Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Windows 7: GData findet mindestens 25 Viren. Virenfreiheit möglich? (https://www.trojaner-board.de/164061-windows-7-gdata-findet-mindestens-25-viren-virenfreiheit-moeglich.html)

Anton8 15.02.2015 20:38
Windows 7: GData findet mindestens 25 Viren. Virenfreiheit möglich?
 
Liste der Anhänge anzeigen (Anzahl: 1)
Hallo,


ich habe folgendes Problem:


Mein Antivirenprogramm (GData von ComputerBild) hat über 25 Stunden lang den PC gescannt und mindestens 25 Viren gefunden. Manche konnte ich desinfizieren, oder in Quarantäne schieben, bei anderen Viren bot das Programm gar keine Verfahrensmöglichkeit an. Ich habe daraufhin eine zweite Überprüfung gestartet, allerdings auf Rootkits und zwar nur C: User. Das lief mehr als 3 Stunden und als verbleibende Zeit wurden 213 Stunden angegeben, woraufhin ich das abbrach. Da stimmt doch irgendwas nicht.

Vorausgesetzt auf dem PC befinden sich noch Viren (1TB Festplatte, 13 GB sind noch frei), kann ich diese mit absoluter Sicherheit entfernen, oder was kann ich tun?
Was mich ansonsten noch stört ist, daß beim Aufruf mancher Seiten (z.B. Amazon) öfter einmal die Meldung kommt: "Die Seite kann nicht angezeigt werden" u.ä. .
Das kenne ich von "früher" nicht so.


Als Anhang ein PDF Protokoll von GData:

Anhang 72609

deeprybka 15.02.2015 20:50
Die meisten Funde sind nur Adware. Das können wir schon bereinigen. ;)


:hallo:

Mein Name ist Jürgen und ich werde Dir bei Deinem Problem behilflich sein. Zusammen schaffen wir das...:abklatsch:
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lese die Anleitungen sorgfältig durch bevor Du beginnst. Wenn es Probleme gibt oder Du etwas nicht verstehst, dann stoppe mit Deiner Ausführung und beschreibe mir das Problem.
  • Führe bitte nur Scans durch, zu denen Du von mir aufgefordert wurdest.
  • Bitte kein Crossposting (posten in mehreren Foren).
  • Installiere oder deinstalliere während der Bereinigung keine Software, außer Du wurdest dazu aufgefordert.
  • Speichere alle unsere Tools auf dem Desktop ab. Link: So ladet Ihr unsere Tools richtig
  • Poste die Logfiles direkt in Deinen Thread in Code-Tags.
  • Bedenke, dass wir hier alle während unserer Freizeit tätig sind, wenn du innerhalb von 24 Stunden nichts von mir liest, dann schreibe mir bitte eine PM.

Hinweis:
Ich kann Dir niemals eine Garantie geben, dass wir alle schädlichen Dateien finden werden.
Eine Formatierung ist meist der schnellere und immer der sicherste Weg, aber auch nur bei wirklicher Malware empfehlenswert.
Adware & Co. können wir sehr gut entfernen.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Du mein clean :daumenhoc bekommst.



Los geht's:

Schritt 1
http://filepony.de/icon/frst.pnghttp://deeprybka.trojaner-board.de/b...t/frstscan.png

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)




Lesestoff
Posten in CODE-Tags: So gehts...
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert uns massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://deeprybka.trojaner-board.de/tdss/codetags.gif

Anton8 15.02.2015 21:25
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-02-2015
Ran by Alexander Eichhorn at 2015-02-15 21:23:36
Running from C:\Users\Alexander Eichhorn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DAWSY6BA
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: G Data InternetSecurity CBE (Enabled - Up to date) {545C8713-0744-B079-87F8-349A6D5C8CF0}
AS: G Data InternetSecurity CBE (Enabled - Up to date) {EF3D66F7-217E-BFF7-BD48-0FE816DBC64D}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: G Data Personal Firewall (Enabled) {6C670636-4D2B-B121-ACA7-9DAF938FCB8B}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
ABBYY FineReader 11 (HKLM-x32\...\{F1100000-0008-0000-0001-074957833700}) (Version: 11.0.289 - ABBYY)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Photoshop Elements 7.0 (HKLM-x32\...\Adobe Photoshop Elements 7) (Version: 7.0.1 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Advertising Center (x32 Version: 0.0.0.1 - Nero AG) Hidden
Alice Greenfingers (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}) (Version:  - Oberon Media)
Amazonia (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}) (Version:  - Oberon Media)
AnyDVD (HKLM-x32\...\AnyDVD) (Version: 7.5.7.0 - SlySoft)
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft PhotoStudio 5.5 (HKLM-x32\...\{85309D89-7BE9-4094-BB17-24999C6118FC}) (Version:  - ArcSoft)
ArcSoft TotalMedia Backup (HKLM-x32\...\{3D69628B-4DE8-43C7-9A22-F90F5B870C08}) (Version: 1.5.21.3 - ArcSoft)
Ashampoo HDD Control 2 v.2.1.0 (HKLM-x32\...\{4209F371-A431-385E-2D7E-ACDA5DA3BA0B}_is1) (Version: 2.1.0 - Ashampoo GmbH & Co. KG)
Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
Audials (HKLM-x32\...\{73ABAA0E-70F0-4048-AD43-A5F5A13A198D}) (Version: 9.1.31900.0 - Audials AG)
Bild-Steuer 2009 (HKLM-x32\...\{D21ADE43-3AC8-4942-82BC-9C1D6063F046}) (Version: 14.02.0000 - Akademische Arbeitsgemeinschaft Verlag)
BILD-Steuer 2010 (HKLM-x32\...\{E7D293C9-732D-4E22-905D-2615FED321A4}) (Version: 15.12 - Akademische Arbeitsgemeinschaft Verlag)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version:  - )
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version:  - )
Canon MP Navigator EX 4.0 (HKLM-x32\...\MP Navigator EX 4.0) (Version:  - )
Canon MP280 series Benutzerregistrierung (HKLM-x32\...\Canon MP280 series Benutzerregistrierung) (Version:  - )
Canon MP280 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP280_series) (Version:  - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version:  - )
Canon Utilities Easy-PhotoPrint (HKLM-x32\...\Easy-PhotoPrint) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform)
CDCheck (HKLM-x32\...\CDCheck) (Version:  - )
Chicken Invaders 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}) (Version:  - Oberon Media)
CloneCD (HKLM-x32\...\CloneCD) (Version:  - SlySoft)
CloneDVD2OEM (HKLM-x32\...\CloneDVD2OEM) (Version:  - Elaborate Bytes)
Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CrystalDiskInfo 6.1.12 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 6.1.12 - Crystal Dew World)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dairy Dash (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}) (Version:  - Oberon Media)
Dream Day First Home (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}) (Version:  - Oberon Media)
DVD Shrink 3.2 deutsch (DeCSS-frei) (HKLM-x32\...\DVD Shrink DE_is1) (Version:  - DVD Shrink)
eBay Worldwide (HKLM-x32\...\{AAF89271-2594-468D-B578-96B2E30C41C4}) (Version: 2.1.0703 - OEM)
Exact Audio Copy 0.99pb5 (HKLM-x32\...\Exact Audio Copy) (Version: 0.99pb5 - Andre Wiethoff)
Farm Frenzy 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}) (Version:  - Oberon Media)
Feedback Tool (HKLM-x32\...\{13A5E785-5197-4EAD-8EE3-D660271E49BC}) (Version: 1.2.0 - Microsoft Corporation)
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{3E6F0CAD-EE38-42A5-9EEA-AE17A55BF2D4}) (Version: 2.1.23.0 - MAGIX AG)
foobar2000 v1.2.8 (HKLM-x32\...\foobar2000) (Version: 1.2.8 - Peter Pawlowski)
Free Audio Converter version 5.0.52.1111 (HKLM-x32\...\Free Audio Converter_is1) (Version: 5.0.52.1111 - DVDVideoSoft Ltd.)
Free DVD Video Burner version 3.0.2 (HKLM-x32\...\Free DVD Video Burner_is1) (Version:  - DVDVideoSoft Limited.)
Free Studio version 2014 (HKLM-x32\...\Free Studio_is1) (Version: 6.4.0.1022 - DVDVideoSoft Ltd.)
Free YouTube to DVD Converter version 2.7.26.426 (HKLM-x32\...\Free YouTube to DVD Converter_is1) (Version:  - DVDVideoSoft Limited.)
G Data InternetSecurity CBE (HKLM-x32\...\{85203592-3610-4FB9-AA11-15B2255B5A12}) (Version: 25.0.1.2 - G Data Software AG)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)
Google Earth (HKLM-x32\...\{2EAF7E61-068E-11DF-953C-005056806466}) (Version: 5.1.7938.4346 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Granny In Paradise (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}) (Version:  - Oberon Media)
Heroes of Hellas (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}) (Version:  - Oberon Media)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3001 - Packard Bell)
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
iTunes (HKLM\...\{427174C0-096E-40D9-9684-9C109BEE2CBF}) (Version: 11.0.5.5 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
MAGIX Foto Manager 8 (HKLM-x32\...\MAGIX Foto Manager 8 D) (Version: 6.0.1.499 - MAGIX AG)
MAGIX Fotobuch 3.6 (HKLM-x32\...\MAGIX Fotobuch) (Version: 3.6 - MAGIX AG)
MAGIX Media Suite (HKLM-x32\...\MAGIX Media Suite D) (Version: 1.13.0.112 - MAGIX AG)
MAGIX Online Druck Service (HKLM-x32\...\MAGIX Online Druck Service D) (Version: 3.4.3.0 - MAGIX AG)
MAGIX Ringtone Maker SE (HKLM-x32\...\MAGIX Ringtone Maker SE D) (Version: 3.1.0.5 - MAGIX AG)
MAGIX Speed 2 (MSI) (HKLM-x32\...\{FF34AF1C-705B-424A-A850-1A1F61D6EB71}) (Version: 6.0.1.4 - MAGIX AG)
Media Go (HKLM-x32\...\{AF06B8FA-B916-4001-AE51-6645488DEF09}) (Version: 2.8.303 - Sony)
Media Go Network Downloader (HKLM-x32\...\{5562F05F-908C-4F15-9B3C-98D5FD32DCAB}) (Version: 1.5.19.0 - Sony)
Media Go Video Playback Engine 2.12.103.06300 (HKLM-x32\...\{CB7048B4-5D1F-E24E-41FC-2AB7AAFE6597}) (Version: 2.12.103.06300 - Sony)
Merriam Websters Spell Jam (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}) (Version:  - Oberon Media)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Metaboli (HKLM-x32\...\Metaboli) (Version: 1.00.0006 - Packard Bell)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}) (Version:  - Microsoft)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Language Pack 2007 - German/Deutsch (HKLM-x32\...\OMUI.de-de) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0407-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM-x32\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{62F7DA7E-CCCB-439C-A760-00C3926E761F}) (Version: 9.7.0621 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{A336F8B0-7ADD-48E8-98A2-296040C1EC3F}) (Version: 3.1.3.0 - Apple Inc.)
Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 31.4.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.4.0 (x86 de)) (Version: 31.4.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
mufin player (HKLM-x32\...\mufin player D) (Version: 1.0.0.98 - MAGIX AG)
Musicport Download Manager (HKLM-x32\...\Musicport Download Manager) (Version: 1.00 - Materna Information & Communications GmbH)
MyTube HD 4.0 (HKLM-x32\...\{979FCA90-1FA4-482F-0001-393419DB8F1B}) (Version: 4.0.10.0406 - S.A.D.)
Nur Entfernen der CopyTrans Suite möglich (HKU\S-1-5-21-3298656242-1969614524-1323152709-1000\...\CopyTrans Suite) (Version: 2.37 - WindSolutions)
NVIDIA 3D Vision Treiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5896 - NVIDIA Corporation)
NVIDIA Grafiktreiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{B83FC356-B7C0-441F-8A4D-D71E088E7974}) (Version: 9.09.0428 - NVIDIA Corporation)
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
NWZ-E380 WALKMAN Guide (HKLM-x32\...\{D98ED583-338D-4425-B2EF-A4C7FB93CE88}) (Version: 2.2.0.05230 - Sony Corporation)
Packard Bell GameZone Console (HKLM-x32\...\{9242564e-02e9-4ea8-9d2d-351f6f728e1c}_is1) (Version: 5.1.2.3 - Oberon Media, Inc.)
Packard Bell InfoCentre (HKLM-x32\...\Packard Bell InfoCentre) (Version: 3.02.3000 - Packard Bell)
Packard Bell Photo Frame 4.2.3.10 (HKLM-x32\...\Packard Bell Photo Frame) (Version: 4.2.3.10 - I/O Interconnect)
Packard Bell Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3003 - Packard Bell)
Packard Bell Registration (HKLM-x32\...\Packard Bell Registration) (Version: 1.02.3005 - Packard Bell)
Packard Bell ScreenSaver (HKLM-x32\...\Packard Bell Screensaver) (Version: 1.1.0812 - Packard Bell Incorporated)
Packard Bell Software Suite SE (HKLM-x32\...\Packard Bell Software Suite SE) (Version: 2.01.5000 - Packard Bell)
PixiePack Codec Pack (HKLM-x32\...\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}) (Version: 1.1.1200.0 - None)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayStation(R)Store (HKLM-x32\...\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}) (Version: 4.18.0.15698 - Sony Computer Entertainment Inc.)
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
qBittorrent 3.1.9.2 (HKLM-x32\...\qbittorrent) (Version: 3.1.9.2 - The qBittorrent project)
QuickTime (HKLM-x32\...\{C9E14402-3631-4182-B377-6B0DFB1C0339}) (Version: 7.70.80.34 - Apple Inc.)
Radiotracker (HKLM-x32\...\{A8BB05BC-2C4A-4178-A819-64B8F5392960}) (Version: 6.2.13700.0 - RapidSolution Software AG)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5859 - Realtek Semiconductor Corp.)
ScanSoft OmniPage SE 4.0 (HKLM-x32\...\{C1E693A4-B1D5-4DCD-B68D-2087835B7184}) (Version: 15.00.0020 - Nuance Communications, Inc.)
Serif DrawPlus X2 (HKLM-x32\...\{3A438F62-00EE-4422-906B-6D9E107FC33F}) (Version: 9.0.4.024 - Serif (Europe) Ltd)
Serif PhotoPlus X2 (HKLM-x32\...\{9DCFC564-606E-424F-8A1C-56DD14908AF6}) (Version: 12.0.2.011 - Serif (Europe) Ltd)
Serif WebPlus X2 (HKLM-x32\...\{8829E394-87E1-41C0-BCED-9B47F7C6DCDD}) (Version: 11.0.5.029 - Serif (Europe) Ltd)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
simfy (HKLM-x32\...\Simfy) (Version: 1.7.7 - simfy AG)
simfy (x32 Version: 1.7.7 - simfy AG) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Speccy (HKLM\...\Speccy) (Version: 1.27 - Piriform)
Spotify (HKU\S-1-5-21-3298656242-1969614524-1323152709-1000\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
Star Defender 4 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114803710}) (Version:  - Oberon Media)
Steuer-Spar-Erklärung 2010 (HKLM-x32\...\{D8E1DFEE-622B-46BA-AEFF-AB7E541C0B21}) (Version: 15.11 - Akademische Arbeitsgemeinschaft Verlag)
Steuer-Spar-Erklärung 2011 (HKLM-x32\...\{9F5FD796-86F0-4360-85F8-D54C0F5411EB}) (Version: 16.14 - Akademische Arbeitsgemeinschaft Verlag)
Steuer-Spar-Erklärung 2012 (HKLM-x32\...\{CCD2BAD2-0919-40CB-80CC-E9538B0E4C2E}) (Version: 17.11 - Wolters Kluwer Deutschland GmbH)
Testbuch Bewerbung (HKLM-x32\...\TBBewerbung) (Version:  - )
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Welcome Center (HKLM-x32\...\Packard Bell Welcome Center) (Version: 1.00.3005 - Packard Bell)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{ED636101-1959-4360-8BF7-209436E7DEE4}) (Version: 14.0.8064.206 - Microsoft Corporation)
XRECODE (HKLM-x32\...\XRECODE_is1) (Version:  - )
xrecode II 1.0.0.217 (HKLM-x32\...\{AFE83615-88BE-47F6-B3E4-A3FEF8B7B57F}_is1) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3298656242-1969614524-1323152709-1000_Classes\CLSID\{D135BF7C-49E3-38F0-5254-DEE4D5DE9D72}\InprocServer32 -> C:\Windows\system32\ole32.dll (Microsoft Corporation)

==================== Restore Points  =========================

12-02-2015 17:00:45 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {01F90B8D-576F-4A7B-BEC4-765289824C5F} - System32\Tasks\{F24128E2-C7B2-4434-B485-9B624692FED9} => pcalua.exe -a "C:\Users\Alexander Eichhorn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PN3WN3EJ\mp3gain-win-full-1_3_4.exe" -d "C:\Users\Alexander Eichhorn\Desktop"
Task: {028E5131-0EE2-4971-9541-967C858881AF} - System32\Tasks\{86940D6A-4621-4E68-97AF-030B12E71F41} => pcalua.exe -a "C:\Users\Alexander Eichhorn\AppData\Roaming\uTorrent\uTorrent.exe" -c /UNINSTALL
Task: {13FA4474-8A23-40CB-8651-44FD078ED438} - System32\Tasks\{F1292691-8B2D-4D85-AF41-1A4AAC09851E} => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
Task: {202C443E-5258-4697-847C-7E13485C37DC} - System32\Tasks\{6257A2AC-B9E1-4893-B9C9-BE78B64E7FD8} => C:\Program Files (x86)\Winows Media Player Kopie von Programme\Windows Media Player\wmplayer.exe [2013-05-10] (Microsoft Corporation)
Task: {25FD140D-3E56-45C9-B73D-F78B3B936418} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.)
Task: {33618C29-3F6F-4AB6-8AE3-860E1E5E7CED} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-03-18] (Piriform Ltd)
Task: {3E5DEF62-0354-4ECC-814E-BCBD48F9D6AB} - System32\Tasks\{8D7184F4-B040-4158-B678-213954422F0A} => pcalua.exe -a D:\Downloads\burrrn_package113.exe -d D:\Downloads
Task: {3F988507-7B81-4D17-864C-76EAF1582719} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3298656242-1969614524-1323152709-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {40523C57-6098-4D79-A024-1BE93E3247BB} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3298656242-1969614524-1323152709-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {4937911E-FCAE-4A3C-B700-AC3655AF9DAC} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {5715C236-0B67-4E54-9652-070F01AAE3CA} - System32\Tasks\{BBDABD81-AC40-48FF-AB91-6498F96D79D2} => pcalua.exe -a "C:\Users\Alexander Eichhorn\Downloads\CDCheckSetup.exe" -d "C:\Users\Alexander Eichhorn\Desktop"
Task: {64C05FD9-D8B1-4C2B-AC77-023160C29236} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {664EB99C-A83D-45F9-A574-177A1300C058} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3298656242-1969614524-1323152709-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {6A668C71-F664-46D7-9EAA-4BE38236787B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.)
Task: {79093F7A-3D59-4B8F-B735-99190EB812D6} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {80CF652B-F2F0-4ECA-9388-BC91FD852D03} - System32\Tasks\{C01A3A3E-B44A-4CB1-BF05-96189C9022B6} => pcalua.exe -a "C:\Users\Alexander Eichhorn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N9VJD3L6\Top100.exe" -d "C:\Users\Alexander Eichhorn\Desktop"
Task: {8817ACB7-B134-4647-B842-B94C390C79BB} - System32\Tasks\{D72005AE-A84B-48F8-99EE-E99EA7E1FCCF} => pcalua.exe -a "C:\Users\Alexander Eichhorn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EN8KAZUA\MusicboxDownloadAssistent[1].exe" -d "C:\Users\Alexander Eichhorn\Desktop"
Task: {B17937D2-07F6-46BB-B3C3-A15F723E113F} - System32\Tasks\{2E764492-9448-4869-A4C2-EF556A847F16} => pcalua.exe -a C:\PROGRA~2\SearchProtect\Main\bin\uninstall.exe -c /S <==== ATTENTION
Task: {C315FAE8-273B-44A5-981E-C2FE08CD7BB2} - System32\Tasks\{29A2FD21-37F3-40A9-B2CF-89275B93E199} => C:\Program Files (x86)\iTunes\iTunes.exe [2013-08-16] (Apple Inc.)
Task: {D20EDF1C-FC49-4264-A828-24322CBDE610} - System32\Tasks\{4298404B-4FEC-44C3-9320-638EDB523BC9} => pcalua.exe -a "C:\Users\Alexander Eichhorn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y5C6AJ40\uninstall_flash_player[1].exe" -d "C:\Users\Alexander Eichhorn\Desktop"
Task: {DA24A9A6-159B-4AF4-A5BB-5409B66BE97E} - System32\Tasks\{E5F12228-B2A5-457B-BD61-CC4A7A76F068} => pcalua.exe -a "C:\Users\Alexander Eichhorn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CFFJ1GVG\CDCheckSetup.exe" -d "C:\Users\Alexander Eichhorn\Desktop"
Task: {DC9ED250-7EED-43C6-AD3B-6977C9C2A82B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {E4A8EDE1-4DDD-4C26-ACCA-8A43FE331786} - System32\Tasks\{C863FF54-6432-469B-900E-8DAB516E2D56} => pcalua.exe -a "c:\program files (x86)\real\realplayer\Update\r1puninst.exe" -c RealNetworks|RealPlayer|17.0
Task: {E7E3F37E-D9C8-4E51-A6DD-DDEF58DE7313} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3298656242-1969614524-1323152709-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {F2BD5927-037E-404A-BF4A-A2E47D24C095} - System32\Tasks\ffdshow manager => Sc.exe start ffdshow manager
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2012-11-18 17:10 - 2013-01-18 16:00 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-12-13 17:14 - 2012-07-30 10:48 - 01518504 _____ () C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe
2011-09-13 15:41 - 2010-04-05 20:55 - 00116104 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2013-12-19 03:42 - 2013-12-19 03:42 - 00350840 ____N () C:\Program Files (x86)\Common Files\G Data\AVKProxy\PktIcpt2x64.dll
2014-09-30 01:51 - 2014-09-30 01:51 - 00074664 _____ () C:\Program Files (x86)\SlySoft\AnyDVD\ADvdDiscHlp64.exe
2014-04-29 14:24 - 2014-04-29 14:24 - 15377920 _____ () C:\Program Files (x86)\qBittorrent\qbittorrent.exe
2014-10-11 12:06 - 2011-06-24 21:56 - 00087328 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 12:05 - 2011-06-24 21:56 - 01241888 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2008-06-05 01:01 - 2008-06-05 01:01 - 00344064 _____ () C:\Program Files (x86)\Packard Bell\Software Suite SE\sqlite3.dll
2009-06-13 00:37 - 2009-06-13 00:37 - 00032768 _____ () C:\Program Files (x86)\Packard Bell Photo Frame\IOIUSBLib.dll
2009-06-13 00:37 - 2009-06-13 00:37 - 00025088 _____ () C:\Program Files (x86)\Packard Bell Photo Frame\IOIHIDLib.dll
2008-08-05 01:03 - 2008-08-05 01:03 - 00024576 _____ () C:\Program Files (x86)\Common Files\MAGIX Services\Database\UDF\fbudf.DLL

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:0B9176C0
AlternateDataStreams: C:\ProgramData\TEMP:1D32EC29
AlternateDataStreams: C:\ProgramData\TEMP:4CF61E54
AlternateDataStreams: C:\ProgramData\TEMP:4D066AD2
AlternateDataStreams: C:\ProgramData\TEMP:5D7E5A8F
AlternateDataStreams: C:\ProgramData\TEMP:93DE1838
AlternateDataStreams: C:\ProgramData\TEMP:AB689DEA
AlternateDataStreams: C:\ProgramData\TEMP:ABE89FFE
AlternateDataStreams: C:\ProgramData\TEMP:CB0AACC9
AlternateDataStreams: C:\ProgramData\TEMP:E1F04E8D
AlternateDataStreams: C:\ProgramData\TEMP:E3C56885

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3298656242-1969614524-1323152709-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Alexander Eichhorn\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-3298656242-1969614524-1323152709-500 - Administrator - Disabled)
Alexander Eichhorn (S-1-5-21-3298656242-1969614524-1323152709-1000 - Administrator - Enabled) => C:\Users\Alexander Eichhorn
Alexander Eichhorn_2 (S-1-5-21-3298656242-1969614524-1323152709-1003 - Limited - Enabled) => C:\Users\Alexander Eichhorn_2
fbwuser (S-1-5-21-3298656242-1969614524-1323152709-1002 - Limited - Disabled) => C:\Users\fbwuser
Gast (S-1-5-21-3298656242-1969614524-1323152709-501 - Limited - Disabled)
UpdatusUser (S-1-5-21-3298656242-1969614524-1323152709-1001 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/15/2015 07:49:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: AVKProxy.exe, Version: 1.5.14043.574, Zeitstempel: 0x52fb3224
Name des fehlerhaften Moduls: avkhttp.dll, Version: 25.0.14079.176, Zeitstempel: 0x532a4adc
Ausnahmecode: 0xc0000417
Fehleroffset: 0x0008cf92
ID des fehlerhaften Prozesses: 0x5f0
Startzeit der fehlerhaften Anwendung: 0xAVKProxy.exe0
Pfad der fehlerhaften Anwendung: AVKProxy.exe1
Pfad des fehlerhaften Moduls: AVKProxy.exe2
Berichtskennung: AVKProxy.exe3

Error: (02/15/2015 01:10:54 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (02/15/2015 01:10:54 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (02/15/2015 01:10:54 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (02/15/2015 01:10:54 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (02/14/2015 04:42:12 PM) (Source: AHDDC2_Service.exe) (EventID: 0) (User: )
Description: Cannot terminate an externally created thread

Error: (02/14/2015 03:26:40 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (02/14/2015 03:26:40 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (02/14/2015 03:26:40 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (02/14/2015 03:26:40 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".


System errors:
=============
Error: (02/15/2015 07:50:24 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "G Data AntiVirus Proxy" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
%%1056

Error: (02/15/2015 07:49:24 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "G Data AntiVirus Proxy" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (02/15/2015 05:40:38 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.

Error: (02/15/2015 05:40:37 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.

Error: (02/15/2015 05:40:37 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.

Error: (02/15/2015 01:41:52 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.

Error: (02/15/2015 01:41:52 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.

Error: (02/15/2015 01:41:49 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.

Error: (02/15/2015 01:41:48 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.

Error: (02/15/2015 01:41:48 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.


Microsoft Office Sessions:
=========================
Error: (02/15/2015 07:49:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: AVKProxy.exe1.5.14043.57452fb3224avkhttp.dll25.0.14079.176532a4adcc00004170008cf925f001d04882e59b2de0C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exeC:\Program Files (x86)\Common Files\G Data\AVKProxy\avkhttp.dll5199d34c-b543-11e4-8ae9-00016c6d5d91

Error: (02/15/2015 01:10:54 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe

Error: (02/15/2015 01:10:54 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksss.exe

Error: (02/15/2015 01:10:54 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksCal.exe

Error: (02/15/2015 01:10:54 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksdb.exe

Error: (02/14/2015 04:42:12 PM) (Source: AHDDC2_Service.exe) (EventID: 0) (User: )
Description: Cannot terminate an externally created thread

Error: (02/14/2015 03:26:40 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe

Error: (02/14/2015 03:26:40 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksss.exe

Error: (02/14/2015 03:26:40 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksCal.exe

Error: (02/14/2015 03:26:40 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksdb.exe


CodeIntegrity Errors:
===================================
  Date: 2013-11-23 15:09:45.556
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\gdi32.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5 CPU 750 @ 2.67GHz
Percentage of memory in use: 63%
Total physical RAM: 3063.11 MB
Available physical RAM: 1131.3 MB
Total Pagefile: 6124.41 MB
Available Pagefile: 3405.95 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (Packard Bell) (Fixed) (Total:457.95 GB) (Free:10.49 GB) NTFS
Drive d: (DATA) (Fixed) (Total:458.46 GB) (Free:3.97 GB) NTFS
Drive l: (Seagate Expansion Drive) (Fixed) (Total:931.51 GB) (Free:576.15 GB) NTFS
Drive m: (Volume) (Fixed) (Total:1863.01 GB) (Free:1.64 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 3C83586A)
Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=458 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=458.5 GB) - (Type=07 NTFS)

========================================================
Disk: 6 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: F48FABDF)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 7 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: DBE2D2F1)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

==================== End Of Log ============================
FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-02-2015
Ran by Alexander Eichhorn (administrator) on PACKARDBELL on 15-02-2015 21:30:51
Running from C:\Users\Alexander Eichhorn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DAWSY6BA
Loaded Profiles: Alexander Eichhorn (Available profiles: Alexander Eichhorn & UpdatusUser & fbwuser & Alexander Eichhorn_2)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ABBYY) C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
() C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Acer Incorporated) C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Acer) C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
(RapidSolution Software AG) C:\Program Files (x86)\RapidSolution\Audials 9\VCDWriter\64\VCDAudioService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\GdBgInx64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Ashampoo Development GmbH & Co. KG) C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Guard.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
(SlySoft, Inc.) C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
(Acer Incorporated) C:\Program Files (x86)\Packard Bell\Software Suite SE\SoftSuiteSE.exe
(Spotify Ltd) C:\Users\Alexander Eichhorn\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\TotalMedia Backup\uBBMonitor.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(IOI) C:\Program Files (x86)\Packard Bell Photo Frame\ButtonMonitor.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(ScanSoft, Inc.) C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
(SlySoft, Inc.) C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Acer Incorporated) C:\Program Files (x86)\Packard Bell\Software Suite SE\SEDevDetect.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
() C:\Program Files (x86)\SlySoft\AnyDVD\ADvdDiscHlp64.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Companion\companionuser.exe
(MAGIX®) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Companion\companionuser.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_16_0_0_305_ActiveX.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKBap64.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7833120 2009-05-22] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-05-22] (Realtek Semiconductor Corp.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2726728 2010-03-25] (CANON INC.)
HKLM\...\Run: [Ashampoo HDD-Control 2 Guard] => C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Guard.exe [3783592 2012-07-30] (Ashampoo Development GmbH & Co. KG)
HKLM-x32\...\Run: [Packard Bell Photo Frame] => C:\Program Files (x86)\Packard Bell Photo Frame\ButtonMonitor.exe [124416 2009-07-20] (IOI)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [AppleSyncNotifier] => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [47904 2010-09-21] (Apple Inc.)
HKLM-x32\...\Run: [SSBkgdUpdate] => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [185896 2006-09-28] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [OpwareSE4] => C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpwareSE4.exe [75304 2006-10-11] (ScanSoft, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-07-05] (Apple Inc.)
HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1185112 2010-04-02] (CANON INC.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [Bonus.SSR.FR11] => C:\Program Files (x86)\ABBYY FineReader 11\Bonus.ScreenshotReader.exe [925960 2011-08-19] (ABBYY.)
HKLM-x32\...\Run: [CloneCDTray] => C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe [57344 2009-01-29] (SlySoft, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)
HKLM-x32\...\Run: [GDFirewallTray] => C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe [1724728 2013-12-19] (G Data Software AG)
HKLM\...\RunOnce: [NCInstallQueue] => rundll32 netman.dll,ProcessQueue
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe,c:\program files (x86)\g data\internetsecurity\avkkid\avkcks.exe
HKU\S-1-5-19\...\Winlogon: [Shell] C:\Windows\explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-20\...\Winlogon: [Shell] C:\Windows\explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-21-3298656242-1969614524-1323152709-1000\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4280184 2012-03-08] (Microsoft Corporation)
HKU\S-1-5-21-3298656242-1969614524-1323152709-1000\...\Run: [AnyDVD] => C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVD.exe [109480 2015-01-15] (SlySoft, Inc.)
HKU\S-1-5-21-3298656242-1969614524-1323152709-1000\...\Run: [Software Suite SE] => C:\Program Files (x86)\Packard Bell\Software Suite SE\SoftSuiteSE.exe [2356256 2009-09-10] (Acer Incorporated)
HKU\S-1-5-21-3298656242-1969614524-1323152709-1000\...\Run: [Spotify Web Helper] => C:\Users\Alexander Eichhorn\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-16] (Spotify Ltd)
HKU\S-1-5-21-3298656242-1969614524-1323152709-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-12-26] (Google Inc.)
HKU\S-1-5-21-3298656242-1969614524-1323152709-1000\...\Winlogon: [Shell] C:\Windows\explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-18\...\Winlogon: [Shell] C:\Windows\explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION
Startup: C:\Users\Alexander Eichhorn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TotalMedia Backup Monitor.lnk
ShortcutTarget: TotalMedia Backup Monitor.lnk -> C:\Program Files (x86)\ArcSoft\TotalMedia Backup\uBBMonitor.exe (ArcSoft, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKU\S-1-5-21-3298656242-1969614524-1323152709-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-3298656242-1969614524-1323152709-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = https://de.yahoo.com?fr=hp-avast&type=prc265
URLSearchHook: HKLM-x32 - (No Name) - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - No File
URLSearchHook: HKU\S-1-5-21-3298656242-1969614524-1323152709-1000 - (No Name) - {5786d022-540e-4699-b350-b4be0ae94b79} - No File
URLSearchHook: HKU\S-1-5-21-3298656242-1969614524-1323152709-1000 - (No Name) - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - No File
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: No Name -> {c95a4e8e-816d-4655-8c79-d736da1adb6d} ->  No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - No Name - {c95a4e8e-816d-4655-8c79-d736da1adb6d} -  No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-3298656242-1969614524-1323152709-1000 -> No Name - {C95A4E8E-816D-4655-8C79-D736DA1ADB6D} -  No File
Toolbar: HKU\S-1-5-21-3298656242-1969614524-1323152709-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: HKLM-x32 {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: HKLM-x32 {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: HKLM-x32 {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Alexander Eichhorn\AppData\Roaming\Mozilla\Firefox\Profiles\8dhk0ogk.default
FF DefaultSearchEngine: Yahoo! (Avast)
FF SearchEngineOrder.1: Yahoo! (Avast)
FF Homepage: https://www.google.de/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @java.com/DTPlugin,version=10.13.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3298656242-1969614524-1323152709-1000: sony.com/MediaGoDetector -> C:\Program Files (x86)\Sony\Media Go\npMediaGoDetector.dll (Sony Network Entertainment International LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Users\Alexander Eichhorn\AppData\Roaming\Mozilla\Firefox\Profiles\8dhk0ogk.default\searchplugins\yahoo-avast.xml
FF Extension: Download videos and MP3s from YouTube - C:\Users\Alexander Eichhorn\AppData\Roaming\Mozilla\Firefox\Profiles\8dhk0ogk.default\Extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900} [2014-11-02]
FF Extension: Hotspot Shield  - C:\Users\Alexander Eichhorn\AppData\Roaming\Mozilla\Firefox\Profiles\8dhk0ogk.default\Extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d} [2013-08-07]
FF Extension: MEGA - C:\Users\Alexander Eichhorn\AppData\Roaming\Mozilla\Firefox\Profiles\8dhk0ogk.default\Extensions\firefox@mega.co.nz.xpi [2014-10-23]
FF Extension: ProxTube - C:\Users\Alexander Eichhorn\AppData\Roaming\Mozilla\Firefox\Profiles\8dhk0ogk.default\Extensions\ich@maltegoetz.de.xpi [2014-09-11]
FF Extension: Online Translator Toolbar - C:\Users\Alexander Eichhorn\AppData\Roaming\Mozilla\Firefox\Profiles\8dhk0ogk.default\Extensions\{BD4B37E6-7AE7-48d7-A2D7-6FF5775924AB}.xpi [2013-10-27]
FF Extension: Anti-Banner - C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak2 [2015-02-12]
FF Extension: Modul zur Link-Untersuchung - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2 [2015-02-12]
FF Extension: Hotspot Shield Extension - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afproxy@anchorfree.com [2015-02-12]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-02-12]
FF HKU\S-1-5-21-3298656242-1969614524-1323152709-1000\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-11-02]

Chrome:
=======
CHR Profile: C:\Users\Alexander Eichhorn\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Kaspersky URL Advisor) - C:\Users\Alexander Eichhorn\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2013-11-14]
CHR Extension: (avast! Online Security) - C:\Users\Alexander Eichhorn\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-01-22]
CHR Extension: (Virtual Keyboard) - C:\Users\Alexander Eichhorn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2013-11-14]
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Alexander Eichhorn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2010-04-17]
CHR Extension: (Google Wallet) - C:\Users\Alexander Eichhorn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-14]
CHR Extension: (Anti-Banner) - C:\Users\Alexander Eichhorn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2013-11-14]
CHR HKLM-x32\...\Chrome\Extension: [ihenkjeihefokohmemphikjnjbmegdik] - "C:\Program Files (x86)\Sony\Media Go\MediaGoDetector.crx" [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ABBYY.Licensing.FineReader.Professional.11.0; C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe [819976 2011-08-18] (ABBYY)
R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AHDDC2; C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe [1518504 2012-07-30] ()
R2 AVKProxy; C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2244728 2014-02-12] (G Data Software AG)
R2 AVKService; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe [914552 2013-12-19] (G Data Software AG)
R2 AVKWCtl; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe [2723400 2014-03-25] (G Data Software AG)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S3 DfSdkS; C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 2\DfSdkS64.exe [544768 2009-08-24] (mst software GmbH, Germany) [File not signed]
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1155072 2009-02-03] (MAGIX AG) [File not signed]
R3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2009-09-14] (Macrovision Europe Ltd.) [File not signed]
R3 GDFwSvc; C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe [2992760 2014-01-30] (G Data Software AG)
R3 GDScan; C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [700024 2014-02-03] (G Data Software AG)
R2 Greg_Service; C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe [1150496 2009-06-04] (Acer Incorporated)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [116104 2010-04-05] ()
R2 Updater Service; C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [240160 2009-07-04] (Acer)
R2 Virtual CDAudio Service; C:\Program Files (x86)\RapidSolution\Audials 9\VCDWriter\64\VCDAudioService.exe [179048 2012-08-20] (RapidSolution Software AG)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [150440 2014-12-23] (SlySoft, Inc.)
R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [150440 2014-12-23] (SlySoft, Inc.)
R3 ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [40648 2007-02-16] (SlySoft, Inc.)
R3 ElbyCDFL; C:\Windows\SysWOW64\Drivers\ElbyCDFL.sys [40648 2007-02-16] (SlySoft, Inc.)
R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [57344 2014-06-17] (G Data Software AG)
R1 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [135168 2014-06-17] (G Data Software AG)
R3 GDPkIcpt; C:\Windows\system32\drivers\PktIcpt.sys [68608 2014-06-17] (G Data Software AG)
R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd64.sys [64000 2014-06-17] (G Data Software AG)
R1 GRD; C:\Windows\system32\drivers\GRD.sys [106272 2014-06-17] (G Data Software)
R1 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [65024 2014-06-17] (G Data Software AG)
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [44744 2013-12-17] (AnchorFree Inc.)
S3 libusb0; C:\Windows\SysWOW64\drivers\libusb0.sys [33792 2005-03-09] () [File not signed]
S3 RRNetCap; C:\Windows\System32\DRIVERS\rrnetcap.sys [37480 2012-01-03] (RapidSolution Software AG)
R3 RRNetCapMP; C:\Windows\System32\DRIVERS\rrnetcap.sys [37480 2012-01-03] (RapidSolution Software AG)
R3 rsvcdwdr; C:\Windows\System32\DRIVERS\rsvcdwdr.sys [45160 2011-11-16] (RapidSolution Software AG)
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-06-21] (Anchorfree Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-15 21:20 - 2015-02-15 21:30 - 00000000 ____D () C:\FRST
2015-02-14 21:55 - 2015-02-15 09:56 - 00000000 ____D () C:\Users\Alexander Eichhorn\AppData\Local\{0D5C9FF2-C78C-497A-8132-5E8AAC85FA5D}
2015-02-14 09:53 - 2015-02-14 09:54 - 00000000 ____D () C:\Users\Alexander Eichhorn\AppData\Local\{A9FDCDA2-9117-447B-AD74-B7CD9B0AE617}
2015-02-12 14:37 - 2015-01-23 05:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-12 14:37 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-12 14:37 - 2015-01-23 04:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-12 14:37 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-12 09:00 - 2015-02-12 09:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-02-11 16:01 - 2015-02-04 04:16 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-11 16:01 - 2015-02-04 04:16 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-11 16:01 - 2015-02-04 04:16 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-11 16:01 - 2015-02-04 04:16 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-11 16:01 - 2015-02-04 04:16 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-11 16:01 - 2015-02-04 04:16 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-02-11 16:01 - 2015-02-04 04:13 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-11 16:01 - 2015-01-28 00:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-02-11 16:00 - 2015-01-15 09:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 16:00 - 2015-01-15 09:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-11 16:00 - 2015-01-15 09:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 16:00 - 2015-01-15 09:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-11 16:00 - 2015-01-15 09:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-11 16:00 - 2015-01-15 09:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-11 16:00 - 2015-01-15 09:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-11 16:00 - 2015-01-15 09:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-11 16:00 - 2015-01-15 09:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-11 16:00 - 2015-01-15 09:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-11 16:00 - 2015-01-15 09:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 16:00 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-11 16:00 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-11 16:00 - 2015-01-15 08:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-11 16:00 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-11 16:00 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-11 16:00 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-11 16:00 - 2015-01-15 05:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 16:00 - 2015-01-14 06:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-11 16:00 - 2015-01-14 06:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-11 16:00 - 2015-01-13 04:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 16:00 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-11 16:00 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 16:00 - 2015-01-12 04:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-11 16:00 - 2015-01-12 04:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-11 16:00 - 2015-01-12 03:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-11 16:00 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 16:00 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 16:00 - 2015-01-12 03:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-11 16:00 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-11 16:00 - 2015-01-12 03:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-11 16:00 - 2015-01-12 03:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-11 16:00 - 2015-01-12 03:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-11 16:00 - 2015-01-12 03:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-11 16:00 - 2015-01-12 03:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-11 16:00 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-11 16:00 - 2015-01-12 03:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-11 16:00 - 2015-01-12 03:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-11 16:00 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 16:00 - 2015-01-12 03:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-11 16:00 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-11 16:00 - 2015-01-12 03:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-11 16:00 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 16:00 - 2015-01-12 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-11 16:00 - 2015-01-12 03:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-11 16:00 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-11 16:00 - 2015-01-12 03:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-11 16:00 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-11 16:00 - 2015-01-12 03:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-11 16:00 - 2015-01-12 02:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-11 16:00 - 2015-01-12 02:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-11 16:00 - 2015-01-12 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-11 16:00 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 16:00 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-11 16:00 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 16:00 - 2015-01-12 02:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-11 16:00 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-11 16:00 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 16:00 - 2015-01-12 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-11 16:00 - 2015-01-12 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-11 16:00 - 2015-01-12 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-11 16:00 - 2015-01-12 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-11 16:00 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 16:00 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-11 16:00 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-11 16:00 - 2015-01-12 02:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-11 16:00 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-11 16:00 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 16:00 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-11 16:00 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-11 16:00 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-11 16:00 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-11 16:00 - 2015-01-10 07:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-11 16:00 - 2015-01-10 07:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-11 16:00 - 2015-01-10 07:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-11 16:00 - 2015-01-10 07:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-11 16:00 - 2015-01-10 07:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-11 16:00 - 2015-01-10 07:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-11 16:00 - 2015-01-10 07:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-11 16:00 - 2015-01-10 07:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-11 16:00 - 2015-01-10 07:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-11 16:00 - 2015-01-10 07:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-11 16:00 - 2015-01-10 07:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-11 16:00 - 2015-01-10 07:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-11 16:00 - 2015-01-10 07:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-11 16:00 - 2015-01-10 07:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-11 15:59 - 2014-12-12 06:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-11 15:59 - 2014-12-12 06:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-11 15:59 - 2014-11-26 04:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 15:59 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-11 15:59 - 2014-10-04 03:10 - 03722752 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-02-11 15:59 - 2014-10-04 02:42 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-02-11 15:59 - 2014-10-04 02:42 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2015-02-11 15:59 - 2014-07-07 03:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-02-11 15:59 - 2014-07-07 03:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-02-11 15:59 - 2014-07-07 02:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-02-11 15:59 - 2014-07-07 02:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-02-11 15:58 - 2015-01-14 07:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 15:58 - 2015-01-14 07:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-11 15:58 - 2015-01-14 07:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-11 15:58 - 2015-01-14 07:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-11 15:58 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-11 15:58 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-11 15:58 - 2015-01-14 06:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-11 15:58 - 2014-12-08 04:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 15:58 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-11 15:57 - 2015-01-09 03:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-11 15:32 - 2015-02-11 15:32 - 00000000 ____D () C:\Users\Alexander Eichhorn\AppData\Local\{9E5D49F6-4A07-4CBE-BEB9-E21F71B3F01F}
2015-02-10 15:23 - 2015-02-10 15:23 - 00000000 ____D () C:\Users\Alexander Eichhorn\AppData\Local\{14234D6A-1CF4-4F70-A6B3-83906894CDF3}
2015-02-09 21:36 - 2015-02-09 21:36 - 00000000 ____D () C:\Users\Alexander Eichhorn\AppData\Local\{11FB5411-E31F-4FCC-B93F-D5147BD5AAA3}
2015-02-09 09:34 - 2015-02-09 09:34 - 00000000 ____D () C:\Users\Alexander Eichhorn\AppData\Local\{89CD9EC4-8A2E-4618-9B27-D0516EACF5F3}
2015-02-08 12:16 - 2015-02-08 12:16 - 00000000 ____D () C:\Users\Alexander Eichhorn\AppData\Local\{9C784214-B25B-4F2C-995E-4A54373AE469}
2015-02-07 18:16 - 2015-02-07 18:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-02-07 13:02 - 2015-02-07 13:02 - 00000000 ____D () C:\Users\Alexander Eichhorn\AppData\Local\{032C856D-1898-40C1-9009-E0EFECEFD694}
2015-02-06 15:02 - 2015-02-06 15:06 - 00000000 ____D () C:\Users\Alexander Eichhorn\AppData\Local\{8F6D0366-48C6-482D-8937-9706B4D9C561}
2015-02-05 22:47 - 2015-02-05 22:47 - 00000000 ____D () C:\Users\Alexander Eichhorn\AppData\Local\{AB3D7286-7899-4D90-B225-26B59CCD2832}
2015-02-05 10:45 - 2015-02-05 10:45 - 00000000 ____D () C:\Users\Alexander Eichhorn\AppData\Local\{5EBDFD6F-18A8-482A-9DD8-A90D241F41AD}
2015-02-04 21:37 - 2015-02-04 21:38 - 00000000 ____D () C:\Users\Alexander Eichhorn\AppData\Local\{9D5F802B-D69F-4985-A73E-8090246570F2}
2015-02-04 00:15 - 2015-02-04 00:15 - 00000000 ____D () C:\Users\Alexander Eichhorn\AppData\Local\{9947AD80-AF19-4931-AAB4-1A75585472FB}
2015-02-03 11:40 - 2015-02-03 11:40 - 00000000 ____D () C:\Users\Alexander Eichhorn\AppData\Local\{A193216C-1FF7-4BFA-9A1C-EC7D8F7C5D18}
2015-02-02 23:39 - 2015-02-02 23:39 - 00000000 ____D () C:\Users\Alexander Eichhorn\AppData\Local\{022062F2-DB88-4F19-BBDA-A8DD888869AB}
2015-02-02 11:37 - 2015-02-02 11:38 - 00000000 ____D () C:\Users\Alexander Eichhorn\AppData\Local\{A9A22D70-18B2-4BCC-9260-AB101882BDEE}
2015-02-01 23:36 - 2015-02-01 23:36 - 00000000 ____D () C:\Users\Alexander Eichhorn\AppData\Local\{946829B9-1689-43BD-AF93-BE7837667C5E}
2015-02-01 11:34 - 2015-02-01 11:35 - 00000000 ____D () C:\Users\Alexander Eichhorn\AppData\Local\{5D1DA40A-15AC-4088-8D83-77F387268FD3}
2015-01-31 14:32 - 2015-01-31 14:32 - 00000000 ____D () C:\Users\Alexander Eichhorn\AppData\Local\{413A3006-3998-480D-9DE1-C21935396F6A}
2015-01-30 23:14 - 2015-01-30 23:14 - 00000000 ____D () C:\Users\Alexander Eichhorn\AppData\Local\{BE584937-D688-4C35-8939-4A5E3DB25570}
2015-01-30 11:12 - 2015-01-30 11:13 - 00000000 ____D () C:\Users\Alexander Eichhorn\AppData\Local\{2CBECCFD-CB85-4BC9-8C57-95E1EF5C5029}
2015-01-29 15:39 - 2015-01-29 15:40 - 00000000 ____D () C:\Users\Alexander Eichhorn\AppData\Local\{49501538-333F-4B37-8387-E93D93E14724}
2015-01-28 15:29 - 2015-01-28 15:29 - 00000000 ____D () C:\Users\Alexander Eichhorn\AppData\Local\{57AACF4E-7DF7-4319-850A-CB9BF96EFCF7}
2015-01-27 15:12 - 2015-01-27 15:12 - 00000000 ____D () C:\Users\Alexander Eichhorn\AppData\Local\{6627C8D0-8F78-479D-B6DB-21E6DEA30CB5}
2015-01-26 12:19 - 2015-01-26 12:19 - 00000000 ____D () C:\Users\Alexander Eichhorn\AppData\Local\{A20275E6-E07D-4AEB-A304-1FDA5F259517}
2015-01-25 23:14 - 2015-01-25 23:14 - 00000000 ____D () C:\Users\Alexander Eichhorn\AppData\Local\{E51057DC-8D8E-4437-B53D-381197A79359}
2015-01-25 11:13 - 2015-01-25 11:13 - 00000000 ____D () C:\Users\Alexander Eichhorn\AppData\Local\{B2751483-708C-4783-9C43-114ED98BEA11}
2015-01-24 11:39 - 2015-01-24 11:39 - 00000000 ____D () C:\Users\Alexander Eichhorn\AppData\Local\{C9A54D70-B61F-4C55-BDA2-507CB430F196}
2015-01-23 17:22 - 2015-01-23 17:22 - 00000000 ____D () C:\Users\Alexander Eichhorn\AppData\Local\{403AD24E-9751-46D8-AA44-8B4B02F72DBD}
2015-01-22 16:18 - 2015-01-22 16:18 - 00000000 ____D () C:\Users\Alexander Eichhorn\AppData\Local\{27F80215-BC04-44A6-AB42-08910907D6B5}
2015-01-21 15:44 - 2015-01-21 15:44 - 00000000 ____D () C:\Users\Alexander Eichhorn\AppData\Local\{75B7E9CD-E014-4D1A-81D5-B64C6D212EFC}
2015-01-20 20:59 - 2015-01-20 20:59 - 00000000 ____D () C:\Users\Alexander Eichhorn\AppData\Local\{4C746156-7BF9-4200-81DC-412CE0FCC396}
2015-01-19 13:13 - 2015-01-19 13:13 - 00000808 _____ () C:\Users\Public\Desktop\Speccy.lnk
2015-01-19 11:35 - 2015-01-19 11:35 - 00000000 ____D () C:\Users\Alexander Eichhorn\AppData\Local\{5B27EF62-8B3B-494B-A6A2-F15DE585C7E1}
2015-01-18 23:32 - 2015-01-18 23:32 - 00000000 ____D () C:\Users\Alexander Eichhorn\AppData\Local\{13A61933-D1C3-4D50-924A-F9F0A37E61CB}
2015-01-18 11:31 - 2015-01-18 11:31 - 00000000 ____D () C:\Users\Alexander Eichhorn\AppData\Local\{3A6A4D2F-8851-416C-9E12-A4A097EA302E}
2015-01-17 23:05 - 2015-01-17 23:06 - 00000000 ____D () C:\Users\Alexander Eichhorn\AppData\Local\{CE28046C-2C06-4040-B66F-5F5AF9C246D9}
2015-01-17 11:04 - 2015-01-17 11:04 - 00000000 ____D () C:\Users\Alexander Eichhorn\AppData\Local\{98477016-9B5F-4B28-8F12-B4DFFF63B477}
2015-01-16 22:45 - 2015-01-16 22:45 - 00000000 ____D () C:\Users\Alexander Eichhorn\AppData\Local\{04555B27-6F0B-4693-9317-095C3571F3DE}

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-15 21:28 - 2009-09-14 07:44 - 02020277 _____ () C:\Windows\WindowsUpdate.log
2015-02-15 21:23 - 2012-04-02 18:25 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-15 21:15 - 2013-03-12 04:02 - 00003994 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{68453093-B853-42CC-B7A5-F058C5B2DE9A}
2015-02-15 20:43 - 2010-03-06 19:52 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-15 20:24 - 2010-03-06 19:50 - 00000000 ____D () C:\Users\Alexander Eichhorn\AppData\Roaming\Adobe
2015-02-15 19:22 - 2009-07-14 05:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-15 19:22 - 2009-07-14 05:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-15 16:37 - 2013-07-01 11:29 - 00000000 ____D () C:\Users\Alexander Eichhorn\AppData\Roaming\foobar2000
2015-02-15 16:21 - 2013-04-01 20:12 - 00101064 _____ () C:\Windows\setupact.log
2015-02-15 12:11 - 2010-03-06 19:34 - 00000000 ____D () C:\Users\Alexander Eichhorn
2015-02-15 01:39 - 2014-12-11 01:00 - 00000000 ____D () C:\Windows\rescache
2015-02-14 21:43 - 2010-03-06 19:52 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-14 19:22 - 2010-03-09 23:58 - 00000000 ____D () C:\Users\Alexander Eichhorn\Tracing
2015-02-14 19:20 - 2009-09-14 07:50 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-14 19:20 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-14 09:50 - 2012-07-22 11:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-13 22:05 - 2012-04-04 17:03 - 00000000 ____D () C:\Users\Alexander Eichhorn\AppData\Roaming\Spotify
2015-02-13 21:49 - 2012-04-04 17:04 - 00000000 ____D () C:\Users\Alexander Eichhorn\AppData\Local\Spotify
2015-02-13 13:53 - 2014-11-03 22:37 - 00000000 ____D () C:\Users\Alexander Eichhorn\AppData\Roaming\xrecode2
2015-02-11 19:11 - 2009-07-14 05:45 - 00572096 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-11 19:10 - 2009-09-14 07:41 - 00998264 _____ () C:\Windows\PFRO.log
2015-02-11 19:07 - 2014-12-10 21:41 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-11 19:07 - 2014-05-06 19:40 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-11 17:47 - 2009-09-04 02:46 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-11 17:47 - 2009-07-14 03:34 - 00000478 _____ () C:\Windows\win.ini
2015-02-11 17:38 - 2013-08-14 00:36 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-11 17:31 - 2010-10-16 11:26 - 00000000 ____D () C:\Users\Alexander Eichhorn\AppData\Roaming\AccurateRip
2015-02-11 17:11 - 2010-05-08 10:36 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-07 19:50 - 2009-09-13 17:28 - 02924358 _____ () C:\Windows\system32\perfh007.dat
2015-02-07 19:50 - 2009-09-13 17:28 - 00840826 _____ () C:\Windows\system32\perfc007.dat
2015-02-07 19:50 - 2009-07-14 06:13 - 00006264 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-05 03:07 - 2012-04-02 18:25 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-05 03:07 - 2012-04-02 18:25 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-05 03:07 - 2011-05-13 18:43 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-04 21:38 - 2010-03-06 19:52 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-04 21:38 - 2010-03-06 19:52 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-04 10:07 - 2014-06-15 12:05 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-02-04 09:10 - 2013-11-23 20:51 - 00000000 ____D () C:\Users\Alexander Eichhorn_2
2015-02-04 09:09 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2015-02-04 00:44 - 2014-06-15 12:05 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-02-04 00:44 - 2014-01-15 05:39 - 00001705 _____ () C:\Windows\wininit.ini
2015-02-01 22:00 - 2011-01-01 20:59 - 00000000 ____D () C:\Users\Alexander Eichhorn\AppData\Local\Thunderbird
2015-02-01 06:39 - 2011-09-13 15:34 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2015-01-24 19:02 - 2013-10-26 21:34 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-24 19:01 - 2014-10-20 19:11 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2015-01-24 19:01 - 2014-10-20 19:11 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2015-01-24 19:01 - 2014-10-20 19:11 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2015-01-24 19:01 - 2014-10-20 19:11 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-01-24 19:01 - 2014-10-20 19:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-01-24 19:00 - 2010-03-27 16:49 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-19 13:13 - 2014-05-29 14:50 - 00000000 ____D () C:\Program Files\Speccy
2015-01-18 11:39 - 2010-03-21 21:26 - 00001117 _____ () C:\Users\Public\Desktop\AnyDVD.lnk

==================== Files in the root of some directories =======

2009-09-03 15:12 - 2008-06-11 16:12 - 0776614 _____ () C:\Program Files (x86)\Common Files\packardbell.ico
2013-10-18 18:47 - 2013-10-19 21:02 - 0000000 _____ () C:\Users\Alexander Eichhorn\AppData\Roaming\bitlord_log.txt
2014-06-17 17:48 - 2014-06-17 17:48 - 0000000 _____ () C:\Users\Alexander Eichhorn\AppData\Roaming\gdfw.log
2014-06-17 17:48 - 2014-06-17 19:11 - 0001558 _____ () C:\Users\Alexander Eichhorn\AppData\Roaming\gdscan.log
2011-02-22 23:25 - 2011-02-22 23:25 - 0033134 _____ () C:\Users\Alexander Eichhorn\AppData\Roaming\UserTile.png
2010-03-27 16:06 - 2014-01-05 20:53 - 0002418 _____ () C:\Users\Alexander Eichhorn\AppData\Roaming\wklnhst.dat
2012-08-16 13:37 - 2012-08-16 13:37 - 0000036 _____ () C:\Users\Alexander Eichhorn\AppData\Local\housecall.guid.cache
2013-10-18 21:12 - 2013-10-18 21:12 - 0000218 _____ () C:\Users\Alexander Eichhorn\AppData\Local\recently-used.xbel
2012-10-07 23:16 - 2012-10-07 23:16 - 0007605 _____ () C:\Users\Alexander Eichhorn\AppData\Local\Resmon.ResmonCfg
2013-02-15 16:31 - 2013-02-15 16:31 - 0017408 _____ () C:\Users\Alexander Eichhorn\AppData\Local\WebpageIcons.db
2011-05-08 16:37 - 2011-05-08 16:37 - 0000000 _____ () C:\Users\Alexander Eichhorn\AppData\Local\{0E5A9BF8-7C24-4F97-9CE1-B020448403CF}
2011-05-07 17:32 - 2011-05-07 17:32 - 0000000 _____ () C:\Users\Alexander Eichhorn\AppData\Local\{1F1EC240-E24E-4B8C-A399-E4818BB2BB50}
2011-05-08 14:24 - 2011-05-08 14:24 - 0000000 _____ () C:\Users\Alexander Eichhorn\AppData\Local\{646740F9-8542-4F26-918C-E2C7EA351FD3}
2011-05-05 16:44 - 2011-05-05 16:44 - 0000000 _____ () C:\Users\Alexander Eichhorn\AppData\Local\{779A6701-2396-4A40-B0CD-979470CE972B}
2011-05-31 14:54 - 2011-05-31 14:54 - 0000000 _____ () C:\Users\Alexander Eichhorn\AppData\Local\{98225FA2-340B-4028-863E-FFBD748DDE4D}
2011-05-09 22:24 - 2011-05-09 22:24 - 0000000 _____ () C:\Users\Alexander Eichhorn\AppData\Local\{F46FEBB3-11BA-4B3B-8D2C-D1D6D414DA38}
2010-03-21 21:28 - 2012-10-03 12:13 - 0000166 ___SH () C:\ProgramData\.zreglib
2009-09-03 15:13 - 2009-07-18 02:57 - 0036136 _____ (Oberon Media) C:\ProgramData\FullRemove.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-13 09:02

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

deeprybka 15.02.2015 21:41
Hi,

Schritt 1
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Schritt 2

http://deeprybka.trojaner-board.de/m...mbamlogo4a.pnghttp://deeprybka.trojaner-board.de/m...mbamlogo4b.png
  • Download
  • Installiere das Programm in den vorgegebenen Pfad.
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Sollte die Benutzeroberfläche noch in Englisch sein, klicke auf Settings und wähle bei Language Deutsch aus.
  • Unter Erkennung und Schutz setze bitte einen Haken bei "Suche nach Rootkits".
  • Klicke im Anschluss auf "Suchlauf", wähle den Bedrohungssuchlauf aus, aktualisiere die Datenbanken und klicke auf "Suchlauf jetzt starten".
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. (geht so...)
  • Poste mir den Inhalt der Logdatei (geht so...). Klicke dazu auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Suchlauf-Protokoll aus und klicke auf Ansicht. Klicke auf "In Zwischenablage kopieren" poste mir den Inhalt in Code-Tags als Antwort in den Thread.

Schritt 3

http://filepony.de/icon/frst.pnghttp://deeprybka.trojaner-board.de/b...t/frstscan.png

Bitte starte FRST erneut, markiere auch die checkbox http://deeprybka.trojaner-board.de/b...t/addition.pngund drücke auf Scan.
Bitte poste mir den Inhalt der beiden Logs die erstellt werden.

Anton8 15.02.2015 23:56
Code:
# AdwCleaner v4.110 - Bericht erstellt 15/02/2015 um 21:59:11
# Aktualisiert 05/02/2015 von Xplode
# Datenbank : 2015-02-14.2 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64)
# Benutzername : Alexander Eichhorn - PACKARDBELL
# Gestarted von : C:\Users\Alexander Eichhorn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DAWSY6BA\AdwCleaner_4.110.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Users\Alexander Eichhorn\AppData\Local\CrashRpt
Ordner Gelöscht : C:\Users\Alexander Eichhorn\AppData\Roaming\ProgSense

***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C95A4E8E-816D-4655-8C79-D736DA1ADB6D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7854F00C-DC77-477E-A10E-603F48442D3B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{C95A4E8E-816D-4655-8C79-D736DA1ADB6D}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{C95A4E8E-816D-4655-8C79-D736DA1ADB6D}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{C95A4E8E-816D-4655-8C79-D736DA1ADB6D}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{C95A4E8E-816D-4655-8C79-D736DA1ADB6D}]
Schlüssel Gelöscht : HKCU\Software\ProgSense
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\chatango.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\st.chatango.com
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - 127.0.0.1;localhost;10.*;192.168.*;127.0.0.1:895;127.0.0.1:896;<local>

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17631


-\\ Mozilla Firefox v35.0.1 (x86 de)


-\\ Google Chrome v40.0.2214.111


*************************

AdwCleaner[R0].txt - [93993 Bytes] - [26/12/2014 01:52:22]
AdwCleaner[R1].txt - [2642 Bytes] - [15/02/2015 21:56:44]
AdwCleaner[S0].txt - [97600 Bytes] - [26/12/2014 02:00:19]
AdwCleaner[S1].txt - [2512 Bytes] - [15/02/2015 21:59:11]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2571  Bytes] ##########
Hallo,

zuerst einmal vielen Dank, daß Du mir so gut hilfst. Der Bedrohungs Suchlauf läuft und läuft, ich denke das dauert bestimmt noch die halbe Nacht. Sobald das beendet ist, sende ich die Informationen, also dann bis Morgen.


Gruß

A.

[

So hier das Ergebnis von Malwarebytes:


Code:
2015/02/15 22:16:29 +0100 mbam-log-2015-02-15 (22-16-27).xml yes  2.00.4.1028 v2015.02.15.05 v2015.02.03.01 trial enabled enabled disabled  Windows 7 Service Pack 1 x64 Alexander Eichhorn NTFS  threat completed 524328 3220 0 0 7 3 0 2 2 0  enabled enabled enabled enabled enabled disabled enabled enabled enabled  HKU\S-1-5-21-3298656242-1969614524-1323152709-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{30F9B915-B755-4826-820B-08FBA6BD249D}PUP.Optional.ConduitTB.Asuccess749ed248375385b1371f2ae07f84c23e HKU\S-1-5-21-3298656242-1969614524-1323152709-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{30F9B915-B755-4826-820B-08FBA6BD249D}PUP.Optional.ConduitTB.Asuccess749ed248375385b1371f2ae07f84c23e HKU\S-1-5-21-3298656242-1969614524-1323152709-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}PUP.Optional.DVDVideoSoftTB.Asuccess17fb17035634fd39b02ab94c19ea4bb5 HKU\S-1-5-21-3298656242-1969614524-1323152709-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}PUP.Optional.DVDVideoSoftTB.Asuccess17fb17035634fd39b02ab94c19ea4bb5 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}PUP.Optional.SearchProtectsuccesse32f50ca91f9a393b1f5e32f4cb902fe HKU\S-1-5-21-3298656242-1969614524-1323152709-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\DVDVideoSoftTBPUP.Optional.DVDVideoSoftTB.Asuccessbf538298a1e9979f8561247ffd06946c HKU\S-1-5-21-3298656242-1969614524-1323152709-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\PriceGongPUP.Optional.PriceGong.Asuccess4ac8001a1a70082e3b835a42798af010 HKU\S-1-5-21-3298656242-1969614524-1323152709-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER{872B5B88-9DB5-4310-BDD0-AC189557E5F5}PUP.Optional.DVDVideoSoftTB.Asuccess

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-02-2015
Ran by Alexander Eichhorn (administrator) on PACKARDBELL on 15-02-2015 23:59:03
Running from C:\Users\Alexander Eichhorn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DAWSY6BA
Loaded Profiles: Alexander Eichhorn (Available profiles: Alexander Eichhorn & UpdatusUser & fbwuser & Alexander Eichhorn_2)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ABBYY) C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
() C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Acer Incorporated) C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Acer) C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
(RapidSolution Software AG) C:\Program Files (x86)\RapidSolution\Audials 9\VCDWriter\64\VCDAudioService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKBap64.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\GdBgInx64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Ashampoo Development GmbH & Co. KG) C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Guard.exe
(Acer Incorporated) C:\Program Files (x86)\Packard Bell\Software Suite SE\SoftSuiteSE.exe
(Spotify Ltd) C:\Users\Alexander Eichhorn\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(SlySoft, Inc.) C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\TotalMedia Backup\uBBMonitor.exe
(IOI) C:\Program Files (x86)\Packard Bell Photo Frame\ButtonMonitor.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(ScanSoft, Inc.) C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
(SlySoft, Inc.) C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Program Files (x86)\SlySoft\AnyDVD\ADvdDiscHlp64.exe
(Acer Incorporated) C:\Program Files (x86)\Packard Bell\Software Suite SE\SEDevDetect.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_16_0_0_305_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Farbar) C:\Users\Alexander Eichhorn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DAWSY6BA\FRST64 (1).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7833120 2009-05-22] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-05-22] (Realtek Semiconductor Corp.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2726728 2010-03-25] (CANON INC.)
HKLM\...\Run: [Ashampoo HDD-Control 2 Guard] => C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Guard.exe [3783592 2012-07-30] (Ashampoo Development GmbH & Co. KG)
HKLM-x32\...\Run: [Packard Bell Photo Frame] => C:\Program Files (x86)\Packard Bell Photo Frame\ButtonMonitor.exe [124416 2009-07-20] (IOI)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [AppleSyncNotifier] => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [47904 2010-09-21] (Apple Inc.)
HKLM-x32\...\Run: [SSBkgdUpdate] => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [185896 2006-09-28] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [OpwareSE4] => C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpwareSE4.exe [75304 2006-10-11] (ScanSoft, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-07-05] (Apple Inc.)
HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1185112 2010-04-02] (CANON INC.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [Bonus.SSR.FR11] => C:\Program Files (x86)\ABBYY FineReader 11\Bonus.ScreenshotReader.exe [925960 2011-08-19] (ABBYY.)
HKLM-x32\...\Run: [CloneCDTray] => C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe [57344 2009-01-29] (SlySoft, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)
HKLM-x32\...\Run: [GDFirewallTray] => C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe [1724728 2013-12-19] (G Data Software AG)
HKLM\...\RunOnce: [NCInstallQueue] => rundll32 netman.dll,ProcessQueue
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe,c:\program files (x86)\g data\internetsecurity\avkkid\avkcks.exe,
HKU\S-1-5-19\...\Winlogon: [Shell] C:\Windows\explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-20\...\Winlogon: [Shell] C:\Windows\explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-21-3298656242-1969614524-1323152709-1000\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4280184 2012-03-08] (Microsoft Corporation)
HKU\S-1-5-21-3298656242-1969614524-1323152709-1000\...\Run: [AnyDVD] => C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVD.exe [109480 2015-01-15] (SlySoft, Inc.)
HKU\S-1-5-21-3298656242-1969614524-1323152709-1000\...\Run: [Software Suite SE] => C:\Program Files (x86)\Packard Bell\Software Suite SE\SoftSuiteSE.exe [2356256 2009-09-10] (Acer Incorporated)
HKU\S-1-5-21-3298656242-1969614524-1323152709-1000\...\Run: [Spotify Web Helper] => C:\Users\Alexander Eichhorn\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-16] (Spotify Ltd)
HKU\S-1-5-21-3298656242-1969614524-1323152709-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-12-26] (Google Inc.)
HKU\S-1-5-21-3298656242-1969614524-1323152709-1000\...\Winlogon: [Shell] C:\Windows\explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-18\...\Winlogon: [Shell] C:\Windows\explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION
Startup: C:\Users\Alexander Eichhorn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TotalMedia Backup Monitor.lnk
ShortcutTarget: TotalMedia Backup Monitor.lnk -> C:\Program Files (x86)\ArcSoft\TotalMedia Backup\uBBMonitor.exe (ArcSoft, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKU\S-1-5-21-3298656242-1969614524-1323152709-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-3298656242-1969614524-1323152709-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = https://de.yahoo.com?fr=hp-avast&type=prc265
URLSearchHook: HKU\S-1-5-21-3298656242-1969614524-1323152709-1000 - (No Name) - {5786d022-540e-4699-b350-b4be0ae94b79} - No File
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-3298656242-1969614524-1323152709-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: HKLM-x32 {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: HKLM-x32 {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: HKLM-x32 {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Alexander Eichhorn\AppData\Roaming\Mozilla\Firefox\Profiles\8dhk0ogk.default
FF DefaultSearchEngine: Yahoo! (Avast)
FF SearchEngineOrder.1: Yahoo! (Avast)
FF Homepage: https://www.google.de/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @java.com/DTPlugin,version=10.13.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3298656242-1969614524-1323152709-1000: sony.com/MediaGoDetector -> C:\Program Files (x86)\Sony\Media Go\npMediaGoDetector.dll (Sony Network Entertainment International LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Users\Alexander Eichhorn\AppData\Roaming\Mozilla\Firefox\Profiles\8dhk0ogk.default\searchplugins\yahoo-avast.xml
FF Extension: Download videos and MP3s from YouTube - C:\Users\Alexander Eichhorn\AppData\Roaming\Mozilla\Firefox\Profiles\8dhk0ogk.default\Extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900} [2014-11-02]
FF Extension: Hotspot Shield  - C:\Users\Alexander Eichhorn\AppData\Roaming\Mozilla\Firefox\Profiles\8dhk0ogk.default\Extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d} [2013-08-07]
FF Extension: MEGA - C:\Users\Alexander Eichhorn\AppData\Roaming\Mozilla\Firefox\Profiles\8dhk0ogk.default\Extensions\firefox@mega.co.nz.xpi [2014-10-23]
FF Extension: ProxTube - C:\Users\Alexander Eichhorn\AppData\Roaming\Mozilla\Firefox\Profiles\8dhk0ogk.default\Extensions\ich@maltegoetz.de.xpi [2014-09-11]
FF Extension: Online Translator Toolbar - C:\Users\Alexander Eichhorn\AppData\Roaming\Mozilla\Firefox\Profiles\8dhk0ogk.default\Extensions\{BD4B37E6-7AE7-48d7-A2D7-6FF5775924AB}.xpi [2013-10-27]
FF Extension: Anti-Banner - C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak2 [2015-02-12]
FF Extension: Modul zur Link-Untersuchung - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2 [2015-02-12]
FF Extension: Hotspot Shield Extension - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afproxy@anchorfree.com [2015-02-12]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-02-12]
FF HKU\S-1-5-21-3298656242-1969614524-1323152709-1000\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-11-02]

Chrome:
=======
CHR Profile: C:\Users\Alexander Eichhorn\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Kaspersky URL Advisor) - C:\Users\Alexander Eichhorn\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2013-11-14]
CHR Extension: (avast! Online Security) - C:\Users\Alexander Eichhorn\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-01-22]
CHR Extension: (Virtual Keyboard) - C:\Users\Alexander Eichhorn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2013-11-14]
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Alexander Eichhorn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2010-04-17]
CHR Extension: (Google Wallet) - C:\Users\Alexander Eichhorn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-14]
CHR Extension: (Anti-Banner) - C:\Users\Alexander Eichhorn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2013-11-14]
CHR HKLM-x32\...\Chrome\Extension: [ihenkjeihefokohmemphikjnjbmegdik] - "C:\Program Files (x86)\Sony\Media Go\MediaGoDetector.crx" [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ABBYY.Licensing.FineReader.Professional.11.0; C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe [819976 2011-08-18] (ABBYY)
R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AHDDC2; C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe [1518504 2012-07-30] ()
R2 AVKProxy; C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2244728 2014-02-12] (G Data Software AG)
R2 AVKService; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe [914552 2013-12-19] (G Data Software AG)
R2 AVKWCtl; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe [2723400 2014-03-25] (G Data Software AG)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S3 DfSdkS; C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 2\DfSdkS64.exe [544768 2009-08-24] (mst software GmbH, Germany) [File not signed]
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1155072 2009-02-03] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2009-09-14] (Macrovision Europe Ltd.) [File not signed]
R3 GDFwSvc; C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe [2992760 2014-01-30] (G Data Software AG)
R3 GDScan; C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [700024 2014-02-03] (G Data Software AG)
R2 Greg_Service; C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe [1150496 2009-06-04] (Acer Incorporated)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [116104 2010-04-05] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 Updater Service; C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [240160 2009-07-04] (Acer)
R2 Virtual CDAudio Service; C:\Program Files (x86)\RapidSolution\Audials 9\VCDWriter\64\VCDAudioService.exe [179048 2012-08-20] (RapidSolution Software AG)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [150440 2014-12-23] (SlySoft, Inc.)
R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [150440 2014-12-23] (SlySoft, Inc.)
R3 ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [40648 2007-02-16] (SlySoft, Inc.)
R3 ElbyCDFL; C:\Windows\SysWOW64\Drivers\ElbyCDFL.sys [40648 2007-02-16] (SlySoft, Inc.)
R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [57344 2014-06-17] (G Data Software AG)
R1 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [135168 2014-06-17] (G Data Software AG)
R3 GDPkIcpt; C:\Windows\system32\drivers\PktIcpt.sys [68608 2014-06-17] (G Data Software AG)
R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd64.sys [64000 2014-06-17] (G Data Software AG)
R1 GRD; C:\Windows\system32\drivers\GRD.sys [106272 2014-06-17] (G Data Software)
R1 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [65024 2014-06-17] (G Data Software AG)
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [44744 2013-12-17] (AnchorFree Inc.)
S3 libusb0; C:\Windows\SysWOW64\drivers\libusb0.sys [33792 2005-03-09] () [File not signed]
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-15] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
S3 RRNetCap; C:\Windows\System32\DRIVERS\rrnetcap.sys [37480 2012-01-03] (RapidSolution Software AG)
R3 RRNetCapMP; C:\Windows\System32\DRIVERS\rrnetcap.sys [37480 2012-01-03] (RapidSolution Software AG)
R3 rsvcdwdr; C:\Windows\System32\DRIVERS\rsvcdwdr.sys [45160 2011-11-16] (RapidSolution Software AG)
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-06-21] (Anchorfree Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-15 22:13 - 2015-02-15 23:43 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-15 22:12 - 2015-02-15 22:12 - 00001118 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-15 22:12 - 2015-02-15 22:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-15 22:12 - 2015-02-15 22:12 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-15 22:12 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-15 22:12 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-15 22:12 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-15 22:03 - 2015-02-15 22:04 - 00000000 ____D () C:\Users\Alexander Eichhorn\AppData\Local\{B91C137C-5B9A-4BAE-9E03-50559546A0AC}
2015-02-15 21:20 - 2015-02-15 23:59 - 00000000 ____D () C:\FRST
2015-02-14 21:55 - 2015-02-15 09:56 - 00000000 ____D () C:\Users\Alexander Eichhorn\AppData\Local\{0D5C9FF2-C78C-497A-8132-5E8AAC85FA5D}
2015-02-14 09:53 - 2015-02-14 09:54 - 00000000 ____D () C:\Users\Alexander Eichhorn\AppData\Local\{A9FDCDA2-9117-447B-AD74-B7CD9B0AE617}
2015-02-12 14:37 - 2015-01-23 05:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-12 14:37 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-12 14:37 - 2015-01-23 04:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-12 14:37 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-12 09:00 - 2015-02-12 09:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-02-11 16:01 - 2015-02-04 04:16 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-11 16:01 - 2015-02-04 04:16 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-11 16:01 - 2015-02-04 04:16 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-11 16:01 - 2015-02-04 04:16 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-11 16:01 - 2015-02-04 04:16 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-11 16:01 - 2015-02-04 04:16 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-02-11 16:01 - 2015-02-04 04:13 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-11 16:01 - 2015-01-28 00:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-02-11 16:00 - 2015-01-15 09:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 16:00 - 2015-01-15 09:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-11 16:00 - 2015-01-15 09:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 16:00 - 2015-01-15 09:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-11 16:00 - 2015-01-15 09:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-11 16:00 - 2015-01-15 09:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-11 16:00 - 2015-01-15 09:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-11 16:00 - 2015-01-15 09:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-11 16:00 - 2015-01-15 09:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-11 16:00 - 2015-01-15 09:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-11 16:00 - 2015-01-15 09:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 16:00 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-11 16:00 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-11 16:00 - 2015-01-15 08:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-11 16:00 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-11 16:00 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-11 16:00 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-11 16:00 - 2015-01-15 05:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 16:00 - 2015-01-14 06:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-11 16:00 - 2015-01-14 06:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-11 16:00 - 2015-01-13 04:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 16:00 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-11 16:00 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 16:00 - 2015-01-12 04:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-11 16:00 - 2015-01-12 04:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-11 16:00 - 2015-01-12 03:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-11 16:00 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 16:00 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 16:00 - 2015-01-12 03:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-11 16:00 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-11 16:00 - 2015-01-12 03:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-11 16:00 - 2015-01-12 03:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-11 16:00 - 2015-01-12 03:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-11 16:00 - 2015-01-12 03:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-11 16:00 - 2015-01-12 03:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-11 16:00 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-11 16:00 - 2015-01-12 03:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-11 16:00 - 2015-01-12 03:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-11 16:00 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 16:00 - 2015-01-12 03:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-11 16:00 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-11 16:00 - 2015-01-12 03:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-11 16:00 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 16:00 - 2015-01-12 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-11 16:00 - 2015-01-12 03:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-11 16:00 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-11 16:00 - 2015-01-12 03:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-11 16:00 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-11 16:00 - 2015-01-12 03:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-11 16:00 - 2015-01-12 02:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-11 16:00 - 2015-01-12 02:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-11 16:00 - 2015-01-12 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-11 16:00 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 16:00 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-11 16:00 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 16:00 - 2015-01-12 02:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-11 16:00 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-11 16:00 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 16:00 - 2015-01-12 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-11 16:00 - 2015-01-12 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-11 16:00 - 2015-01-12 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-11 16:00 - 2015-01-12 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-11 16:00 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 16:00 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-11 16:00 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-11 16:00 - 2015-01-12 02:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-11 16:00 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-11 16:00 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 16:00 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-11 16:00 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-11 16:00 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-11 16:00 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-11 16:00 - 2015-01-10 07:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-11 16:00 - 2015-01-10 07:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-11 16:00 - 2015-01-10 07:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-11 16:00 - 2015-01-10 07:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-11 16:00 - 2015-01-10 07:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-11 16:00 - 2015-01-10 07:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-11 16:00 - 2015-01-10 07:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-11 16:00 - 2015-01-10 07:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-11 16:00 - 2015-01-10 07:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-11 16:00 - 2015-01-10 07:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-11 16:00 - 2015-01-10 07:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-11 16:00 - 2015-01-10 07:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-11 16:00 - 2015-01-10 07:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-11 16:00 - 2015-01-10 07:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-11 15:59 - 2014-12-12 06:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-11 15:59 - 2014-12-12 06:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-11 15:59 - 2014-11-26 04:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 15:59 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-11 15:59 - 2014-10-04 03:10 - 03722752 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-02-11 15:59 - 2014-10-04 02:42 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-02-11 15:59 - 2014-10-04 02:42 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2015-02-11 15:59 - 2014-07-07 03:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-02-11 15:59 - 2014-07-07 03:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-02-11 15:59 - 2014-07-07 02:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-02-11 15:59 - 2014-07-07 02:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-02-11 15:58 - 2015-01-14 07:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 15:58 - 2015-01-14 07:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-11 15:58 - 2015-01-14 07:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-11 15:58 - 2015-01-14 07:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-11 15:58 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-11 15:58 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-11 15:58 - 2015-01-14 06:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-11 15:58 - 2014-12-08 04:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 15:58 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-11 15:57 - 2015-01-09 03:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-11 15:32 - 2015-02-11 15:32 - 00000000 ____D () C:\Users\Alexander Eichhorn\AppData\Local\{9E5D49F6-4A07-4CBE-BEB9-E21F71B3F01F}
2015-02-10 15:23 - 2015-02-10 15:23 - 00000000 ____D () C:\Users\Alexander Eichhorn\AppData\Local\{14234D6A-1CF4-4F70-A6B3-83906894CDF3}
2015-02-09 21:36 - 2015-02-09 21:36 - 00000000 ____D () C:\Users\Alexander Eichhorn\AppData\Local\{11FB5411-E31F-4FCC-B93F-D5147BD5AAA3}
2015-02-09 09:34 - 2015-02-09 09:34 - 00000000 ____D () C:\Users\Alexander Eichhorn\AppData\Local\{89CD9EC4-8A2E-4618-9B27-D0516EACF5F3}
2015-02-08 12:16 - 2015-02-08 12:16 - 00000000 ____D () C:\Users\Alexander Eichhorn\AppData\Local\{9C784214-B25B-4F2C-995E-4A54373AE469}
2015-02-07 18:16 - 2015-02-07 18:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-02-07 13:02 - 2015-02-07 13:02 - 00000000 ____D () C:\Users\Alexander Eichhorn\AppData\Local\{032C856D-1898-40C1-9009-E0EFECEFD694}
2015-02-06 15:02 - 2015-02-06 15:06 - 00000000 ____D () C:\Users\Alexander Eichhorn\AppData\Local\{8F6D0366-48C6-482D-8937-9706B4D9C561}
2015-02-05 22:47 - 2015-02-05 22:47 - 00000000 ____D () C:\Users\Alexander Eichhorn\AppData\Local\{AB3D7286-7899-4D90-B225-26B59CCD2832}
2015-02-05 10:45 - 2015-02-05 10:45 - 00000000 ____D () C:\Users\Alexander Eichhorn\AppData\Local\{5EBDFD6F-18A8-482A-9DD8-A90D241F41AD}
2015-02-04 21:37 - 2015-02-04 21:38 - 00000000 ____D () C:\Users\Alexander Eichhorn\AppData\Local\{9D5F802B-D69F-4985-A73E-8090246570F2}
2015-02-04 00:15 - 2015-02-04 00:15 - 00000000 ____D () C:\Users\Alexander Eichhorn\AppData\Local\{9947AD80-AF19-4931-AAB4-1A75585472FB}
2015-02-03 11:40 - 2015-02-03 11:40 - 00000000 ____D () C:\Users\Alexander Eichhorn\AppData\Local\{A193216C-1FF7-4BFA-9A1C-EC7D8F7C5D18}
2015-02-02 23:39 - 2015-02-02 23:39 - 00000000 ____D () C:\Users\Alexander Eichhorn\AppData\Local\{022062F2-DB88-4F19-BBDA-A8DD888869AB}
2015-02-02 11:37 - 2015-02-02 11:38 - 00000000 ____D () C:\Users\Alexander Eichhorn\AppData\Local\{A9A22D70-18B2-4BCC-9260-AB101882BDEE}
2015-02-01 23:36 - 2015-02-01 23:36 - 00000000 ____D () C:\Users\Alexander Eichhorn\AppData\Local\{946829B9-1689-43BD-AF93-BE7837667C5E}
2015-02-01 11:34 - 2015-02-01 11:35 - 00000000 ____D () C:\Users\Alexander Eichhorn\AppData\Local\{5D1DA40A-15AC-4088-8D83-77F387268FD3}
2015-01-31 14:32 - 2015-01-31 14:32 - 00000000 ____D () C:\Users\Alexander Eichhorn\AppData\Local\{413A3006-3998-480D-9DE1-C21935396F6A}
2015-01-30 23:14 - 2015-01-30 23:14 - 00000000 ____D () C:\Users\Alexander Eichhorn\AppData\Local\{BE584937-D688-4C35-8939-4A5E3DB25570}
2015-01-30 11:12 - 2015-01-30 11:13 - 00000000 ____D () C:\Users\Alexander Eichhorn\AppData\Local\{2CBECCFD-CB85-4BC9-8C57-95E1EF5C5029}
2015-01-29 15:39 - 2015-01-29 15:40 - 00000000 ____D () C:\Users\Alexander Eichhorn\AppData\Local\{49501538-333F-4B37-8387-E93D93E14724}
2015-01-28 15:29 - 2015-01-28 15:29 - 00000000 ____D () C:\Users\Alexander Eichhorn\AppData\Local\{57AACF4E-7DF7-4319-850A-CB9BF96EFCF7}
2015-01-27 15:12 - 2015-01-27 15:12 - 00000000 ____D () C:\Users\Alexander Eichhorn\AppData\Local\{6627C8D0-8F78-479D-B6DB-21E6DEA30CB5}
2015-01-26 12:19 - 2015-01-26 12:19 - 00000000 ____D () C:\Users\Alexander Eichhorn\AppData\Local\{A20275E6-E07D-4AEB-A304-1FDA5F259517}
2015-01-25 23:14 - 2015-01-25 23:14 - 00000000 ____D () C:\Users\Alexander Eichhorn\AppData\Local\{E51057DC-8D8E-4437-B53D-381197A79359}
2015-01-25 11:13 - 2015-01-25 11:13 - 00000000 ____D () C:\Users\Alexander Eichhorn\AppData\Local\{B2751483-708C-4783-9C43-114ED98BEA11}
2015-01-24 11:39 - 2015-01-24 11:39 - 00000000 ____D () C:\Users\Alexander Eichhorn\AppData\Local\{C9A54D70-B61F-4C55-BDA2-507CB430F196}
2015-01-23 17:22 - 2015-01-23 17:22 - 00000000 ____D () C:\Users\Alexander Eichhorn\AppData\Local\{403AD24E-9751-46D8-AA44-8B4B02F72DBD}
2015-01-22 16:18 - 2015-01-22 16:18 - 00000000 ____D () C:\Users\Alexander Eichhorn\AppData\Local\{27F80215-BC04-44A6-AB42-08910907D6B5}
2015-01-21 15:44 - 2015-01-21 15:44 - 00000000 ____D () C:\Users\Alexander Eichhorn\AppData\Local\{75B7E9CD-E014-4D1A-81D5-B64C6D212EFC}
2015-01-20 20:59 - 2015-01-20 20:59 - 00000000 ____D () C:\Users\Alexander Eichhorn\AppData\Local\{4C746156-7BF9-4200-81DC-412CE0FCC396}
2015-01-19 13:13 - 2015-01-19 13:13 - 00000808 _____ () C:\Users\Public\Desktop\Speccy.lnk
2015-01-19 11:35 - 2015-01-19 11:35 - 00000000 ____D () C:\Users\Alexander Eichhorn\AppData\Local\{5B27EF62-8B3B-494B-A6A2-F15DE585C7E1}
2015-01-18 23:32 - 2015-01-18 23:32 - 00000000 ____D () C:\Users\Alexander Eichhorn\AppData\Local\{13A61933-D1C3-4D50-924A-F9F0A37E61CB}
2015-01-18 11:31 - 2015-01-18 11:31 - 00000000 ____D () C:\Users\Alexander Eichhorn\AppData\Local\{3A6A4D2F-8851-416C-9E12-A4A097EA302E}
2015-01-17 23:05 - 2015-01-17 23:06 - 00000000 ____D () C:\Users\Alexander Eichhorn\AppData\Local\{CE28046C-2C06-4040-B66F-5F5AF9C246D9}
2015-01-17 11:04 - 2015-01-17 11:04 - 00000000 ____D () C:\Users\Alexander Eichhorn\AppData\Local\{98477016-9B5F-4B28-8F12-B4DFFF63B477}

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-15 23:43 - 2010-03-06 19:52 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-15 23:29 - 2009-09-14 07:44 - 02044619 _____ () C:\Windows\WindowsUpdate.log
2015-02-15 23:27 - 2009-07-14 05:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-15 23:27 - 2009-07-14 05:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-15 23:23 - 2012-04-02 18:25 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-15 23:20 - 2010-03-09 23:58 - 00000000 ____D () C:\Users\Alexander Eichhorn\Tracing
2015-02-15 23:20 - 2010-03-06 19:52 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-15 23:19 - 2013-04-01 20:12 - 00101176 _____ () C:\Windows\setupact.log
2015-02-15 23:19 - 2009-09-14 07:50 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-15 23:19 - 2009-09-14 07:41 - 00999362 _____ () C:\Windows\PFRO.log
2015-02-15 23:19 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-15 22:12 - 2013-02-16 10:05 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-15 21:59 - 2014-12-26 01:50 - 00000000 ____D () C:\AdwCleaner
2015-02-15 21:15 - 2013-03-12 04:02 - 00003994 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{68453093-B853-42CC-B7A5-F058C5B2DE9A}
2015-02-15 20:24 - 2010-03-06 19:50 - 00000000 ____D () C:\Users\Alexander Eichhorn\AppData\Roaming\Adobe
2015-02-15 16:37 - 2013-07-01 11:29 - 00000000 ____D () C:\Users\Alexander Eichhorn\AppData\Roaming\foobar2000
2015-02-15 12:11 - 2010-03-06 19:34 - 00000000 ____D () C:\Users\Alexander Eichhorn
2015-02-15 01:39 - 2014-12-11 01:00 - 00000000 ____D () C:\Windows\rescache
2015-02-14 09:50 - 2012-07-22 11:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-13 22:05 - 2012-04-04 17:03 - 00000000 ____D () C:\Users\Alexander Eichhorn\AppData\Roaming\Spotify
2015-02-13 21:49 - 2012-04-04 17:04 - 00000000 ____D () C:\Users\Alexander Eichhorn\AppData\Local\Spotify
2015-02-13 13:53 - 2014-11-03 22:37 - 00000000 ____D () C:\Users\Alexander Eichhorn\AppData\Roaming\xrecode2
2015-02-11 19:11 - 2009-07-14 05:45 - 00572096 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-11 19:07 - 2014-12-10 21:41 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-11 19:07 - 2014-05-06 19:40 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-11 17:47 - 2009-09-04 02:46 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-11 17:47 - 2009-07-14 03:34 - 00000478 _____ () C:\Windows\win.ini
2015-02-11 17:38 - 2013-08-14 00:36 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-11 17:31 - 2010-10-16 11:26 - 00000000 ____D () C:\Users\Alexander Eichhorn\AppData\Roaming\AccurateRip
2015-02-11 17:11 - 2010-05-08 10:36 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-07 19:50 - 2009-09-13 17:28 - 02924358 _____ () C:\Windows\system32\perfh007.dat
2015-02-07 19:50 - 2009-09-13 17:28 - 00840826 _____ () C:\Windows\system32\perfc007.dat
2015-02-07 19:50 - 2009-07-14 06:13 - 00006264 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-05 03:07 - 2012-04-02 18:25 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-05 03:07 - 2012-04-02 18:25 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-05 03:07 - 2011-05-13 18:43 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-04 21:38 - 2010-03-06 19:52 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-04 21:38 - 2010-03-06 19:52 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-04 10:07 - 2014-06-15 12:05 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-02-04 09:10 - 2013-11-23 20:51 - 00000000 ____D () C:\Users\Alexander Eichhorn_2
2015-02-04 09:09 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2015-02-04 00:44 - 2014-06-15 12:05 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-02-04 00:44 - 2014-01-15 05:39 - 00001705 _____ () C:\Windows\wininit.ini
2015-02-01 22:00 - 2011-01-01 20:59 - 00000000 ____D () C:\Users\Alexander Eichhorn\AppData\Local\Thunderbird
2015-02-01 06:39 - 2011-09-13 15:34 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2015-01-24 19:02 - 2013-10-26 21:34 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-24 19:01 - 2014-10-20 19:11 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2015-01-24 19:01 - 2014-10-20 19:11 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2015-01-24 19:01 - 2014-10-20 19:11 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2015-01-24 19:01 - 2014-10-20 19:11 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-01-24 19:01 - 2014-10-20 19:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-01-24 19:00 - 2010-03-27 16:49 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-19 13:13 - 2014-05-29 14:50 - 00000000 ____D () C:\Program Files\Speccy
2015-01-18 11:39 - 2010-03-21 21:26 - 00001117 _____ () C:\Users\Public\Desktop\AnyDVD.lnk

==================== Files in the root of some directories =======

2009-09-03 15:12 - 2008-06-11 16:12 - 0776614 _____ () C:\Program Files (x86)\Common Files\packardbell.ico
2013-10-18 18:47 - 2013-10-19 21:02 - 0000000 _____ () C:\Users\Alexander Eichhorn\AppData\Roaming\bitlord_log.txt
2014-06-17 17:48 - 2014-06-17 17:48 - 0000000 _____ () C:\Users\Alexander Eichhorn\AppData\Roaming\gdfw.log
2014-06-17 17:48 - 2014-06-17 19:11 - 0001558 _____ () C:\Users\Alexander Eichhorn\AppData\Roaming\gdscan.log
2011-02-22 23:25 - 2011-02-22 23:25 - 0033134 _____ () C:\Users\Alexander Eichhorn\AppData\Roaming\UserTile.png
2010-03-27 16:06 - 2014-01-05 20:53 - 0002418 _____ () C:\Users\Alexander Eichhorn\AppData\Roaming\wklnhst.dat
2012-08-16 13:37 - 2012-08-16 13:37 - 0000036 _____ () C:\Users\Alexander Eichhorn\AppData\Local\housecall.guid.cache
2013-10-18 21:12 - 2013-10-18 21:12 - 0000218 _____ () C:\Users\Alexander Eichhorn\AppData\Local\recently-used.xbel
2012-10-07 23:16 - 2012-10-07 23:16 - 0007605 _____ () C:\Users\Alexander Eichhorn\AppData\Local\Resmon.ResmonCfg
2013-02-15 16:31 - 2013-02-15 16:31 - 0017408 _____ () C:\Users\Alexander Eichhorn\AppData\Local\WebpageIcons.db
2011-05-08 16:37 - 2011-05-08 16:37 - 0000000 _____ () C:\Users\Alexander Eichhorn\AppData\Local\{0E5A9BF8-7C24-4F97-9CE1-B020448403CF}
2011-05-07 17:32 - 2011-05-07 17:32 - 0000000 _____ () C:\Users\Alexander Eichhorn\AppData\Local\{1F1EC240-E24E-4B8C-A399-E4818BB2BB50}
2011-05-08 14:24 - 2011-05-08 14:24 - 0000000 _____ () C:\Users\Alexander Eichhorn\AppData\Local\{646740F9-8542-4F26-918C-E2C7EA351FD3}
2011-05-05 16:44 - 2011-05-05 16:44 - 0000000 _____ () C:\Users\Alexander Eichhorn\AppData\Local\{779A6701-2396-4A40-B0CD-979470CE972B}
2011-05-31 14:54 - 2011-05-31 14:54 - 0000000 _____ () C:\Users\Alexander Eichhorn\AppData\Local\{98225FA2-340B-4028-863E-FFBD748DDE4D}
2011-05-09 22:24 - 2011-05-09 22:24 - 0000000 _____ () C:\Users\Alexander Eichhorn\AppData\Local\{F46FEBB3-11BA-4B3B-8D2C-D1D6D414DA38}
2010-03-21 21:28 - 2012-10-03 12:13 - 0000166 ___SH () C:\ProgramData\.zreglib
2009-09-03 15:13 - 2009-07-18 02:57 - 0036136 _____ (Oberon Media) C:\ProgramData\FullRemove.exe

Some content of TEMP:
====================
C:\Users\Alexander Eichhorn\AppData\Local\Temp\Quarantine.exe
C:\Users\Alexander Eichhorn\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-13 09:02

==================== End Of Log ========================
--- --- ---

--- --- ---

--- --- ---

Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-02-2015
Ran by Alexander Eichhorn at 2015-02-16 00:01:35
Running from C:\Users\Alexander Eichhorn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DAWSY6BA
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: G Data InternetSecurity CBE (Enabled - Up to date) {545C8713-0744-B079-87F8-349A6D5C8CF0}
AS: G Data InternetSecurity CBE (Enabled - Up to date) {EF3D66F7-217E-BFF7-BD48-0FE816DBC64D}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: G Data Personal Firewall (Enabled) {6C670636-4D2B-B121-ACA7-9DAF938FCB8B}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
ABBYY FineReader 11 (HKLM-x32\...\{F1100000-0008-0000-0001-074957833700}) (Version: 11.0.289 - ABBYY)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Photoshop Elements 7.0 (HKLM-x32\...\Adobe Photoshop Elements 7) (Version: 7.0.1 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Advertising Center (x32 Version: 0.0.0.1 - Nero AG) Hidden
Alice Greenfingers (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}) (Version:  - Oberon Media)
Amazonia (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}) (Version:  - Oberon Media)
AnyDVD (HKLM-x32\...\AnyDVD) (Version: 7.5.7.0 - SlySoft)
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft PhotoStudio 5.5 (HKLM-x32\...\{85309D89-7BE9-4094-BB17-24999C6118FC}) (Version:  - ArcSoft)
ArcSoft TotalMedia Backup (HKLM-x32\...\{3D69628B-4DE8-43C7-9A22-F90F5B870C08}) (Version: 1.5.21.3 - ArcSoft)
Ashampoo HDD Control 2 v.2.1.0 (HKLM-x32\...\{4209F371-A431-385E-2D7E-ACDA5DA3BA0B}_is1) (Version: 2.1.0 - Ashampoo GmbH & Co. KG)
Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
Audials (HKLM-x32\...\{73ABAA0E-70F0-4048-AD43-A5F5A13A198D}) (Version: 9.1.31900.0 - Audials AG)
Bild-Steuer 2009 (HKLM-x32\...\{D21ADE43-3AC8-4942-82BC-9C1D6063F046}) (Version: 14.02.0000 - Akademische Arbeitsgemeinschaft Verlag)
BILD-Steuer 2010 (HKLM-x32\...\{E7D293C9-732D-4E22-905D-2615FED321A4}) (Version: 15.12 - Akademische Arbeitsgemeinschaft Verlag)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version:  - )
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version:  - )
Canon MP Navigator EX 4.0 (HKLM-x32\...\MP Navigator EX 4.0) (Version:  - )
Canon MP280 series Benutzerregistrierung (HKLM-x32\...\Canon MP280 series Benutzerregistrierung) (Version:  - )
Canon MP280 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP280_series) (Version:  - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version:  - )
Canon Utilities Easy-PhotoPrint (HKLM-x32\...\Easy-PhotoPrint) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform)
CDCheck (HKLM-x32\...\CDCheck) (Version:  - )
Chicken Invaders 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}) (Version:  - Oberon Media)
CloneCD (HKLM-x32\...\CloneCD) (Version:  - SlySoft)
CloneDVD2OEM (HKLM-x32\...\CloneDVD2OEM) (Version:  - Elaborate Bytes)
Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CrystalDiskInfo 6.1.12 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 6.1.12 - Crystal Dew World)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dairy Dash (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}) (Version:  - Oberon Media)
Dream Day First Home (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}) (Version:  - Oberon Media)
DVD Shrink 3.2 deutsch (DeCSS-frei) (HKLM-x32\...\DVD Shrink DE_is1) (Version:  - DVD Shrink)
eBay Worldwide (HKLM-x32\...\{AAF89271-2594-468D-B578-96B2E30C41C4}) (Version: 2.1.0703 - OEM)
Exact Audio Copy 0.99pb5 (HKLM-x32\...\Exact Audio Copy) (Version: 0.99pb5 - Andre Wiethoff)
Farm Frenzy 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}) (Version:  - Oberon Media)
Feedback Tool (HKLM-x32\...\{13A5E785-5197-4EAD-8EE3-D660271E49BC}) (Version: 1.2.0 - Microsoft Corporation)
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{3E6F0CAD-EE38-42A5-9EEA-AE17A55BF2D4}) (Version: 2.1.23.0 - MAGIX AG)
foobar2000 v1.2.8 (HKLM-x32\...\foobar2000) (Version: 1.2.8 - Peter Pawlowski)
Free Audio Converter version 5.0.52.1111 (HKLM-x32\...\Free Audio Converter_is1) (Version: 5.0.52.1111 - DVDVideoSoft Ltd.)
Free DVD Video Burner version 3.0.2 (HKLM-x32\...\Free DVD Video Burner_is1) (Version:  - DVDVideoSoft Limited.)
Free Studio version 2014 (HKLM-x32\...\Free Studio_is1) (Version: 6.4.0.1022 - DVDVideoSoft Ltd.)
Free YouTube to DVD Converter version 2.7.26.426 (HKLM-x32\...\Free YouTube to DVD Converter_is1) (Version:  - DVDVideoSoft Limited.)
G Data InternetSecurity CBE (HKLM-x32\...\{85203592-3610-4FB9-AA11-15B2255B5A12}) (Version: 25.0.1.2 - G Data Software AG)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)
Google Earth (HKLM-x32\...\{2EAF7E61-068E-11DF-953C-005056806466}) (Version: 5.1.7938.4346 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Granny In Paradise (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}) (Version:  - Oberon Media)
Heroes of Hellas (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}) (Version:  - Oberon Media)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3001 - Packard Bell)
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
iTunes (HKLM\...\{427174C0-096E-40D9-9684-9C109BEE2CBF}) (Version: 11.0.5.5 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
MAGIX Foto Manager 8 (HKLM-x32\...\MAGIX Foto Manager 8 D) (Version: 6.0.1.499 - MAGIX AG)
MAGIX Fotobuch 3.6 (HKLM-x32\...\MAGIX Fotobuch) (Version: 3.6 - MAGIX AG)
MAGIX Media Suite (HKLM-x32\...\MAGIX Media Suite D) (Version: 1.13.0.112 - MAGIX AG)
MAGIX Online Druck Service (HKLM-x32\...\MAGIX Online Druck Service D) (Version: 3.4.3.0 - MAGIX AG)
MAGIX Ringtone Maker SE (HKLM-x32\...\MAGIX Ringtone Maker SE D) (Version: 3.1.0.5 - MAGIX AG)
MAGIX Speed 2 (MSI) (HKLM-x32\...\{FF34AF1C-705B-424A-A850-1A1F61D6EB71}) (Version: 6.0.1.4 - MAGIX AG)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Media Go (HKLM-x32\...\{AF06B8FA-B916-4001-AE51-6645488DEF09}) (Version: 2.8.303 - Sony)
Media Go Network Downloader (HKLM-x32\...\{5562F05F-908C-4F15-9B3C-98D5FD32DCAB}) (Version: 1.5.19.0 - Sony)
Media Go Video Playback Engine 2.12.103.06300 (HKLM-x32\...\{CB7048B4-5D1F-E24E-41FC-2AB7AAFE6597}) (Version: 2.12.103.06300 - Sony)
Merriam Websters Spell Jam (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}) (Version:  - Oberon Media)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Metaboli (HKLM-x32\...\Metaboli) (Version: 1.00.0006 - Packard Bell)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}) (Version:  - Microsoft)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Language Pack 2007 - German/Deutsch (HKLM-x32\...\OMUI.de-de) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0407-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM-x32\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{62F7DA7E-CCCB-439C-A760-00C3926E761F}) (Version: 9.7.0621 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{A336F8B0-7ADD-48E8-98A2-296040C1EC3F}) (Version: 3.1.3.0 - Apple Inc.)
Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 31.4.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.4.0 (x86 de)) (Version: 31.4.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
mufin player (HKLM-x32\...\mufin player D) (Version: 1.0.0.98 - MAGIX AG)
Musicport Download Manager (HKLM-x32\...\Musicport Download Manager) (Version: 1.00 - Materna Information & Communications GmbH)
MyTube HD 4.0 (HKLM-x32\...\{979FCA90-1FA4-482F-0001-393419DB8F1B}) (Version: 4.0.10.0406 - S.A.D.)
Nur Entfernen der CopyTrans Suite möglich (HKU\S-1-5-21-3298656242-1969614524-1323152709-1000\...\CopyTrans Suite) (Version: 2.37 - WindSolutions)
NVIDIA 3D Vision Treiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5896 - NVIDIA Corporation)
NVIDIA Grafiktreiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{B83FC356-B7C0-441F-8A4D-D71E088E7974}) (Version: 9.09.0428 - NVIDIA Corporation)
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
NWZ-E380 WALKMAN Guide (HKLM-x32\...\{D98ED583-338D-4425-B2EF-A4C7FB93CE88}) (Version: 2.2.0.05230 - Sony Corporation)
Packard Bell GameZone Console (HKLM-x32\...\{9242564e-02e9-4ea8-9d2d-351f6f728e1c}_is1) (Version: 5.1.2.3 - Oberon Media, Inc.)
Packard Bell InfoCentre (HKLM-x32\...\Packard Bell InfoCentre) (Version: 3.02.3000 - Packard Bell)
Packard Bell Photo Frame 4.2.3.10 (HKLM-x32\...\Packard Bell Photo Frame) (Version: 4.2.3.10 - I/O Interconnect)
Packard Bell Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3003 - Packard Bell)
Packard Bell Registration (HKLM-x32\...\Packard Bell Registration) (Version: 1.02.3005 - Packard Bell)
Packard Bell ScreenSaver (HKLM-x32\...\Packard Bell Screensaver) (Version: 1.1.0812 - Packard Bell Incorporated)
Packard Bell Software Suite SE (HKLM-x32\...\Packard Bell Software Suite SE) (Version: 2.01.5000 - Packard Bell)
PixiePack Codec Pack (HKLM-x32\...\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}) (Version: 1.1.1200.0 - None)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayStation(R)Store (HKLM-x32\...\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}) (Version: 4.18.0.15698 - Sony Computer Entertainment Inc.)
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
qBittorrent 3.1.9.2 (HKLM-x32\...\qbittorrent) (Version: 3.1.9.2 - The qBittorrent project)
QuickTime (HKLM-x32\...\{C9E14402-3631-4182-B377-6B0DFB1C0339}) (Version: 7.70.80.34 - Apple Inc.)
Radiotracker (HKLM-x32\...\{A8BB05BC-2C4A-4178-A819-64B8F5392960}) (Version: 6.2.13700.0 - RapidSolution Software AG)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5859 - Realtek Semiconductor Corp.)
ScanSoft OmniPage SE 4.0 (HKLM-x32\...\{C1E693A4-B1D5-4DCD-B68D-2087835B7184}) (Version: 15.00.0020 - Nuance Communications, Inc.)
Serif DrawPlus X2 (HKLM-x32\...\{3A438F62-00EE-4422-906B-6D9E107FC33F}) (Version: 9.0.4.024 - Serif (Europe) Ltd)
Serif PhotoPlus X2 (HKLM-x32\...\{9DCFC564-606E-424F-8A1C-56DD14908AF6}) (Version: 12.0.2.011 - Serif (Europe) Ltd)
Serif WebPlus X2 (HKLM-x32\...\{8829E394-87E1-41C0-BCED-9B47F7C6DCDD}) (Version: 11.0.5.029 - Serif (Europe) Ltd)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
simfy (HKLM-x32\...\Simfy) (Version: 1.7.7 - simfy AG)
simfy (x32 Version: 1.7.7 - simfy AG) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Speccy (HKLM\...\Speccy) (Version: 1.27 - Piriform)
Spotify (HKU\S-1-5-21-3298656242-1969614524-1323152709-1000\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
Star Defender 4 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114803710}) (Version:  - Oberon Media)
Steuer-Spar-Erklärung 2010 (HKLM-x32\...\{D8E1DFEE-622B-46BA-AEFF-AB7E541C0B21}) (Version: 15.11 - Akademische Arbeitsgemeinschaft Verlag)
Steuer-Spar-Erklärung 2011 (HKLM-x32\...\{9F5FD796-86F0-4360-85F8-D54C0F5411EB}) (Version: 16.14 - Akademische Arbeitsgemeinschaft Verlag)
Steuer-Spar-Erklärung 2012 (HKLM-x32\...\{CCD2BAD2-0919-40CB-80CC-E9538B0E4C2E}) (Version: 17.11 - Wolters Kluwer Deutschland GmbH)
Testbuch Bewerbung (HKLM-x32\...\TBBewerbung) (Version:  - )
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Welcome Center (HKLM-x32\...\Packard Bell Welcome Center) (Version: 1.00.3005 - Packard Bell)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{ED636101-1959-4360-8BF7-209436E7DEE4}) (Version: 14.0.8064.206 - Microsoft Corporation)
XRECODE (HKLM-x32\...\XRECODE_is1) (Version:  - )
xrecode II 1.0.0.217 (HKLM-x32\...\{AFE83615-88BE-47F6-B3E4-A3FEF8B7B57F}_is1) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3298656242-1969614524-1323152709-1000_Classes\CLSID\{D135BF7C-49E3-38F0-5254-DEE4D5DE9D72}\InprocServer32 -> C:\Windows\system32\ole32.dll (Microsoft Corporation)

==================== Restore Points  =========================

12-02-2015 17:00:45 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {01F90B8D-576F-4A7B-BEC4-765289824C5F} - System32\Tasks\{F24128E2-C7B2-4434-B485-9B624692FED9} => pcalua.exe -a "C:\Users\Alexander Eichhorn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PN3WN3EJ\mp3gain-win-full-1_3_4.exe" -d "C:\Users\Alexander Eichhorn\Desktop"
Task: {028E5131-0EE2-4971-9541-967C858881AF} - System32\Tasks\{86940D6A-4621-4E68-97AF-030B12E71F41} => pcalua.exe -a "C:\Users\Alexander Eichhorn\AppData\Roaming\uTorrent\uTorrent.exe" -c /UNINSTALL
Task: {13FA4474-8A23-40CB-8651-44FD078ED438} - System32\Tasks\{F1292691-8B2D-4D85-AF41-1A4AAC09851E} => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
Task: {202C443E-5258-4697-847C-7E13485C37DC} - System32\Tasks\{6257A2AC-B9E1-4893-B9C9-BE78B64E7FD8} => C:\Program Files (x86)\Winows Media Player Kopie von Programme\Windows Media Player\wmplayer.exe [2013-05-10] (Microsoft Corporation)
Task: {25FD140D-3E56-45C9-B73D-F78B3B936418} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.)
Task: {33618C29-3F6F-4AB6-8AE3-860E1E5E7CED} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-03-18] (Piriform Ltd)
Task: {3E5DEF62-0354-4ECC-814E-BCBD48F9D6AB} - System32\Tasks\{8D7184F4-B040-4158-B678-213954422F0A} => pcalua.exe -a D:\Downloads\burrrn_package113.exe -d D:\Downloads
Task: {3F988507-7B81-4D17-864C-76EAF1582719} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3298656242-1969614524-1323152709-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {40523C57-6098-4D79-A024-1BE93E3247BB} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3298656242-1969614524-1323152709-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {4937911E-FCAE-4A3C-B700-AC3655AF9DAC} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {5715C236-0B67-4E54-9652-070F01AAE3CA} - System32\Tasks\{BBDABD81-AC40-48FF-AB91-6498F96D79D2} => pcalua.exe -a "C:\Users\Alexander Eichhorn\Downloads\CDCheckSetup.exe" -d "C:\Users\Alexander Eichhorn\Desktop"
Task: {64C05FD9-D8B1-4C2B-AC77-023160C29236} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {664EB99C-A83D-45F9-A574-177A1300C058} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3298656242-1969614524-1323152709-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {6A668C71-F664-46D7-9EAA-4BE38236787B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.)
Task: {79093F7A-3D59-4B8F-B735-99190EB812D6} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {80CF652B-F2F0-4ECA-9388-BC91FD852D03} - System32\Tasks\{C01A3A3E-B44A-4CB1-BF05-96189C9022B6} => pcalua.exe -a "C:\Users\Alexander Eichhorn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N9VJD3L6\Top100.exe" -d "C:\Users\Alexander Eichhorn\Desktop"
Task: {8817ACB7-B134-4647-B842-B94C390C79BB} - System32\Tasks\{D72005AE-A84B-48F8-99EE-E99EA7E1FCCF} => pcalua.exe -a "C:\Users\Alexander Eichhorn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EN8KAZUA\MusicboxDownloadAssistent[1].exe" -d "C:\Users\Alexander Eichhorn\Desktop"
Task: {B17937D2-07F6-46BB-B3C3-A15F723E113F} - System32\Tasks\{2E764492-9448-4869-A4C2-EF556A847F16} => pcalua.exe -a C:\PROGRA~2\SearchProtect\Main\bin\uninstall.exe -c /S <==== ATTENTION
Task: {C315FAE8-273B-44A5-981E-C2FE08CD7BB2} - System32\Tasks\{29A2FD21-37F3-40A9-B2CF-89275B93E199} => C:\Program Files (x86)\iTunes\iTunes.exe [2013-08-16] (Apple Inc.)
Task: {D20EDF1C-FC49-4264-A828-24322CBDE610} - System32\Tasks\{4298404B-4FEC-44C3-9320-638EDB523BC9} => pcalua.exe -a "C:\Users\Alexander Eichhorn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y5C6AJ40\uninstall_flash_player[1].exe" -d "C:\Users\Alexander Eichhorn\Desktop"
Task: {DA24A9A6-159B-4AF4-A5BB-5409B66BE97E} - System32\Tasks\{E5F12228-B2A5-457B-BD61-CC4A7A76F068} => pcalua.exe -a "C:\Users\Alexander Eichhorn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CFFJ1GVG\CDCheckSetup.exe" -d "C:\Users\Alexander Eichhorn\Desktop"
Task: {DC9ED250-7EED-43C6-AD3B-6977C9C2A82B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {E4A8EDE1-4DDD-4C26-ACCA-8A43FE331786} - System32\Tasks\{C863FF54-6432-469B-900E-8DAB516E2D56} => pcalua.exe -a "c:\program files (x86)\real\realplayer\Update\r1puninst.exe" -c RealNetworks|RealPlayer|17.0
Task: {E7E3F37E-D9C8-4E51-A6DD-DDEF58DE7313} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3298656242-1969614524-1323152709-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {F2BD5927-037E-404A-BF4A-A2E47D24C095} - System32\Tasks\ffdshow manager => Sc.exe start ffdshow manager
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2012-11-18 17:10 - 2013-01-18 16:00 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-12-13 17:14 - 2012-07-30 10:48 - 01518504 _____ () C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe
2011-09-13 15:41 - 2010-04-05 20:55 - 00116104 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2013-12-19 03:42 - 2013-12-19 03:42 - 00350840 ____N () C:\Program Files (x86)\Common Files\G Data\AVKProxy\PktIcpt2x64.dll
2014-09-30 01:51 - 2014-09-30 01:51 - 00074664 _____ () C:\Program Files (x86)\SlySoft\AnyDVD\ADvdDiscHlp64.exe
2014-10-11 12:06 - 2011-06-24 21:56 - 00087328 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 12:05 - 2011-06-24 21:56 - 01241888 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2008-06-05 01:01 - 2008-06-05 01:01 - 00344064 _____ () C:\Program Files (x86)\Packard Bell\Software Suite SE\sqlite3.dll
2009-06-13 00:37 - 2009-06-13 00:37 - 00032768 _____ () C:\Program Files (x86)\Packard Bell Photo Frame\IOIUSBLib.dll
2009-06-13 00:37 - 2009-06-13 00:37 - 00025088 _____ () C:\Program Files (x86)\Packard Bell Photo Frame\IOIHIDLib.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:0B9176C0
AlternateDataStreams: C:\ProgramData\TEMP:1D32EC29
AlternateDataStreams: C:\ProgramData\TEMP:4CF61E54
AlternateDataStreams: C:\ProgramData\TEMP:4D066AD2
AlternateDataStreams: C:\ProgramData\TEMP:5D7E5A8F
AlternateDataStreams: C:\ProgramData\TEMP:93DE1838
AlternateDataStreams: C:\ProgramData\TEMP:AB689DEA
AlternateDataStreams: C:\ProgramData\TEMP:ABE89FFE
AlternateDataStreams: C:\ProgramData\TEMP:CB0AACC9
AlternateDataStreams: C:\ProgramData\TEMP:E1F04E8D
AlternateDataStreams: C:\ProgramData\TEMP:E3C56885

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3298656242-1969614524-1323152709-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Alexander Eichhorn\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-3298656242-1969614524-1323152709-500 - Administrator - Disabled)
Alexander Eichhorn (S-1-5-21-3298656242-1969614524-1323152709-1000 - Administrator - Enabled) => C:\Users\Alexander Eichhorn
Alexander Eichhorn_2 (S-1-5-21-3298656242-1969614524-1323152709-1003 - Limited - Enabled) => C:\Users\Alexander Eichhorn_2
fbwuser (S-1-5-21-3298656242-1969614524-1323152709-1002 - Limited - Disabled) => C:\Users\fbwuser
Gast (S-1-5-21-3298656242-1969614524-1323152709-501 - Limited - Disabled)
UpdatusUser (S-1-5-21-3298656242-1969614524-1323152709-1001 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/15/2015 11:18:27 PM) (Source: AHDDC2_Service.exe) (EventID: 0) (User: )
Description: Cannot terminate an externally created thread

Error: (02/15/2015 07:49:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: AVKProxy.exe, Version: 1.5.14043.574, Zeitstempel: 0x52fb3224
Name des fehlerhaften Moduls: avkhttp.dll, Version: 25.0.14079.176, Zeitstempel: 0x532a4adc
Ausnahmecode: 0xc0000417
Fehleroffset: 0x0008cf92
ID des fehlerhaften Prozesses: 0x5f0
Startzeit der fehlerhaften Anwendung: 0xAVKProxy.exe0
Pfad der fehlerhaften Anwendung: AVKProxy.exe1
Pfad des fehlerhaften Moduls: AVKProxy.exe2
Berichtskennung: AVKProxy.exe3

Error: (02/15/2015 01:10:54 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (02/15/2015 01:10:54 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (02/15/2015 01:10:54 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (02/15/2015 01:10:54 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (02/14/2015 04:42:12 PM) (Source: AHDDC2_Service.exe) (EventID: 0) (User: )
Description: Cannot terminate an externally created thread

Error: (02/14/2015 03:26:40 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (02/14/2015 03:26:40 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (02/14/2015 03:26:40 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".


System errors:
=============
Error: (02/15/2015 11:21:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069

Error: (02/15/2015 11:21:50 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (02/15/2015 11:19:46 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem Fehler beendet:
%%-2147014847

Error: (02/15/2015 10:04:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069

Error: (02/15/2015 10:04:05 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (02/15/2015 10:02:01 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem Fehler beendet:
%%-2147014847

Error: (02/15/2015 10:00:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Apple Mobile Device" wurde aufgrund folgenden Fehlers nicht gestartet:
%%109

Error: (02/15/2015 10:00:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Druckwarteschlange" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069

Error: (02/15/2015 10:00:17 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "Spooler" konnte sich nicht als "NT AUTHORITY\SYSTEM" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%50

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (02/15/2015 09:59:24 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Adobe Active File Monitor V7" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


Microsoft Office Sessions:
=========================
Error: (02/15/2015 11:18:27 PM) (Source: AHDDC2_Service.exe) (EventID: 0) (User: )
Description: Cannot terminate an externally created thread

Error: (02/15/2015 07:49:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: AVKProxy.exe1.5.14043.57452fb3224avkhttp.dll25.0.14079.176532a4adcc00004170008cf925f001d04882e59b2de0C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exeC:\Program Files (x86)\Common Files\G Data\AVKProxy\avkhttp.dll5199d34c-b543-11e4-8ae9-00016c6d5d91

Error: (02/15/2015 01:10:54 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe

Error: (02/15/2015 01:10:54 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksss.exe

Error: (02/15/2015 01:10:54 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksCal.exe

Error: (02/15/2015 01:10:54 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksdb.exe

Error: (02/14/2015 04:42:12 PM) (Source: AHDDC2_Service.exe) (EventID: 0) (User: )
Description: Cannot terminate an externally created thread

Error: (02/14/2015 03:26:40 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe

Error: (02/14/2015 03:26:40 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksss.exe

Error: (02/14/2015 03:26:40 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksCal.exe


CodeIntegrity Errors:
===================================
  Date: 2013-11-23 15:09:45.556
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\gdi32.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5 CPU 750 @ 2.67GHz
Percentage of memory in use: 54%
Total physical RAM: 3063.11 MB
Available physical RAM: 1393.01 MB
Total Pagefile: 6124.41 MB
Available Pagefile: 3610.41 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (Packard Bell) (Fixed) (Total:457.95 GB) (Free:10.44 GB) NTFS
Drive d: (DATA) (Fixed) (Total:458.46 GB) (Free:3.97 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 3C83586A)
Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=458 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=458.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================

deeprybka 16.02.2015 18:30
Hi,
bitte das richtige MBAM-Log posten.

http://deeprybka.trojaner-board.de/m...mbamlogdeu.png

Anton8 16.02.2015 20:19
Das würde ich gerne machen, aber es wird nichts angezeigt. Ich bin wie oben gezeigt vorgegangen, aber wenn ich auf Ansicht klicke kommt da nichts.

deeprybka 16.02.2015 20:25
Wiederhole den Scan bitte.

Anton8 16.02.2015 22:19
So, der Suchlauf läuft ...

Jetzt ist es beendet, hoffentlich kann ich es hier anzeigen ... .

Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 16.02.2015
Suchlauf-Zeit: 20:54:02
Logdatei: Suchlauf Protokoll.txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2015.02.16.08
Rootkit Datenbank: v2015.02.03.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: XXX

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 524649
Verstrichene Zeit: 1 Std, 27 Min, 33 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 0
(Keine schädliche Elemente erkannt)

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 0
(Keine schädliche Elemente erkannt)

Dateien: 0
(Keine schädliche Elemente erkannt)

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)

deeprybka 16.02.2015 22:35
:daumenhoc

Schritt 1

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Anton8 16.02.2015 23:01
Initialisierung läuft ... .

Oje, habe vergessen zwei externe Festplatten anzuschließen. Habe ich eben nachgeholt. Besitze allerdings noch mehr Speichermedien (USB Sticks, Festplatten).

deeprybka 16.02.2015 23:01
Nur Platten anschließen, welche relevant sind und Du wirklich wissen willst ob die sauber sind. Der Scan dauert nämlich sehr lange! :)

Anton8 16.02.2015 23:08
Die zwei sind relevant, darauf sind nämlich meine gesamten Musikbestände (Ordner) inkl. Bookletscans. Ich habe die allerdings angeschlossen als der Scanfortschritt schon bei 34% war. Es ist eine 2TB und eine 1TB Festplatte. Eine weitere (nicht angeschlossene) 2TB Festplatte enthält eine Komplettsicherung (Image). Die sollte ich wohl demnächst löschen? Möchte sie allerdings für eine erneute Sicherung, nachdem der PC wieder sauber ist, dann verwenden.

deeprybka 16.02.2015 23:10
OK.

Anton8 16.02.2015 23:21
Der Scanvorgang ist jetzt bei 38%, das dauert bestimmt die ganze Nacht... .


Alle Zeitangaben in WEZ +1. Es ist jetzt 18:10 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131