System32\fveapibase.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2013-11-24 15:51:17.892
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows.old\Windows\winsxs\x86_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.17514_none_59537a3710696511\appid.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2013-11-24 15:51:17.756
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows.old\Windows\winsxs\x86_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.17514_none_59537a3710696511\appid.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7 CPU 920 @ 2.67GHz
Percentage of memory in use: 32%
Total physical RAM: 8183.17 MB
Available physical RAM: 5547.66 MB
Total Pagefile: 16364.52 MB
Available Pagefile: 12909.59 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (ilona) (Fixed) (Total:819.21 GB) (Free:480.56 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Volume) (Fixed) (Total:97.66 GB) (Free:73.16 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 597B19F2)
Partition 1: (Not Active) - (Size=14.6 GB) - (Type=27)
Partition 2: (Active) - (Size=819.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=97.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================DE][/CODE]
__________________

Alt 22.01.2015, 20:20   #4
schrauber
/// the machine
/// TB-Ausbilder
 

eset smart security funktioniert nicht mehr wegen EKR.exe Fehler - Standard

eset smart security funktioniert nicht mehr wegen EKR.exe Fehler



hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 23.01.2015, 09:39   #5
bellachen56
 
eset smart security funktioniert nicht mehr wegen EKR.exe Fehler - Standard

eset smart security funktioniert nicht mehr wegen EKR.exe Fehler



Code:
ATTFilter
ComboFix 15-01-22.02 - ilona 23.01.2015   8:29.1.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.8183.5429 [GMT 1:00]
ausgeführt von:: c:\users\ilona\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: ESET Smart Security 7.0 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
FW: ESET Personal Firewall *Disabled* {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: ESET Smart Security 7.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
C:\LIL75CB.tmp
C:\LIL75FA.tmp
C:\LIL7648.tmp
C:\LIL7677.tmp
c:\users\ilona\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpsr332y.dll
c:\users\ilona\AppData\Roaming\337
c:\users\ilona\AppData\Roaming\337\337 Wallpaper\ebase.dll
c:\users\ilona\AppData\Roaming\337\337 Wallpaper\image\default\app_close.png
c:\users\ilona\AppData\Roaming\337\337 Wallpaper\image\default\app_max.png
c:\users\ilona\AppData\Roaming\337\337 Wallpaper\image\default\app_min.png
c:\users\ilona\AppData\Roaming\337\337 Wallpaper\image\default\app_restore.png
c:\users\ilona\AppData\Roaming\337\337 Wallpaper\image\default\wallpaper_resource.xml
c:\users\ilona\AppData\Roaming\337\337 Wallpaper\image\default\window.png
c:\users\ilona\AppData\Roaming\337\337 Wallpaper\language\en_us\wallpaper_lang.ini
c:\users\ilona\AppData\Roaming\337\337 Wallpaper\language\es_es\wallpaper_lang.ini
c:\users\ilona\AppData\Roaming\337\337 Wallpaper\language\pt_br\wallpaper_lang.ini
c:\users\ilona\AppData\Roaming\337\337 Wallpaper\language\tr_tr\wallpaper_lang.ini
c:\users\ilona\AppData\Roaming\337\337 Wallpaper\language\zh_tw\wallpaper_lang.ini
c:\users\ilona\AppData\Roaming\337\337 Wallpaper\layout\default\dp_appwnd.xml
c:\users\ilona\AppData\Roaming\337\337 Wallpaper\layout\default\msgbox.xml
c:\users\ilona\AppData\Roaming\337\337 Wallpaper\libpng.dll
c:\users\ilona\AppData\Roaming\337\337 Wallpaper\main
c:\users\ilona\AppData\Roaming\337\337 Wallpaper\msvcp100.dll
c:\users\ilona\AppData\Roaming\337\337 Wallpaper\msvcr100.dll
c:\users\ilona\AppData\Roaming\337\337 Wallpaper\ouilibnl.dll
c:\users\ilona\AppData\Roaming\337\337 Wallpaper\plusapp.exe
c:\users\ilona\AppData\Roaming\337\337 Wallpaper\style\wallpaper_style.xml
c:\users\ilona\AppData\Roaming\337\337 Wallpaper\TrayDownloader.exe
c:\windows\IsUn0407.exe
c:\windows\msdownld.tmp
c:\windows\security\Database\tmp.edb
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-12-23 bis 2015-01-23  ))))))))))))))))))))))))))))))
.
.
2015-01-23 07:38 . 2015-01-23 07:38	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2015-01-22 16:37 . 2015-01-22 16:41	--------	d-----w-	C:\FRST
2015-01-22 16:13 . 2015-01-23 07:40	129752	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-01-22 16:13 . 2015-01-22 16:13	--------	d-----w-	c:\program files (x86)\ Malwarebytes Anti-Malware 
2015-01-22 16:13 . 2014-11-21 05:14	63704	----a-w-	c:\windows\system32\drivers\mwac.sys
2015-01-22 16:13 . 2014-11-21 05:14	93400	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2015-01-22 16:13 . 2014-11-21 05:14	25816	----a-w-	c:\windows\system32\drivers\mbam.sys
2015-01-22 16:12 . 2015-01-22 16:12	--------	d-----w-	c:\users\ilona\AppData\Local\Programs
2015-01-18 15:33 . 2015-01-18 15:33	--------	d-----w-	c:\users\ilona\AppData\Local\WinZip
2015-01-18 15:33 . 2015-01-18 15:33	--------	d-----w-	c:\programdata\WinZip
2015-01-18 15:33 . 2015-01-18 15:33	--------	d-----w-	c:\program files\WinZip
2015-01-18 12:47 . 2015-01-18 12:48	--------	d-----w-	c:\windows\SysWow64\vbox
2015-01-18 12:47 . 2015-01-18 12:48	--------	d-----w-	c:\windows\system32\vbox
2015-01-18 12:44 . 2015-01-18 12:44	--------	d-----w-	c:\anwendungsdaten\AVAST Software
2015-01-18 12:43 . 2015-01-18 12:43	116728	----a-w-	c:\windows\system32\drivers\aswStm.sys
2015-01-18 12:43 . 2015-01-18 12:43	267632	----a-w-	c:\windows\system32\drivers\aswVmm.sys
2015-01-18 12:43 . 2015-01-18 12:43	436624	----a-w-	c:\windows\system32\drivers\aswSP.sys
2015-01-18 12:43 . 2015-01-18 12:44	87912	----a-w-	c:\windows\system32\drivers\aswmonflt.sys
2015-01-18 12:43 . 2015-01-18 12:43	65776	----a-w-	c:\windows\system32\drivers\aswRvrt.sys
2015-01-18 12:43 . 2015-01-18 12:43	29208	----a-w-	c:\windows\system32\drivers\aswHwid.sys
2015-01-18 12:43 . 2015-01-18 12:43	93568	----a-w-	c:\windows\system32\drivers\aswRdr2.sys
2015-01-18 12:43 . 2015-01-18 12:44	1050432	----a-w-	c:\windows\system32\drivers\aswsnx.sys
2015-01-18 12:43 . 2015-01-18 12:43	364512	----a-w-	c:\windows\system32\aswBoot.exe
2015-01-18 12:42 . 2015-01-18 12:42	43152	----a-w-	c:\windows\avastSS.scr
2015-01-18 12:41 . 2015-01-18 12:41	--------	d-----w-	c:\program files\AVAST Software
2015-01-18 12:40 . 2015-01-18 12:41	--------	d-----w-	c:\programdata\AVAST Software
2015-01-18 10:21 . 2015-01-18 15:36	--------	d-----w-	c:\program files\CCleaner
2015-01-18 09:59 . 2015-01-18 10:07	--------	d-----w-	c:\anwendungsdaten\Wise Registry Cleaner
2015-01-18 09:59 . 2015-01-18 09:59	--------	d-----w-	c:\program files (x86)\Wise
2015-01-18 09:37 . 2014-12-15 03:13	11870360	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{0BFB9235-F744-48AA-9E1C-CECC4E71CF5A}\mpengine.dll
2015-01-18 09:33 . 2012-10-15 16:02	19888	----a-w-	c:\windows\system32\roboot64.exe
2015-01-18 09:16 . 2015-01-18 09:18	--------	d-----w-	c:\users\tyltsebbx
2015-01-18 08:26 . 2015-01-18 11:42	170280	----a-w-	c:\windows\system32\drivers\ESETCleanersDriver.sys
2015-01-04 13:15 . 2015-01-22 15:26	--------	d-----w-	c:\users\ilona\Andy
2015-01-04 13:15 . 2015-01-10 00:12	--------	d-----w-	c:\anwendungsdaten\Andy
2015-01-04 13:14 . 2015-01-04 13:14	--------	d-----w-	c:\program files\Oracle
2015-01-03 18:34 . 2014-10-11 12:29	917112	----a-w-	c:\windows\system32\drivers\VBoxDrv.sys
2015-01-03 18:34 . 2014-10-11 12:27	129168	----a-w-	c:\windows\system32\drivers\VBoxUSBMon.sys
2015-01-03 17:53 . 2015-01-03 17:53	--------	d-----w-	c:\users\ilona\ChromeExtensions
2015-01-03 17:53 . 2015-01-03 17:53	--------	d-----w-	c:\users\ilona\AppData\Local\Temp7545a787ba9987ddd03f06f4974235ad
2015-01-03 17:38 . 2015-01-22 15:26	--------	d-----w-	c:\users\ilona\AppData\Local\Deutsche Telekom AG
2015-01-03 17:38 . 2015-01-22 15:26	--------	d-----w-	c:\anwendungsdaten\Deutsche Telekom AG
2015-01-03 17:38 . 2015-01-03 17:38	--------	d-----w-	c:\programdata\Telekom-Browser 7
2015-01-03 16:58 . 2015-01-22 15:26	--------	d-----w-	c:\users\ilona\AppData\Local\Tempd1c57d15a3e0bec35f4ba5710166089b
2015-01-03 15:44 . 2015-01-04 13:15	--------	d-----w-	c:\users\ilona\VirtualBox VMs
2015-01-03 15:44 . 2015-01-03 15:44	--------	d-----w-	c:\users\ilona\.android
2015-01-03 15:44 . 2015-01-04 13:24	--------	d-----w-	c:\users\ilona\.VirtualBox
2015-01-03 14:41 . 2015-01-10 00:12	--------	d-----w-	c:\program files\Andy
2015-01-02 17:37 . 2014-12-13 05:09	144384	----a-w-	c:\windows\system32\ieUnatt.exe
2015-01-02 17:37 . 2014-12-13 03:33	115712	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2014-12-25 09:42 . 2014-12-25 09:42	--------	d-----w-	c:\windows\system32\appraiser
2014-12-24 13:56 . 2014-10-18 02:05	4121600	----a-w-	c:\windows\system32\mf.dll
2014-12-24 13:56 . 2014-10-18 01:33	3209728	----a-w-	c:\windows\SysWow64\mf.dll
2014-12-24 08:45 . 2014-11-22 01:43	14412800	----a-w-	c:\windows\system32\ieframe.dll
2014-12-24 08:44 . 2014-10-30 02:03	165888	----a-w-	c:\windows\system32\charmap.exe
2014-12-24 08:37 . 2014-12-24 08:37	--------	d-----w-	c:\program files (x86)\Common Files\IObit
2014-12-24 08:36 . 2014-12-24 08:36	26528	----a-w-	c:\windows\SysWow64\drivers\HWiNFO64A.SYS
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-01-14 15:20 . 2013-11-24 08:38	71344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-01-14 15:20 . 2013-11-24 08:38	701616	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2015-01-14 15:20 . 2014-11-26 08:20	18127536	----a-w-	c:\windows\SysWow64\FlashPlayerInstaller.exe
2015-01-08 08:55 . 2010-11-21 03:27	298120	------w-	c:\windows\system32\MpSigStub.exe
2014-12-24 13:57 . 2012-04-11 15:32	112710672	----a-w-	c:\windows\system32\MRT.exe
2014-12-21 10:58 . 2014-12-21 10:58	856992	----a-w-	c:\windows\system32\tadefxapo264.dll
2014-12-21 10:58 . 2014-12-21 10:58	366104	----a-w-	c:\windows\system32\SRCOM64.dll
2014-12-21 10:58 . 2014-12-21 10:58	1411096	----a-w-	c:\windows\system32\SRRPTR64.dll
2014-12-21 10:58 . 2014-12-21 10:58	451096	----a-w-	c:\windows\system32\SRAPO64.dll
2014-12-21 10:58 . 2014-12-21 10:58	326680	----a-w-	c:\windows\SysWow64\SRCOM.dll
2014-12-21 10:58 . 2014-12-21 10:58	326680	----a-w-	c:\windows\system32\SRCOM.dll
2014-12-21 10:58 . 2014-12-21 10:58	4263128	----a-w-	c:\windows\system32\drivers\RTKVHD64.sys
2014-12-21 10:58 . 2014-12-21 10:58	3186544	----a-w-	c:\windows\system32\RtkApi64.dll
2014-12-21 10:58 . 2014-12-21 10:58	2860760	----a-w-	c:\windows\system32\RtPgEx64.dll
2014-12-21 10:58 . 2014-12-21 10:58	629464	----a-w-	c:\windows\system32\RtDataProc64.dll
2014-12-21 10:57 . 2014-12-21 10:57	1287384	----a-w-	c:\windows\system32\RTCOM64.dll
2014-12-21 10:57 . 2014-12-21 10:57	959704	----a-w-	c:\windows\system32\RCoInstII64.dll
2014-12-21 10:57 . 2014-12-21 10:57	71040000	----a-w-	c:\windows\system32\RCoRes64.dat
2014-12-21 10:57 . 2014-12-21 10:57	2827120	----a-w-	c:\windows\system32\RltkAPO64.dll
2014-12-21 10:57 . 2014-12-21 10:57	995120	----a-w-	c:\windows\system32\NahimicAPONSControl.dll
2014-12-21 10:57 . 2014-12-21 10:57	979280	----a-w-	c:\windows\system32\MaxxVoiceAPO2064.dll
2014-12-21 10:57 . 2014-12-21 10:57	5234952	----a-w-	c:\windows\system32\NAHIMICAPOlfx.dll
2014-12-21 10:57 . 2014-12-21 10:57	12967680	----a-w-	c:\windows\system32\MaxxVoiceAPO3064.dll
2014-12-21 10:57 . 2014-12-21 10:57	14048512	----a-w-	c:\windows\system32\MaxxAudioRealtek64.dll
2014-12-21 10:57 . 2014-12-21 10:57	922880	----a-w-	c:\windows\system32\MaxxAudioAPOShell64.dll
2014-12-21 10:57 . 2014-12-21 10:57	303776	----a-w-	c:\windows\system32\ICEsoundAPO64.dll
2014-12-21 10:57 . 2014-12-21 10:57	1550528	----a-w-	c:\windows\system32\CX64APO.dll
2014-12-21 10:57 . 2014-12-21 10:57	1499984	----a-w-	c:\windows\system32\MaxxAudioAPO5064.dll
2014-12-21 10:57 . 2014-12-21 10:57	1353472	----a-w-	c:\windows\system32\MaxxAudioAPO6064.dll
2014-12-21 10:57 . 2014-12-21 10:57	96568	----a-w-	c:\windows\system32\audioLibVc.dll
2014-12-21 10:57 . 2014-12-21 10:57	560328	----a-w-	c:\windows\system32\AERTAC64.dll
2014-11-11 03:08 . 2014-11-19 06:40	241152	----a-w-	c:\windows\system32\pku2u.dll
2014-11-11 03:08 . 2014-11-19 06:40	728064	----a-w-	c:\windows\system32\kerberos.dll
2014-11-11 02:44 . 2014-11-19 06:40	186880	----a-w-	c:\windows\SysWow64\pku2u.dll
2014-11-11 02:44 . 2014-11-19 06:40	550912	----a-w-	c:\windows\SysWow64\kerberos.dll
2014-10-26 12:45 . 2014-09-05 07:01	20160	----a-w-	c:\windows\system32\drivers\GUBootStartup.sys
2014-10-26 11:30 . 2014-10-26 11:30	9890008	----a-w-	c:\windows\SysWow64\RsCRIcon.dll
2014-10-26 11:30 . 2014-10-26 11:30	272600	----a-w-	c:\windows\system32\drivers\RtsUStor.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ 1&1 Sync Overlay 1]
@="{02B2B772-B8A8-4DA4-9B18-42551A54A1A8}"
[HKEY_CLASSES_ROOT\CLSID\{02B2B772-B8A8-4DA4-9B18-42551A54A1A8}]
2014-12-03 09:59	345088	----a-w-	c:\program files (x86)\Common Files\1&1 Sync\1&1SyncShellExtension_1_0_0_1_20141210132119457.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ 1&1 Sync Overlay 2]
@="{0575AB16-E932-4160-8936-4DBE195BDBD7}"
[HKEY_CLASSES_ROOT\CLSID\{0575AB16-E932-4160-8936-4DBE195BDBD7}]
2014-12-03 09:59	345088	----a-w-	c:\program files (x86)\Common Files\1&1 Sync\1&1SyncShellExtension_1_0_0_1_20141210132119457.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ 1&1 Sync Overlay 3]
@="{0E9EF89A-96D3-4DE6-B2F8-E9548AA5321E}"
[HKEY_CLASSES_ROOT\CLSID\{0E9EF89A-96D3-4DE6-B2F8-E9548AA5321E}]
2014-12-03 09:59	345088	----a-w-	c:\program files (x86)\Common Files\1&1 Sync\1&1SyncShellExtension_1_0_0_1_20141210132119457.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ 1&1 Sync Overlay 4]
@="{1A4AFFE1-B2F9-483D-B627-D9A339DBFD34}"
[HKEY_CLASSES_ROOT\CLSID\{1A4AFFE1-B2F9-483D-B627-D9A339DBFD34}]
2014-12-03 09:59	345088	----a-w-	c:\program files (x86)\Common Files\1&1 Sync\1&1SyncShellExtension_1_0_0_1_20141210132119457.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-06-15 18:11	223432	----a-w-	c:\users\ilona\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-06-15 18:11	223432	----a-w-	c:\users\ilona\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-06-15 18:11	223432	----a-w-	c:\users\ilona\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04	131480	----a-w-	c:\anwendungsdaten\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04	131480	----a-w-	c:\anwendungsdaten\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04	131480	----a-w-	c:\anwendungsdaten\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TomTomHOME.exe"="c:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [2014-12-19 248176]
"MyDriveConnect.exe"="c:\program files (x86)\MyDrive Connect\MyDriveConnect.exe" [2014-10-03 1792376]
"GUDelayStartup"="c:\program files (x86)\Glary Utilities 5\StartupManager.exe" [2015-01-19 37152]
"GMX Application {sync-000021}"="c:\users\ilona\AppData\Local\GMX Application {sync-000021}\gmx_mediacenter.exe" [2014-12-03 777216]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2014-12-12 7394584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PDFPrint"="c:\program files (x86)\PDF24\pdf24.exe" [2014-10-13 193568]
"MailCheck IE Broker"="c:\program files (x86)\GMX MailCheck\IE\GMX_MailCheck_Broker.exe" [2014-11-17 2096192]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-01-18 5227112]
.
c:\users\ilona\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\anwendungsdaten\Dropbox\bin\Dropbox.exe /systemstartup [2014-12-9 39207112]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk * 
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" -hide
"Andy"="c:\program" files\Andy\HandyAndy.exe
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SpyHunter 4 Service;SpyHunter 4 Service; [x]
R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys;c:\windows\SYSNATIVE\drivers\avmeject.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 eins1400;Eset install launcher (14003);c:\windows\system32\rundll32.exe;c:\windows\SYSNATIVE\rundll32.exe [x]
R3 ESETCleanersDriver;ESET Cleaner Service;c:\windows\system32\Drivers\ESETCleanersDriver.sys;c:\windows\SYSNATIVE\Drivers\ESETCleanersDriver.sys [x]
R3 esgiguard;esgiguard; [x]
R3 EsgScanner;EsgScanner;c:\windows\system32\DRIVERS\EsgScanner.sys;c:\windows\SYSNATIVE\DRIVERS\EsgScanner.sys [x]
R3 fwlanusb4;FRITZ!WLAN N/G;c:\windows\system32\DRIVERS\fwlanusb4.sys;c:\windows\SYSNATIVE\DRIVERS\fwlanusb4.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;Logitech HD Webcam C270(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys;c:\windows\SYSNATIVE\drivers\nusb3hub.sys [x]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys;c:\windows\SYSNATIVE\drivers\nusb3xhc.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 usbUDisc;usbUDisc;c:\windows\system32\DRIVERS\USBDrv_AMD64.sys;c:\windows\SYSNATIVE\DRIVERS\USBDrv_AMD64.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfp.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys;c:\windows\SYSNATIVE\DRIVERS\EpfwLWF.sys [x]
S1 GUBootStartup;GUBootStartup;c:\windows\System32\drivers\GUBootStartup.sys;c:\windows\SYSNATIVE\drivers\GUBootStartup.sys [x]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxDrv.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [x]
S2 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files (x86)\PDF Architect\HelperService.exe;c:\program files (x86)\PDF Architect\HelperService.exe [x]
S2 PDF Architect Service;PDF Architect Service;c:\program files (x86)\PDF Architect\ConversionService.exe;c:\program files (x86)\PDF Architect\ConversionService.exe [x]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [x]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
S2 VBoxAswDrv;VBoxAsw Support Driver;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [x]
S3 AvastVBoxSvc;AvastVBox COM Service;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [x]
S3 azvusb;Virtual USB Hub;c:\windows\system32\DRIVERS\azvusb.sys;c:\windows\SYSNATIVE\DRIVERS\azvusb.sys [x]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1y62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-01-16 12:42	1087816	----a-w-	c:\program files (x86)\Google\Chrome\Application\39.0.2171.99\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2015-01-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-24 15:20]
.
2015-01-23 c:\windows\Tasks\GlaryInitialize 5.job
- c:\program files (x86)\Glary Utilities 5\Initialize.exe [2015-01-19 07:25]
.
2015-01-19 c:\windows\Tasks\GlaryOneClickOptimizer 5.job
- c:\program files (x86)\Glary Utilities 5\OneClickMaintenance.exe [2015-01-19 07:26]
.
2015-01-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-09-21 15:24]
.
2015-01-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-09-21 15:24]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ 1&1 Sync Overlay 1]
@="{02B2B772-B8A8-4DA4-9B18-42551A54A1A8}"
[HKEY_CLASSES_ROOT\CLSID\{02B2B772-B8A8-4DA4-9B18-42551A54A1A8}]
2014-12-03 09:59	373248	----a-w-	c:\program files\Common Files\1&1 Sync\1&1SyncShellExtension64_1_0_0_1_20141210132119457.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ 1&1 Sync Overlay 2]
@="{0575AB16-E932-4160-8936-4DBE195BDBD7}"
[HKEY_CLASSES_ROOT\CLSID\{0575AB16-E932-4160-8936-4DBE195BDBD7}]
2014-12-03 09:59	373248	----a-w-	c:\program files\Common Files\1&1 Sync\1&1SyncShellExtension64_1_0_0_1_20141210132119457.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ 1&1 Sync Overlay 3]
@="{0E9EF89A-96D3-4DE6-B2F8-E9548AA5321E}"
[HKEY_CLASSES_ROOT\CLSID\{0E9EF89A-96D3-4DE6-B2F8-E9548AA5321E}]
2014-12-03 09:59	373248	----a-w-	c:\program files\Common Files\1&1 Sync\1&1SyncShellExtension64_1_0_0_1_20141210132119457.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ 1&1 Sync Overlay 4]
@="{1A4AFFE1-B2F9-483D-B627-D9A339DBFD34}"
[HKEY_CLASSES_ROOT\CLSID\{1A4AFFE1-B2F9-483D-B627-D9A339DBFD34}]
2014-12-03 09:59	373248	----a-w-	c:\program files\Common Files\1&1 Sync\1&1SyncShellExtension64_1_0_0_1_20141210132119457.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-06-15 18:11	262344	----a-w-	c:\users\ilona\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-06-15 18:11	262344	----a-w-	c:\users\ilona\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-06-15 18:11	262344	----a-w-	c:\users\ilona\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04	164760	----a-w-	c:\anwendungsdaten\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04	164760	----a-w-	c:\anwendungsdaten\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04	164760	----a-w-	c:\anwendungsdaten\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04	164760	----a-w-	c:\anwendungsdaten\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04	164760	----a-w-	c:\anwendungsdaten\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04	164760	----a-w-	c:\anwendungsdaten\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04	164760	----a-w-	c:\anwendungsdaten\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04	164760	----a-w-	c:\anwendungsdaten\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-01-18 12:43	860984	----a-w-	c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2014-12-21 13774040]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2013-09-12 5618456]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.google.com/?trackid=sp-006
mStart Page = https://www.google.com/?trackid=sp-006
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
mSearch Bar = https://www.google.com/?trackid=sp-006
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: {{c0e8ae32-0758-4c8d-ab71-23b361fe8964} - c:\users\ilona\AppData\Local\Temp\ie_script.htm
TCP: DhcpNameServer = 192.168.178.1
Handler: gmx - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - c:\program files (x86)\GMX MailCheck\IE\GMX_MailCheck.dll
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F} - (no file)
Toolbar-10 - (no file)
HKLM_Wow6432Node-ActiveSetup-{98595F74-7670-4CC6-810F-57AFA47222B0} - msiexec
Toolbar-10 - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-257635416-103086523-1945266447-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (S-1-5-21-257635416-103086523-1945266447-1000)
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-257635416-103086523-1945266447-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (S-1-5-21-257635416-103086523-1945266447-1000)
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-257635416-103086523-1945266447-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (S-1-5-21-257635416-103086523-1945266447-1000)
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-257635416-103086523-1945266447-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (S-1-5-21-257635416-103086523-1945266447-1000)
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-257635416-103086523-1945266447-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (S-1-5-21-257635416-103086523-1945266447-1000)
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-257635416-103086523-1945266447-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.16"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000004
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\ Malwarebytes Anti-Malware \mbam.exe
c:\program files (x86)\Glary Utilities 5\Integrator.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\program files (x86)\Google\Update\Install\{3378567A-3C04-4444-AA78-487F29BB1F6B}\40.0.2214.91_39.0.2171.99_chrome_updater.exe
c:\windows\TEMP\CR_E4FB0.tmp\setup.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2015-01-23  08:47:58 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2015-01-23 07:47
.
Vor Suchlauf: 35 Verzeichnis(se), 515.836.665.856 Bytes frei
Nach Suchlauf: 44 Verzeichnis(se), 513.456.414.720 Bytes frei
.
- - End Of File - - 4D5BE81436D57950DF78C0440E14EC2D
A36C5E4F47E84449FF07ED3517B43A31
         
Leider ist das Problem weiterhin vorhanden, eset ist immer noch in der Taskleiste.

Gruß
Ilona


Alt 23.01.2015, 12:40   #6
schrauber
/// the machine
/// TB-Ausbilder
 

eset smart security funktioniert nicht mehr wegen EKR.exe Fehler - Standard

eset smart security funktioniert nicht mehr wegen EKR.exe Fehler



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
--> eset smart security funktioniert nicht mehr wegen EKR.exe Fehler

Alt 23.01.2015, 14:08   #7
bellachen56
 
eset smart security funktioniert nicht mehr wegen EKR.exe Fehler - Standard

eset smart security funktioniert nicht mehr wegen EKR.exe Fehler



Code:
ATTFilter
# AdwCleaner v4.108 - Bericht erstellt am 23/01/2015 um 14:03:00
# Aktualisiert 17/01/2015 von Xplode
# Database : 2015-01-22.3 [Live]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : ilona - ILONA-PC
# Gestartet von : C:\Users\ilona\Downloads\AdwCleaner_4.108.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SuperEasy Software
Ordner Gelöscht : C:\Program Files\SuperEasy Software
Ordner Gelöscht : C:\Anwendungsdaten\pdfforge
Ordner Gelöscht : C:\Users\ilona\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja
Datei Gelöscht : C:\Windows\System32\roboot64.exe

***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C424171E-592A-415A-9EB1-DFD6D95D3530}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C424171E-592A-415A-9EB1-DFD6D95D3530}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C424171E-592A-415A-9EB1-DFD6D95D3530}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{C424171E-592A-415A-9EB1-DFD6D95D3530}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{C424171E-592A-415A-9EB1-DFD6D95D3530}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{C424171E-592A-415A-9EB1-DFD6D95D3530}
Wert Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{C424171E-592A-415A-9EB1-DFD6D95D3530}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Mozilla Firefox v


-\\ Google Chrome v40.0.2214.91

[C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\preferences] - Gelöscht [Extension] : nfengeggddojhakldhlpjdlddgkkjkdd
[C:\Users\ilona\AppData\Local\Chromium\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://de.ask.com/web?q={searchTerms}
[C:\Users\ilona\AppData\Local\Comodo\Dragon\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.search.ask.com/web?o=APN10257&q={searchTerms}

-\\ Chromium v

[C:\Users\ilona\AppData\Local\Chromium\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://de.ask.com/web?q={searchTerms}
[C:\Users\ilona\AppData\Local\Comodo\Dragon\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.search.ask.com/web?o=APN10257&q={searchTerms}

-\\ Comodo Dragon v

[C:\Users\ilona\AppData\Local\Chromium\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://de.ask.com/web?q={searchTerms}
[C:\Users\ilona\AppData\Local\Comodo\Dragon\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.search.ask.com/web?o=APN10257&q={searchTerms}
[C:\Users\ilona\AppData\Local\Comodo\Dragon\User Data\Default\preferences] - Gelöscht [Extension] : cmaiofennmphjldldcpphcechfnnohja

-\\ Opera v26.0.1656.60

[C:\Users\ilona\AppData\Local\Chromium\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://de.ask.com/web?q={searchTerms}
[C:\Users\ilona\AppData\Local\Comodo\Dragon\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.search.ask.com/web?o=APN10257&q={searchTerms}

*************************

AdwCleaner[R0].txt - [33144 octets] - [30/07/2014 11:10:23]
AdwCleaner[R1].txt - [1517 octets] - [30/07/2014 11:29:19]
AdwCleaner[R2].txt - [1255 octets] - [30/07/2014 11:56:04]
AdwCleaner[R3].txt - [17709 octets] - [29/08/2014 12:19:50]
AdwCleaner[R4].txt - [3472 octets] - [23/01/2015 13:44:06]
AdwCleaner[S0].txt - [33213 octets] - [30/07/2014 11:11:21]
AdwCleaner[S1].txt - [1578 octets] - [30/07/2014 11:30:08]
AdwCleaner[S2].txt - [17744 octets] - [29/08/2014 14:59:01]
AdwCleaner[S3].txt - [4040 octets] - [23/01/2015 14:03:00]

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [4100 octets] ##########
         

Alt 23.01.2015, 17:11   #8
schrauber
/// the machine
/// TB-Ausbilder
 

eset smart security funktioniert nicht mehr wegen EKR.exe Fehler - Standard

eset smart security funktioniert nicht mehr wegen EKR.exe Fehler



Bitte alles abarbeiten. Wir müssen erstmal die ganze Malware entfernen.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu eset smart security funktioniert nicht mehr wegen EKR.exe Fehler
antwort, avast, erhalte, eset, experte, fehler, festgestellt, forum, funktioniert, funktioniert nicht, funktioniert nicht mehr, geschützt, hoffe, nicht mehr, optimal, problem, rechner, security, seite, smart, software, vollversion, web, weiterhelfen, würde, überhaupt




Ähnliche Themen: eset smart security funktioniert nicht mehr wegen EKR.exe Fehler


  1. Erst Fehler bei Avast jetzt funktioniert die Mouse nicht mehr
    Plagegeister aller Art und deren Bekämpfung - 05.09.2015 (3)
  2. ein Kritischer Fehler ist aufgetreten/ Windows Explorer funktioniert nicht mehr
    Plagegeister aller Art und deren Bekämpfung - 03.01.2015 (14)
  3. Infektion gefunden unter Eset Smart Security
    Log-Analyse und Auswertung - 03.11.2014 (9)
  4. Verfügt Eset Smart Security 7 über einen wirksamen Echtzeitschutz?
    Antiviren-, Firewall- und andere Schutzprogramme - 03.10.2014 (8)
  5. Wahrscheinlicher Virus ESET Smart Security 7 -> C:\Support\couponsupport.exe
    Plagegeister aller Art und deren Bekämpfung - 10.09.2014 (11)
  6. Smart Guard Protection eingefangen - Abgesicherter Modus funktioniert auch nicht
    Plagegeister aller Art und deren Bekämpfung - 21.01.2014 (3)
  7. eset smart security wechseln
    Antiviren-, Firewall- und andere Schutzprogramme - 11.01.2014 (5)
  8. Acer Aspire 5742g, wlan funktioniert nicht mehr, geräte manager zeigt Fehler an
    Netzwerk und Hardware - 09.01.2014 (14)
  9. PC gesperrt wegen Interpol-Seite 100 € Strafe - frst64 funktioniert nicht
    Log-Analyse und Auswertung - 28.11.2013 (15)
  10. Wegen Trojaner funktioniert der Task Manager nicht mehr (PUM.Hijack.TaskManager)
    Plagegeister aller Art und deren Bekämpfung - 11.07.2012 (21)
  11. Smart Fortress 2012 ... ESET läuft schon
    Plagegeister aller Art und deren Bekämpfung - 13.05.2012 (1)
  12. Security Tool, habe einiges deinstalliert, aber einiges funktioniert jetzt nicht mehr.
    Plagegeister aller Art und deren Bekämpfung - 28.11.2010 (33)
  13. ESET Smart Security oder ESET NOD32 Antivirus?
    Antiviren-, Firewall- und andere Schutzprogramme - 18.10.2010 (1)
  14. Nach Trojaner AV Security Center funktioniert Tastatur nicht mehr, CODE 38!
    Alles rund um Windows - 13.07.2010 (1)
  15. Port 995 (GMail), Thunderbird & ESET Smart Security
    Antiviren-, Firewall- und andere Schutzprogramme - 26.05.2008 (1)
  16. Itunes funktioniert nicht mehr, System lauter Fehler
    Plagegeister aller Art und deren Bekämpfung - 24.09.2007 (9)
  17. Format c: funktioniert nicht wegen NTFS! Was nun?
    Plagegeister aller Art und deren Bekämpfung - 18.08.2005 (7)

Zum Thema eset smart security funktioniert nicht mehr wegen EKR.exe Fehler - Hallo liebes Forumteam, ich habe mich schon im web auf der Seite von schlau gemacht was man machen kann wenn eset nicht mehr funktioniert und mir auch die nötigen Schritte - eset smart security funktioniert nicht mehr wegen EKR.exe Fehler...

Alle Zeitangaben in WEZ +1. Es ist jetzt 12:55 Uhr.


Copyright ©2000-2024, Trojaner-Board
Archiv
Du betrachtest: eset smart security funktioniert nicht mehr wegen EKR.exe Fehler auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.